Search Results for “Matt Day”


April 2, 2020
Romain Dillet / TechCrunch

Romain Dillet / TechCrunch  
Zoom CEO Apologizes for Security and Privacy Glitches, Says Company Will Implement 90-Day Feature Freeze and Work with Third-Party Experts to Produce Transparency Report

Wildly popular videoconferencing app Zoom has been battered with a series of privacy and security controversies since its meteoric rise during the COVID-19 crisis even as the company has quickly signed up 200 million new users. In the wake of these controversies, CEO Eric S. Yuan has written a lengthy blog post to address some of the concerns around Zoom. In particular, Yuan said that Zoom is enacting a 90-day feature freeze during which the company won’t ship any new feature until it is done fixing the current feature set. Zoom will also work with third-party experts and prepare a transparency report. Yuan apologized for the glitches saying that “We did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home.”

Related: Forbes, CNET, Neowin, BusinessLine – Home, iPhone Hacks, Engadget, The Verge, Business Insider, TechJuice, HOTforSecurity, Computer Business Review, GeekWire, Reuters: Top News, PhoneArena, Android Authority, ZDNet Security, ExtremeTech, MobileSyrup.com, WCCFtech, Trusted Reviews, TechNadu, RTE, E-Commerce Times, GBHackers On Security, 9to5Mac, Digital Trends, Telecomlive.com, Android Central , iMore, Windows Central ,South China Morning Post, Big News Network, Thomas Brewster – Forbes, Android Authority, Graham Cluley, Telecompaper Headlines, MobileSyrup.com, The Financial Express, Security AffairsUbergizmo, ET news, Fast Company, USA Today, SlashGear » security, City A.M. – Technology, The State of Security, TechWorm, The Hill, CBSNews.com, The Next Web, E Hacking News, BBC News, Digital Trends, BetaNews, The Verge, Tom’s Guide News, Zoom

Tweets:@josephfcox @TheHackersNews @runasand @ashk4n

Forbes : Zoom Just Made These Powerful COVID-19 Security And Privacy Moves Following Outcry
CNET: Zoom boss says it’ll freeze feature updates to address security issues
Neowin: Zoom to fix security and privacy issues in 90-day feature freeze
BusinessLine – Home: Zoom announces 90-day freeze on feature updates to focus on privacy and security
iPhone Hacks: Zoom Announces 90 Days Feature Freeze, Will Work on Improving the Security Of Its Platform
Engadget: Zoom vows to win back user trust with extensive security review
The Verge: What Zoom doesn’t understand about the Zoom backlash
Business Insider: Zoom’s CEO apologizes for its many security issues as daily users balloon to 200 million
TechJuice: ‘Zoombombing’ is becoming an issue amid rising popularity due to coronavirus
HOTforSecurity: Zoom-bombing: FBI warns of rise in teleconference hijacking amid stay-at-home order
Computer Business Review: Zoom Security Storm: Company Apologises, Hackers Squabble
GeekWire: Zoom Security Storm: Company Apologises, Hackers Squabble
Reuters: Zoom pulls in more than 200 million daily video users during worldwide lockdowns
PhoneArena: SpaceX employees forbidden from using the Zoom app over privacy concerns
Android Authority: Zoom won’t add new features for 90 days as it tackles privacy, security woes
ZDNet Security: Zoom: We’re freezing all new features to sort out security and privacy
TechCrunch: Zoom freezes feature development to fix security and privacy issues
ExtremeTech: Zoom’s Security and Privacy Practices Kind of Zuck
MobileSyrup.com: Zoom vows to fix issues around privacy and security within 90-days
WCCFtech: Zoom Gets Banned at SpaceX Following Privacy Concerns
Trusted Reviews: Why Zoom is attracting so much criticism right now
RTE: Zoom stops product development to fix security issues
E-Commerce Times: Zoom’s Soaring Popularity Is a Double-Edged Sword
9to5Mac: Zoom penetration tests commissioned to improve ‘trust, safety and privacy’
Digital Trends: SpaceX tells workers to ditch Zoom over ‘significant’ privacy concerns
Android Central : Zoom apologizes over security and privacy issues and freezes new features
iMore: Zoom apologizes over security and privacy issues and freezes new features
Windows Central : Zoom apologizes over security and privacy issues and freezes new features
Channel News Asia: Elon Musk’s SpaceX bans Zoom over privacy concerns
Tech Insider: Elon Musk’s SpaceX bans Zoom over security and privacy concerns
Thomas Brewster – Forbes: Why Zoom Really Needs Better Privacy: $1.3 Million Orders Show The US Government’s COVID-19 Response Is Now Relying On It
Android Authority: Zoom won’t add new features for 90 days as it tackles privacy, security woes
Graham Cluley: Zoom promises to improve its security and privacy as usage (and concern) soars
Telecompaper Headlines: Zoom promises full security review as users pass 200 mln per day
MobileSyrup.com: Zoom vows to fix issues around privacy and security within 90-days
The Financial Express: Has Zoom got it right on security?
Security Affairs: Crooks use tainted Zoom apps to target users at home due to Coronavirus outbreak
Ubergizmo: Zoom Pledges To Spend The Next 90 Days Fixing Its Privacy And Security Issues
ET news: Security snafus exhumed amid Zoom boom
Fast Company: Elon Musk’s SpaceX bans employees from using Zoom over ‘significant privacy and security concerns’
USA Today: Zoom to focus on security, privacy, CEO says, as usage booms during coronavirus crisis
SlashGear » security: Zoom CEO responds: What happens next for hit video calling app
City A.M. – Technology: Zoom vows to fix security issues as it hits 200m daily users
The State of Security: Zoom promises to improve its security and privacy as usage (and concern) soars
TechWorm: Zoom Security Vulnerability Leaks Windows Login Credentials To Hackers
The Hill: Zoom vulnerabilities draw new scrutiny amid coronavirus fallout
CBSNews.com: FBI warns of online attacks on video conference app Zoom
The Next Web: After a litany of security fuck-ups, Zoom promises weekly updates
E Hacking News: Hackers use fake Zoom domains to spread malware
BBC News: Zoom boss apologises for security issues and promises fixes
Digital Trends: Zoom freezes development of new features to fix privacy issues
Trusted Reviews: Why Zoom is attracting so much criticism right now
BetaNews: Zoom issues an apology for privacy and security issues, will enact a feature freeze to focus on fixes
The Verge: Zoom announces 90-day feature freeze to fix privacy and security issues
Tom’s Guide News: Zoom privacy and security issues: Here’s everything that’s wrong (so far)
Zoom: A Message to Our Users

@josephfcox: Zoom announces several changes, such as a "feature freeze" and moving all engineering resources to fixing privacy and security issues; enhancing its bug bounty program https://blog.zoom.us/wordpress/2020/04/01/a-message-to-our-users/
@TheHackersNews: UPDATE: After facing backlash over #privacy & security concerns, #Zoom today issued updates to patch some recently disclosed flaws & also announced to enhance its #bugbounty program and shift all of its engineering resources to resolve further issues. https://thehackernews.com/2020/04/zoom-windows-password.html
@runasand: Letter from @zoom_us CEO @ericsyuan outlines what the company has done and will do moving forward to address issues and concerns, including shifting “engineering resources to focus on our biggest trust, safety, and privacy issues.”
@ashk4n: I have to say the response from @zoom_us to all the privacy, security, and #abusability issues surrounding their platform is very good: CEO acknowledges the specific problems, lays out steps they’re taking to fix them, and clear communicates steps to users


April 13, 2020
Rowena Mason / The Guardian

Rowena Mason / The Guardian   
UK Health Ministry Will Soon Launch Its Own Coronavirus Contact Tracing App as Concerns Swirl Over Privacy and Security of Such Apps

As security and privacy concerns swirl around the introduction of coronavirus contact tracing apps, the UK public will soon be able to find out if they may have been in the vicinity of people unwell with coronavirus via a new contact-tracing app. The NHS app, developed by NHSX, the health service’s digital transformation arm, would allow people to report their symptoms. Then the app would anonymously alert other app users that had been in contact with that person in recent days. About 60% of the population would have to sign up for the app for it to be effective.  Despite fears over the privacy of the app’s data, UK health minister Matt Hancock said the data will be handled according to the highest ethical and security standards, and would only be used for NHS care and research.

Related: IT World, Techradar, The Loop, eTeknix, CNBC, Cyware News, Telecomlive.com, Inverse, Android Authority, CNET, 9to5Mac, DIGITIMES: IT news from Asia, MacRumors, Android Central, TechNadu, Fortune, MacDailyNews, Schneier on Security, Computerworld Security, O’Grady’s PowerPage, MacRumors, Cult of Mac, Forbes, Politico, BBC News

Tweets:@fs0c131y @jatorre @schneierblog @EHRC

IT World : Cyber Security Today – COVID-19 hiring and sob story scams, Apple and Google partner on contact tracing, cops make arrests and more
Techradar: The UK government is working on a Covid-19 tracking app with Apple and Google
The Loop: UK nods to Apple/Google coronavirus API with contact tracing app plans
eTeknix: UK Confirms Plans For Coronavirus Tracing App
CNBC: Apps collecting data to help stop the virus spread must limit sharing of information, cybersecurity expert says
Telecomlive.com: Apple, Google join hands to help fight coronavirus
Inverse: Covid-19: how Apple and Google’s system could help end lockdowns
Android Authority: Google-Apple partnership may be tech-limited, and more tech news today
CNET: Tech isn’t solution to COVID-19, says Singapore director of contact tracing app
9to5Mac: Here’s how Apple and Google’s COVID-19 contact tracing API could be implemented to help reopen society
DIGITIMES: IT news from Asia: Apple and Google partner on coronavirus contact tracing technology
MacRumors: UK to Use Apple-Google API in NHS Contact Tracing App
Android Central : The UK’s NHS will add Apple and Google’s coronavirus tracing API to its app
iMore: The UK’s NHS will add Apple and Google’s coronavirus tracing API to its app
TechNadu: UK Will Be the First to Use the Google and Apple Coronavirus Tracing App
Fortune: The problem with Google and Apple’s plan to trace coronavirus via your phone
MacDailyNews: What’s wrong with the Apple-Google COVID-19 contact tracing scheme
Schneier on Security: Contact Tracing COVID-19 Infections via Smartphone Apps
Computerworld Security: Everything we know about the Google/Apple COVID-19 contact tracing tech
O’Grady’s PowerPage: Apple to partner with Google on Coronavirus contact tracing project
MacRumors: UK to Use Apple-Google API in NHS Contact Tracing App
Cult of Mac: UK’s National Health Service to use Apple-Google API in contact tracing app
Forbes: COVID-19: U.K. Government Unveils NHS Contact-Tracing Phone App As Next Step In Fighting Disease
Politico: The security issues with the Apple/Google virus tracking project
BBC News: Coronavirus: UK confirms plan for its own contact tracing app

@fs0c131y: 14/ The Apple / Google API has an other disadvantage. If a government want to publish a functional contact tracing app he is force to use this API. As a politician, when you spend your time talking about the digital sovereignty, about how bad are the GAFA, it's an issue.
@jatorre: I am getting scared of all these cryptographers now saving the world with contact tracing without privacy issues... This is going to delay solutions a lot by adding noise to decision makers. This blog post summarizes it great https://lightbluetouchpaper.org/2020/04/12/contact-tracing-in-the-real-world/
@schneierblog: Contact Tracing COVID-19 Infections via Smartphone Apps
@EHRC: “We support the use of technology to save lives during the pandemic. At the same time it must have the appropriate safeguards in place to protect people’s privacy and data.” We are ready to advise the NHS on its new Covid-19 contact tracing app. More: http://socsi.in/VrLA2


March 11, 2020
Drew Harwell / Washington Post

Drew Harwell / Washington Post  
Whisper Left Years of Intimate Data Exposed on the Web, User Data Tied to Age, Location, Other Details

Whisper, the secret-sharing app that called itself the “safest place on the Internet,” left years of users’ most intimate confessions exposed on the Web tied to their age, location and other details, cybersecurity consultants Matthew Porter and Dan Ehrlich, who lead the advisory group Twelve Security discovered. Porter and Ehrlich said they were able to access nearly 900 million user records from the app’s release in 2012 to the present day. After the Washington Post contacted the company on Monday, access to the data was removed.

Related: Engadget, Gadgets.NDTV, The Mac Observer, ZDNet Security, Infosecurity Magazine, Graham Cluley, The Register – Security, Newsweek, Android Central , HOTforSecurity


May 10, 2020
Andy Greenberg / Wired

Andy Greenberg / Wired  
Thunderspy Attack Exploits Flaw in Intel’s Thunderbolt Interface to Open New Avenue for ‘Evil Maid’ Attack

A new technique called Thunderspy can bypass the login screen of a sleeping or locked computer, and even its hard disk encryption, on Thunderbolt-enabled Windows or Linux PCs manufactured before 2019. The technique can allow attackers to gain full access to the computer’s data, Eindhoven University of Technology researcher Björn Ruytenberg revealed. Although the attack in many cases requires opening a target laptop’s case with a screwdriver, it leaves no trace of intrusion and can be completed in a few minutes, opening a new avenue to the so-called “Evil Maid” attack. Intel’s Thunderbolt interface, which promises faster speeds by allowing more direct access to memory, has frequently posed security problems. As a consequence, researchers recommend taking advantage of a Thunderbolt feature known as “security levels.” However, using the Thuderspy attack, attackers can even bypass this protection level. Intel, and some PC makers, say they have protection against this attack, although Ruytenberg says the flaws he found extend to Intel’s hardware, and can’t be fixed with a mere software update.

Related: Thunderspy, fossBytes, Reddit – cybersecurity, Engadget, Sensors Tech Forum, TechNadu, Silicon Republic, TechSpot, The Next Web, IT Pro, iPhone Hacks, 9to5Mac, Security News | Tech Times, fossBytes, Engadget, SecurityWeek, ZDNet Security, SlashGear » security, Neowin, Reddit – cybersecurity, The Verge, Silicon Republic, WCCFtech, BetaNews, Appleosophy, 9to5Mac, Naked Security, MSSP Alert, BGR, DataBreachToday.com, Techradar, TechWorm, Schneier on Security, Reddit-hacking, CISO MAG, TechJuice, HOTforSecurity, Ars Technica

Tweets:@a_greenberg @0Xiphorus @campuscodi @campuscodi @kennwhite @mattiasgeniar @paulmillr @markwilsonwords

Thunderspy: When Lightning Strikes Thrice: Breaking Thunderbolt 3 Security
fossBytes: Any PC Manufactured Before 2019 Is Vulnerable To ‘Thunderspy’ Attack
Reddit – cybersecurity: A Thunderspy attack on all PCs with Thunderbolt ports shipped between 2011 and 2020 allows an attacker with only five minutes of physical access to the device to read and copy all its data, even if the drive is encrypted and the computer is locked or set
Engadget: Thunderbolt flaw lets hackers steal your data in ‘five minutes’
Sensors Tech Forum: Thunderspy Attack Used To Hack Thunderbolt Ports: Millions of PCs Affected
TechNadu: “ThunderSpy” Is Threatening to Steal Your Data Right From the Laptop Port
Silicon Republic: Thunderspy: What you need to know about unpatchable flaw in older PCs
TechSpot: New Thunderbolt flaw lets hackers bypass security features in five minutes
The Next Web: There’s a new Thunderbolt bug, check if your computer is affected
IT Pro: Thunderbolt flaw exposes millions of PCs to attack | IT PRO
iPhone Hacks: Major Thunderbolt Security Exploit ‘Thunderpsy’ Allows Hacker to Steal Data from Encrypted Drive, Partially Affects macOS
9to5Mac: Major Thunderbolt security flaws found, affect Macs shipped 2011-2020
Security News | Tech Times: [HACKERS] Millions of PCs with Intel Thunderbolt Flaws are Vulnerable to Hacking; Thunderspy Attack Takes Only Five Minutes
fossBytes: Any PC Manufactured Before 2019 Is Vulnerable To ‘Thunderspy’ Attack
Engadget: Thunderbolt flaw lets hackers steal your data in ‘five minutes’
SecurityWeek: Thunderspy: More Thunderbolt Flaws Expose Millions of Computers to Attacks
ZDNet Security: Thunderbolt flaws affect millions of computers – even locking unattended devices won’t help
SlashGear: New Thunderbolt hack exposes your files: How to check if you’re safe
Neowin: Thunderbolt flaw allows a hacker to obtain access to a PC’s data within minutes
Reddit – cybersecurity: A Thunderspy attack on all PCs with Thunderbolt ports shipped between 2011 and 2020 allows an attacker with only five minutes of physical access to the device to read and copy all its data, even if the drive is encrypted and the computer is locked or set
The Verge: Thunderbolt flaw allows access to a PC’s data in minutes
Silicon Republic: Thunderspy: What you need to know about unpatchable flaw in older PCs
WCCFtech: Thunderbolt Security Flaw in Intel Chips Affects All Compatible Macs and PCs
BetaNews: Thunderspy vulnerability in Thunderbolt 3 allows hackers to steal files from Windows and Linux machines
Appleosophy: Severe Thunderbolt flaw discovered affecting Mac’s shipped between 2011-2020
9to5Mac: Major Thunderbolt security flaws found, affect Macs shipped 2011-2020
Naked Security: Thunderspy – why turning your computer off is a cool idea!
MSSP Alert: Intel Thunderbolt Vulnerability Details Explained
BGR : This Thunderbolt vulnerability puts millions of PCs in danger
DataBreachToday.com: New Thunderbolt Flaws Disclosed to Intel
Techradar: Buy Windows 10: the cheapest prices in May 2020
TechWorm: Thunderbolt Vulnerability Affects millions of PCs Manufactured Before 2019
Schneier on Security: Attack Against PC Thunderbolt Port
Reddit-hacking: Thunderbolt flaws affect millions of computers – even locking unattended devices won’t help
CISO MAG: Millions of Computers Open to Thunderbolt Port Vulnerabilities
TechJuice: Major security flaw discovered in Thunderbolt-equipped devices
HOTforSecurity: Thunderspy Attack Affects all Computers with Thunderbolt Released in the Past Decade
Ars Technica: Thunderspy: What is is, why it’s not scary, and what to do about it

@a_greenberg: Dutch researcher @0Xiphorushas has detailed a new physical access technique that could let hackers break into any of millions of PCs via their Thunderbolt ports. The good news is it requires unscrewing the case briefly. The bad news is it's unpatchable.
@0Xiphorus: This has been a long time coming. Today we release Thunderspy. Find full details at https://thunderspy.io. Thanks to @a_greenberg for reporting. #Thunderspy #Intel #Thunderbolt
@campuscodi: Thunderspy works even if you follow best security practices by locking or suspending your computer when leaving briefly, and if your system administrator has set up the device with Secure Boot, strong BIOS and operating system account passwords, and enabled full disk encryption.
@campuscodi: Oh, look. Some disclosure drama
@kennwhite: “Thunderspy [Intel exploit] enables creating arbitrary Thunderbolt device identities and cloning user-authorized Thunderbolt devices, even in the presence of Security Levels pre-boot protection and cryptographic device authentication”
@mattiasgeniar: "If your computer has a Thunderbolt port, an attacker who gets brief physical access to it can read and copy all your data, even if your drive is encrypted and your computer is locked or set to sleep." tl;dr: stop using computers. ¯\_(?)_/¯ https://thunderspy.io
@paulmillr: This looks bad. An attacker could read your encrypted drive & contents of a RAM, even when the laptop is sleeping. All it takes is inserting a device into USB/Thunderbolt port. All macbooks are affected, even with Linuxes. Can't be fixed in software.
@markwilsonwords: Thunderspy vulnerability in Thunderbolt 3 allows hackers to steal files from Windows and Linux machines https://betanews.com/2020/05/11/thunderspy-security-vulnerability/ via @BetaNews


March 17, 2020
Nicholas Fandos and Charlie Savage / New York Times

Nicholas Fandos and Charlie Savage / New York Times  
Senate Votes to Extend Expiring FISA Surveillance Powers Until June

The Senate voted to reinstate until June a handful of expiring F.B.I tools used for investigating terrorism and espionage under the Foreign Intelligence Surveillance Act (FISA) in an attempt to grant lawmakers time to sort out broader differences over surveillance laws and move to address the coronavirus pandemic. The House now has to agree to this extension, although it’s unclear when a vote on the matter would occur. The House earlier passed a bill to extend FISA surveillance powers in legislation that went beyond what the Senate passed.

April 1, 2020
Lawrence Abrams / Bleeping Computer

Lawrence Abrams / Bleeping Computer  
Zoom Windows Client Vulnerability Allows Attackers to Steal Windows Credentials of Users Who Click on Links

The Zoom Windows client is vulnerable to UNC path injection in the client’s chat feature that could allow attackers to steal the Windows credentials of users who click on the link,  security researcher @_g0dmode discovered. When Zoom users click on the link, Windows will attempt to connect to the remote site using the SMB file-sharing protocol to open the remote cat.jpg file. In the process of doing so, Windows will send the user’s login name and their NTLM password hash, which can be cracked using free tools like Hashcat to dehash, or reveal the user’s password. Security research Matthew Hickey aka hackerfantastic tested the proposition and was able to capture the NTLM password hashes being sent to a server hosting the clicked on share.

Related: iTnews – Security, ZDNet Security, CyberSecurity Help s.r.o., Beta News, Sec.Today, Mashable

Tweets:@nathanmcnulty @hackerfantastic


March 31, 2020
Micah Lee, Yael Grauer / The Intercept

Micah Lee, Yael Grauer / The Intercept  
Zoom Doesn’t Actually Use End-to-End Encryption For Its Meetings Despite Marketing, Zoom Itself Is Capable of Accessing Unencrypted Video, Audio

Videoconferencing service and app Zoom, which has experienced a meteoric rise in usage since the advent of the COVID-19 pandemic, is not using end-to-end encryption for its meetings as its marketing material suggests but instead uses a system that lets Zoom itself access unencrypted video and audio from meetings. On its website and in a security white paper, Zoom claims it has end-to-end encryption if everyone connects using “computer audio” instead of calling in on a phone. But in reality, Zoom offers what is usually called transport layer encryption. Zoom confirmed the encryption it uses, saying that “currently, it is not possible to enable E2E encryption for Zoom video meetings. Zoom video meetings use a combination of TCP and UDP. TCP connections are made using TLS and UDP connections are encrypted with AES using a key negotiated over a TLS connection.” The only feature of Zoom that does appear to be end-to-end encrypted is in-meeting text chat.

Related: The Guardian, Reddit – cybersecurity, Windows Central, iMore, Android Central

Tweets:@yaelwrites @joshgerstein @trevortimm @kimzetter


May 4, 2020
Geoff White / BBC News

Geoff White / BBC News  
Man Behind the ILOVEYOU Virus is 44-Year-Old Filipino Onel de Guzman, Says He Didn’t Expect the Malware to Spread Globally

The man behind the ILOVEYOU virus, which infected millions of machines around the world twenty years, has been identified as Filipino Onel de Guzman, now 44. DeGuzman says he unleashed the Love Bug computer worm to steal passwords so he could access the internet without paying and never expected it to spread globally. Back in 2000, victims received an email attachment entitled LOVE-LETTER-FOR-YOU, which contained malware that would overwrite files, steal passwords, and automatically send copies of itself to all contacts in the victim’s Microsoft Outlook address book. The virus overwhelmed computer systems around the world and led to damage and disruption that cost billions of dollars.

August 22, 2019
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Security Researcher Reveals Second Zero-Day Bug in Steam Gaming Client After Being Banned by Company and HackerOne For Disclosing Earlier Zero-Day Flaw

Russian security researcher Vasily Kravets published details about a second zero-day vulnerability in the Steam gaming client after he was banned by Steam and Hacker One from Steam’s bug disclosure platform following Kravets’ public disclosure of another zero-day vulnerability in the platform earlier this summer. Although Valve issued a patch for the first bug, it proved to be insufficient.  Another security researcher Matt Nelson also revealed he found the same exact bug after Kravets which he too reported to Valve’s HackerOne program, only to go through a similar bad experience as Kravets. Nelson said both HackerOne and Valve took five days to acknowledge the bug, refused to patch it and locked the bug report when Nelson wanted to disclose the bug publicly and warn users. Kravets’ second Valve zero-day, which, like the first, is another EoP/LPE (escape of privilege or local privilege escalation) in the Steam client, allows malicious apps to gain admin rights through Valve’s Steam app. Part of Valve’s difficulty in dealing with this problem is that it appears to consider EoP/LPE vulnerabilities as “out-of-scope” for its HackerOne platform, meaning the company doesn’t view them as security issues despite the fact that most other companies do.

Related: BleepingComputer.com, Slashdot, amonitoring, Hacker News (Ycombinator), THE INQUIRER, The Register, Security Affairs

Tweets:@mkolsek @viss @psidragon @enigma0x3 @MalwarePatrol

BleepingComputer.com: Second Steam Zero-Day Impacts Over 96 Million Windows Users
Slashdot: Researcher Publishes Second Steam Zero Day After Getting Banned on Valve’s Bug Bounty Program
amonitoring: One more Steam Windows Client Local Privilege Escalation 0day
Hacker News (ycombinator): Researcher banned on Valve’s bug bounty program publishes second Steam 0-day (zdnet.com)
THE INQUIRER: Researcher banned from Valve’s bug bounty exposes second Steam zero-day
The Register: Disgruntled bug-hunter drops Steam zero-day to get back at Valve for refusing him a bounty
Security Affairs: A new Zero-Day in Steam client impacts over 96 million Windows users

@mkolsek: Good news for Steam users: After several LPE 0days have been dropped, Valve changed their bug bounty scope to include local privilege escalation. https://hackerone.com/valve/policy_v
@viss: i am disappointed that valve does this kinda stuff
@psidragon: Valve banned me on their H1 program. So... I release new #ZeroDay #PublicDisclosure EoP vulnerability at Steam. Another #0day. Rus - https://habr.com/ru/company/pm/blog/464367/ Eng - https://amonitoring.ru/article/onemore_steam_eop_0day/
@enigma0x3: @steam_games that’s not really how that works. You can’t pick and choose what you define as a vulnerability. Your software is breaking the Windows security model.
@MalwarePatrol: Disgruntled bug-hunter drops Steam zero-day to get back at Valve for refusing him a bounty. https://theregister.co.uk/2019/08/22/steam_zeroday_valve/ via @TheRegister


July 10, 2016
Sarah Lynch, Mor Turgeman and Amit Weiss / Vocativ

Sarah Lynch, Mor Turgeman and Amit Weiss / Vocativ  
Anonymous Declares ‘Day of Solidarity’ with Black Lives Matter, Hacking Planned

Hacktivist group Anonymous has announced a ‘Day of Solidarity’ with the Black Lives Matter movement, marked by protests and cyberattacks to acknowledge the victims of police violence, bias and discrimination.

[expand title=”More”]

[/expand]