av Mikael Winterkvist | mar 26, 2025 | Bluesky, Mastodon, Notiser, Threads |
Lawmakers and experts are sounding the alarm after revelations that Cabinet members were using Signal to discuss war plans, saying the encrypted messaging app is still vulnerable to hacking.
The Atlantic’s Jeffrey Goldberg published a first-hand account on Mondaydetailing how he was mistakenly added to a Signal group chat where high-ranking Trump officials were discussing plans to conduct military strikes in Yemen. The Signal conversation included “precise information about weapons packages, targets, and timing,” Goldberg said, describing the use of the open-source app to map out military strikes as “shocking recklessness.”
Politico
av Mikael Winterkvist | mar 26, 2025 | Bluesky, Mastodon, Notiser, Threads |
I haven’t had time to comment on the Jeff Goldberg story about the war cabinet planning a military campaign on the Signal app. So a few brief thoughts.
To state the obvious, in any normal administration Hegseth and Waltz at a minimum would be gone by the end of the day. So let me stipulate to all the outrageousness. But I want to focus your attention on the fact that information security is not the only, perhaps not even the main issue.
Note that no one in the chat is saying, “Hey, we sure it’s cool to be talking about this on Signal?” Or, “Should we be worried this is an insecure channel?” That and the simple logic of the matter tells us this is commonplace in the new administration. You think Mike Waltz got fat fingers and accidentally added Goldberg on the first time out? Not likely.
Källa: SignalGate Is Bad; But OPSEC Isn’t Even the Worst Part Of It
av Mikael Winterkvist | mar 26, 2025 | Bluesky, Mastodon, Notiser, Threads |
Apple didn’t introduce a new generation of the Apple Watch Ultra last year. Instead, the company announced a new black titanium version for the current generation. This year, however, Apple Watch Ultra 3 will get some hardware upgrades – and that includes key improvements when it comes to connectivity.
5G and satellite connectivity coming to Apple Watch Ultra 3
A recent Bloomberg report corroborated rumors about connectivity upgrades being developed for the Apple Watch Ultra 3. More specifically, this year’s Ultra model will be the first Apple Watch to support satellite connectivity and 5G.
Satellite connectivity was first added to the iPhone 14, and it enables the Emergency SOS feature via satellite. As the name suggests, it lets users point the iPhone in the right direction until it connects to a satellite in order to call emergency services when there’s no cellular or Wi-Fi signal available. The feature has become known for saving the lives of many people in high-risk situations.
Källa: Apple Watch Ultra 3 to have two key connectivity improvements
av Mikael Winterkvist | mar 26, 2025 | Bluesky, Mastodon, Notiser, Threads |
On Monday, shortly after we published a story about a massive Trump-administration security breach, a reporter asked the secretary of defense, Pete Hegseth, why he had shared plans about a forthcoming attack on Yemen on the Signal messaging app. He answered, “Nobody was texting war plans. And that’s all I have to say about that.”
At a Senate hearing yesterday, the director of national intelligence, Tulsi Gabbard, and the director of the Central Intelligence Agency, John Ratcliffe, were both asked about the Signal chat, to which Jeffrey Goldberg, the editor in chief of The Atlantic, was inadvertently invited by National Security Adviser Michael Waltz. “There was no classified material that was shared in that Signal group,” Gabbard told members of the Senate Intelligence Committee.
Källa: Here Are the Attack Plans That Trump’s Advisers Shared on Signal
av Mikael Winterkvist | mar 26, 2025 | Bluesky, Mastodon, Notiser, Threads |
Google is in the process of rolling out Chrome v134.0.6998.178 to Windows users to fix CVE-2025-2783, a zero-day vulnerability that allowed attackers to to bypass Chrome sandbox protections.
The vulnerability was flagged by Kaspersky researchers, who discovered it being exploited by a suspected state-sponsored APT group to target media outlets and educational institutions in Russia.
About CVE-2025-2783
Google explains the source of the flaw thus: “Incorrect handle provided in unspecified circumstances in Mojo on Windows.” (Mojo is Chromium’s inter-process communication framework.)
Researchers Igor Kuznetsov and Boris Larin say that the cause of CVE-2025-2783 was “a logical error at the intersection of Google Chrome’s sandbox and the Windows operating system,” and that it initially left them scratching their heads: “Without doing anything obviously malicious or forbidden, it allowed the attackers to bypass Google Chrome’s sandbox protection as if it didn’t even exist.”
Källa: Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) – Help Net Security
av Mikael Winterkvist | mar 26, 2025 | Bluesky, Mastodon, Notiser, Threads |
Google has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that it said has been exploited in the wild as part of attacks targeting organizations in Russia.
The vulnerability, tracked as CVE-2025-2783, has been described as a case of ”incorrect handle provided in unspecified circumstances in Mojo on Windows.” Mojo refers to a collection of runtime libraries that provide a platform-agnostic mechanism for inter-process communication (IPC).
As is customary, Google did not reveal additional technical specifics about the nature of the attacks, the identity of the threat actors behind them, and who may have been targeted. The vulnerability has been plugged in Chrome version 134.0.6998.177/.178 for Windows.
”Google is aware of reports that an exploit for CVE-2025-2783 exists in the wild,” the tech giant acknowledged in a terse advisory.
Hacker News
