In a move to protect its users based in Kazakhstan from government surveillance, Google, Apple and Mozilla finally today came forward and blocked Kazakhstan's government-issued root CA certificate within their respective web browsing software.

Starting today, Chrome, Safari and Firefox users in Kazakhstan will see an error message stating that the "Qaznet Trust Network" certificate should not be trusted when attempting to access a website that responds with the government-issued certificate.

As The Hacker News reported last month, all major Kazakh Internet Service Providers (ISPs) are forcing their customers into installing a government-issued root certificate on their devices in order to regain access to their Internet services.
Over a billion Bluetooth-enabled devices, including smartphones, laptops, smart IoT devices, and industrial devices, have been found vulnerable to a high severity vulnerability that could allow attackers to spy on data transmitted between the two devices.

The vulnerability, assigned as CVE-2019-9506, resides in the way 'encryption key negotiation protocol' lets two Bluetooth BR/EDR devices choose an entropy value for encryption keys while pairing to secure their connection.

Referred to as the Key Negotiation of Bluetooth (KNOB) attack, the vulnerability could allow remote attackers in close proximity to targeted devices to intercept, monitor, or manipulate encrypted Bluetooth traffic between two paired devices.
An unknown hacker yesterday successfully managed to hack into the official GitHub account of Canonical, the company behind the Ubuntu Linux project and created 11 new empty repositories.

It appears that the cyberattack was, fortunately, just a "loud" defacement attempt rather than a "silent" sophisticated supply-chain attack that could have been abused to distribute modified malicious versions of the open-source Canonical software.

In a statement, David from Canonical confirmed that attacker(s) used a Canonical owned GitHub account whose credentials were compromised to unauthorizedly access Canonical's Github account.

"We can confirm that on 2019-07-06 there was a Canonical owned account on GitHub whose credentials were compromised and used to create repositories and issues among other activities," David said.
Taiwanese networking equipment manufacturer D-Link has agreed to implement a "comprehensive software security program" in order to settle a Federal Trade Commission (FTC) lawsuit alleging that the company didn't take adequate steps to protect its consumers from hackers.

Your wireless router is the first line of defense against potential threats on the Internet.

However, sadly, most widely-used routers fail to offer necessary security features and have often found vulnerable to serious security flaws, eventually enabling remote attackers to unauthorizedly access networks and compromise the security of other devices connected to it.

In recent years, the security of wireless networks has been more of a hot topic due to cyber attacks, as well as has gained headlines after the discovery of critical vulnerabilities—such as authentication bypass, remote code execution, hard-coded login credentials, and information disclosure—in routers manufactured by various brands.
In recent years, several groups of cybersecurity researchers have disclosed dozens of memory side-channel vulnerabilities in modern processors and DRAMs, like Rowhammer, RAMBleed, Spectre, and Meltdown.

Have you ever noticed they all had at least one thing in common?

That's OpenSSH.

As a proof-of-concept, many researchers demonstrated their side-channel attacks against OpenSSH application installed on a targeted computer, where an unprivileged attacker-owned process exploits memory read vulnerabilities to steal secret SSH private keys from the restricted memory regions of the system.
GamePad Digital’s marketing department has been offering up some great promotional work for the upcoming P2 Max game console/Ultrabook/mini-laptop. The manufacturer has announced that the device will begin its crowdfunding campaign at the end of June; the P2 Max’s Indiegogo page is already stuffed with some interesting comparisons, though.

Firstly, GPD has pointed out that the P2 Max is the same size as an iPad mini 4, with its game console-Ultrabook hybrid sporting an 8.9-inch display and weighing just 650 g (23 oz; net weight). It’s these particular specifications that put the device “ahead” of the Surface Pro 6 and Dell’s XPS 13, as both of those rivals are larger and heavier. It looks like the “world’s smallest Ultrabook” definitely has that going for it at least.