Wikileaks offers tech giants access to sourcecode for CIA Vault 7 exploits

Wikileaks' seismic Vault 7 release didn't follow the usual Wikileaks procedure: perhaps in response to earlier criticism, the organization redacted many of the files prior to their release, cutting names of CIA operatives and the sourcecode for the cyber-weapons the CIA had developed, which exploit widely used mobile devices, embedded systems, and operating systems. Read the rest

Every Android device potentially vulnerable to "most serious" Linux escalation attack, ever

The Dirty Cow vulnerability dates back to code included in the Linux kernel in 2007, and it can be trivially weaponized into an easy-to-run exploit that allows user-space programs to execute as root, meaning that attackers can take over the entire device by getting their targets to run apps without administrator privileges. Read the rest

Audit reveals significant vulnerabilities in Truecrypt and its successors

Veracrypt was created to fill the vacuum left by the implosion of disk-encryption tool Truecrypt, which mysteriously vanished in 2014, along with a "suicide note" (possibly containing a hidden message) that many interpreted as a warning that an intelligence agency had inserted a backdoor into the code, or was attempting to force Truecrypt's anonymous creators to do so. Read the rest