Malwarebytes Reveals it Was Hacked by Nation State Behind ‘SolarWinds’

Malwarebytes co-founder and current CEO Marcin Kleczynski reveals the company was hacked. He believes it was the same nation state actor behind the SolarWinds attack. The state is believed to be Russia.

After an extensive investigation, we determined the attacker only gained access to a limited subset of internal company emails. We found no evidence of unauthorized access or compromise in any of our internal on-premises and production environments.

Crazy stuff, and we’ll probably hear of the fallout for a long time.

AirPods Max Headbands Could be Interchangeable

iFixit published a tear down of the AirPods Max and it reveals, among other things, that the headband could be interchangeable.

It was rumored that Apple wanted to design the AirPods Max headband to be easily-swappable like its magnetic ear cups. That feature was thought to be missing from the final design, but this joint is so complex it just might have one more thing up its sleeve…despite the joint’s complexity, you can detach the entire headband from AirPods Max with just a SIM card removal tool or paperclip, without even opening the ear cup.

Bug Lets Audio, Video be Transmitted Without Consent in Apps Like Signal

Google’s Project Zero security team found a bug that lets audio and video be transmitted without user interaction in five messaging apps. These are Signal, JioChat, Mocha, Google Duo, and Facebook Messenger. All bugs have been fixed.

I investigated the signalling state machines of seven video conferencing applications and found five vulnerabilities that could allow a caller device to force a callee device to transmit audio or video data. All these vulnerabilities have since been fixed. It is not clear why this is such a common problem, but a lack of awareness of these types of bugs as well as unnecessary complexity in signalling state machines is likely a factor.