Hopefully we're still listening to experts Fourteen of the world's leading computer security and cryptography experts have released a paper arguing against the use of client-side scanning because it creates security and privacy risks.... [...]
Global messaging giant extends security and privacy to Google Drive and Apple iCloud Facebook's WhatsApp on Thursday began a global rollout of end-to-end (E2E) encryption for message backups, which offers Android and iOS users with the ability to protect WhatsApp messages stored in Google Drive and Apple iCloud.... [...]
With 71 new CVEs, there are patches enough for everyone Microsoft's October Patch Tuesday has arrived with fixes for 71 new CVEs, two patch revisions to address bugs from previous months that just won't die, and three CVEs tied to OpenSSL flaws. That's in addition to eight Edge-Chromium CVEs …
Boffins devise tricks to dupe stolen or nearby iPhones into paying out when in transit mode and using Visa Apple's digital wallet Apple Pay will pay whatever amount is demanded of it, without authorization, if configured for transit mode with a Visa card, and exposed to a hostile contactless …
Pushy code pressured people to sign up for premium services, netted 'millions of euros' You may be advised not to look a gift horse in the mouth, lest you appear ungrateful for questioning its health. But you probably want to examine your Android phone for GriftHorse, or rather for …
Redmond reckoned protocol weakness is not a security vulnerability Microsoft Exchange clients like Outlook have been supplying unprotected user credentials if you ask in a particular way since at least 2016. Though aware of this, Microsoft's advice continues to be that customers should communicate only with servers they trust …
Security Bounty program scolded for broken promises Upset with Apple's handling of its Security Bounty program, a bug researcher has released proof-of-concept exploit code for three zero-day vulnerabilities in Apple's newly released iOS 15 mobile operating system.... [...]
file:// is blocked? Oh OK, we'll just use File:// or fiLE://... Apple's macOS Finder application is currently vulnerable to a remote code execution bug, despite an apparent attempt to fix the problem.... [...]
Email clients fail over to unexpected domains if they can't find the right resources A flaw in Microsoft's Autodiscover protocol, used to configure Exchange clients like Outlook, can cause user credentials to leak to miscreants in certain circumstances.... [...]
Russia-based biz targeted in Uncle Sam's crack down on cyber-extortion The US Treasury on Tuesday sanctioned virtual cryptocurrency exchange Suex OTC for handling financial transactions for ransomware operators, an intervention that's part of a broad US government effort to disrupt online extortion and related cyber-crime.... [...]
If you need another reason to try an alternative software suite Apache OpenOffice (AOO) is currently vulnerable to a remote code execution vulnerability and while the app's source code has been patched, the fix has only been made available as beta software and awaits an official release.... [...]
Once dismissed proof-of-concept attack on Microsoft OS through WSL detected in the wild Linux binaries have been found trying to take over Windows systems in what appears to be the first publicly identified malware to utilize Microsoft's Windows Subsystem for Linux (WSL) to install unwelcome payloads.... [...]
Patch Tuesday fiesta also sees Adobe and SAP tidying up Patch Tuesday For its September Patch Tuesday, Microsoft churned out fixes for 66 vulnerabilities, alongside 20 Chromium bugs in Microsoft Edge.... [...]
Separate flaw in WebKit also under attack squashed, too – and two zero-days in Chrome, as well Updated Apple on Monday issued security patches for its mobile and desktop operating systems, and for its WebKit browser engine, to address two security flaws, at least one of which was, it is …
Forget Agent Smith, we want to see Neo fighting implementation bugs The Matrix.org Foundation, which oversees the Matrix decentralized communication protocol, said on Monday multiple Matrix clients and libraries contain a vulnerability that can potentially be abused to expose encrypted messages.... [...]
Funny how 'privacy-focused' Apple and Google haven't managed that Facebook's WhatsApp on Friday said users will soon be able to store end-to-end (E2E) encrypted backups of their chat history on Google Drive in Android or Apple iCloud in iOS, with an option to self-manage the encryption key.... [...]
Where did people think spam and harassment reports were going? Facebook's WhatsApp states its messages are protected by the Signal encryption protocol. A report published today by investigative non-profit ProPublica contends that WhatsApp communication is less private than users understand or expect.... [...]
Critics celebrate reconsideration of 'spyPhone' regime Apple on Friday said it intends to delay the introduction of its plan to commandeer customers' own devices to scan their iCloud-bound photos for illegal child exploitation imagery, a concession to the broad backlash that followed from the initiative.... [...]
Access should have been revoked... but wasn't, court told On Tuesday, a woman from Brooklyn, New York, pleaded guilty to destroying computer data at an unidentified credit union from which she had recently been fired.... [...]
Chip biz's fix involves performance-inhibiting LFENCE, if warranted Computer scientists at TU Dresden in Germany have found that AMD's Zen processor family is vulnerable to a data-bothering Meltdown-like attack after all.... [...]
Some tactics never change much Microsoft has warned that it has been tracking a widespread credential-phishing campaign that relies on open redirector links, while simultaneously suggesting it can defend against such schemes.... [...]
Multi-use toolkit deployed on victims' networks across Asia, North America ESET and TrendMicro have identified a novel and sophisticated backdoor tool that miscreants have slipped onto compromised Windows computers in companies mostly in Asia but also in North America.... [...]
Scumbag spent years tricking victims into handing over login details A California man this month admitted he hoarded hundreds of thousands of photos and videos stolen from strangers' Apple iCloud accounts to find and share images of nude young women.... [...]
Low-code platform comes with high expectations that folks understand security Forty-seven government entities and privacy companies, including Microsoft, exposed 38 million sensitive data records online by misconfiguring the Windows giant's Power Apps, a low-code service that promises an easy way to build professional applications.... [...]
Four months after Microsoft went public, ex-RIM biz puts its hand up BlackBerry this week issued a critical security advisory for past versions of its QNX Real Time Operating System (RTOS), used in more than 175m cars, medical equipment, and industrial systems.... [...]