eSentire warns of remote-access trojans masquerading as PDFs More than 100,000 web pages hosted by Google Sites are being used to trick netizens into opening business documents booby-trapped with a remote-access trojan (RAT) that takes over victims' PCs and hands control to miscreants.... [...]
114 fixes for the Windows world – plus fixes from SAP, Adobe, FreeBSD, etc Patch Tuesday April showers bring hours of patches as Microsoft delivers its Patch Tuesday fun-fest consisting of over a hundred CVEs, including four Exchange Server vulnerabilities reported to the company by the US National Security Agency …
Someone hasn't heard of redundancy The US Justice Department on Friday announced the arrest of Seth Aaron Pendley, 28, for allegedly planning to blow up a single Amazon data center in Ashburn, Virginia, which he thought would knock out around 70 per cent of the internet.... [...]
So please don't delay in applying updates, says, well, everyone SAP and security analysts Onapsis say cyber-criminals are pretty quick to analyze the enterprise software outfit's patches and develop exploits to get into vulnerable systems.... [...]
Remote code execution hole, arbitrary file writing flaw could make a mess of stored files Some QNAP network attached storage devices are vulnerable to attack because of two critical vulnerabilities, one that enables unauthenticated remote code execution and another that provides the ability to write to arbitrary files.... [...]
Privacy don't like it, block the tracker, block the tracker Eliminating third-party cookies will not stop companies from tracking web users, says DuckDuckGo, which claims it can help with its desktop browser extensions and mobile apps.... [...]
Session monitoring scripts prompt dozens of privacy lawsuits against Big Biz, mainly in California and Florida Intel is among the growing list of companies being sued for allegedly violating American wiretapping laws by running third-party code to track interactions, such as keystrokes, click events, and cursor movements, on its …
Debian, Ubuntu ahead of the curve in patching at least – don't be late yourself Two high-severity vulnerabilities in the OpenSSL software library were disclosed on Thursday alongside the release of a patched version of the software, OpenSSL 1.1.1k.... [...]
Privacy. Are we there yet? No, but there's some progress at least When version 90 of Google's Chrome browser arrives in mid-April, initial website visits will default to a secure HTTPS connection in the event the user has failed to specify a preferred URI scheme.... [...]
Money for nothing but your nicked IP In-depth The latest passive income trend, we're told by Lithuania-based internet biz IPRoyal, is internet sharing, a term that here means "subletting" or "reselling."... [...]
Chocolate Factory still stomping bugs out of its bird-themed post-third-party-cookie features Updated Google's effort at "building a privacy-first future for web advertising" already looks like it will require some privacy retrofitting.... [...]
I don't believe it, I had to see it, I came back, I came back haunted Google on Friday released proof-of-concept code for conducting a Spectre-based attack against its Chrome browser to show how web developers can take steps to mitigate browser-based side-channel attacks.... [...]
Funny how code that targets Redmond vanishes while tons of others menacing other vendors remain On Wednesday, shortly after security researcher Nguyen Jang posted a proof-of-concept exploit on GitHub that abuses a Microsoft Exchange vulnerability revealed earlier this month, GitHub, which is owned by Microsoft, removed code, to the …
Bugs in Visual Studio, Visual Studio Code are the least of it Patch Tuesday A week after Microsoft warned that four zero-day flaws and three others in its Exchange Server were being actively exploited and issued out-of-band remediation, the cloudy Windows biz has delivered software fixes to address 82 …
'This is going to be a lot of work... a reasonable set of mitigation primitives exists today, ready and waiting for use' After the disclosure of the 2018 Spectre family of vulnerabilities in modern microprocessor chips, hardware vendor and operating system makers scrambled to reduce the impact of data-leaking …
Side-channel ring race 'hard to mitigate with existing defenses' Chip-busting boffins in America have devised yet another way to filch sensitive data by exploiting Intel's processor design choices.... [...]
'That is not the world we want, nor the one users deserve' With the arrival of Google Chrome v89 on Tuesday, Google is preparing to test a technology called Federated Learning of Cohorts, or FLoC, that it hopes will replace increasingly shunned, privacy-denying third-party cookies.... [...]
Assuming your content blocker can scrutinize DNS AdGuard on Thursday published a list of more than 6,000 CNAME-based trackers so they can be incorporated into content-blocking filters.... [...]
Network Solutions hasn't confirmed what happened, though The short-lived theft of Perl.com in late January is believed to have been the result of a social engineering attack that convinced registrar Network Solutions to alter the domain's records without valid authorization.... [...]
Engineers write off GC abuse because Spectre broke everything anyway In early November, a developer contributing to Google's open-source Chromium project reported a problem with Oilpan, the garbage collector for the browser's Blink rendering engine: it can be used to break a memory defense known as address space layout …
Boffins find those developing apps for the chatty AI assistant can bypass security measures Computer security bods based in Germany and the US have analyzed the security measures protecting Amazon's Alexa voice assistant ecosystem and found them wanting.... [...]
Hey man, are your cookies trackin' me? Take 'em out. You gotta keep 'em separated Mozilla has revised the way the latest build of the Firefox browser handles HTTP cookies to prevent third-parties from using them to track people online, as part of improvements in build 86 of the …
Study sees increasing adoption of cloaking to bypass cookie barriers Boffins based in Belgium have found that a DNS-based technique for bypassing defenses against online tracking has become increasingly common and represents a growing threat to both privacy and security.... [...]
Popular programming language, at the top of its game, still struggles to please everyone Feature The 30th anniversary of Python this week finds the programming language at the top of its game, but not without challenges.... [...]
Popular programming language, at the top of its game, still struggles to please everyone Feature February 20, 2021, the 30th anniversary of Python, finds the programming language at the top of its game but not without challenges.... [...]