Showing only posts tagged Security. Show all posts.

Senator blasts Microsoft for making default Windows vulnerable to “Kerberoasting”

Source

A prominent US senator has called on the Federal Trade Commission to investigate Microsoft for “gross cybersecurity negligence,” citing the company’s continued use of an obsolete and vulnerable form of encryption that Windows uses by default. In a letter to FTC Chairman Andrew Ferguson, Sen. Ron Wyden (D …

SAP warns of high-severity vulnerabilities in multiple products

Source

As hackers exploit a high-severity vulnerability in SAP’s flagship Enterprise Resource Planning software product, the software maker is warning users of more than two dozen newly detected vulnerabilities in its other widely used products, including a security flaw with a maximum-severity rating of 10. SAP on Tuesday said …

Software packages with more than 2 billion weekly downloads hit in supply-chain attack

Source

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to be the world’s biggest supply-chain attack ever. The attack, which compromised nearly two dozen packages hosted on the npm repository, came to public notice on Monday in …

Former WhatsApp security boss in lawsuit likens Meta’s culture to a “cult”

Source

Over the past year, Meta has blanketed TV screens around the world with commercials touting the privacy of Whatsapp, its encrypted messenger with a monthly user base of 3 billion people. “It’s private,” one ad campaign featuring the former cast of the Modern Family TV show says. “On …

Don’t let outdated IGA hold back your security, compliance, and growth

Source

Identity Governance & Administration (IGA) is critical to keeping data secure, ensuring only the right people have access to the right resources. But legacy IGA is slow, costly, and code-heavy. Learn from tenfold why Modern IGA solutions deliver faster out-of-the-box integrations, streamlined governance, and built-in compliance. [...]

The number of mis-issued 1.1.1.1 certificates grows. Here’s the latest.

Source

Wednesday’s discovery of three mis-issued TLS certificates for Cloudflare’s 1.1.1.1 encrypted DNS lookup service generated intense interest and concern among Internet security practitioners. The revelation raised the possibility that an unknown entity had obtained the cryptographic equivalent of a skeleton key that could be …

« newer articles | page 7 | older articles »