Linux machines running distributions powered by kernels prior to 5.0.8 are affected by a race condition vulnerability leading to a use after free, related to net namespace cleanup, exposing vulnerable systems to remote attacks. | Continue reading
A site that pretends to promote the popular KeePass password management software is actually distributing malware on unsuspecting visitors. This site is part of a larger network of sites distributing adware bundles as free programs. | Continue reading
A hacking group or individual is advertising access to the networks of at least three antivirus companies in the U.S. and source code for their software products. | Continue reading
A software developer from San Francisco managed to do what no one else did before, creating a fully-functional two-way chat using only CSS and HTML, completely ditching JavaScript in the process. | Continue reading
After getting pounded with ransomware and malware for deploying distributed denial-of-service (DDoS) attacks, unpatched Confluence servers are now compromised to mine for cryptocurrency. | Continue reading
As users become more concerned about their privacy and being tracked online, they have begun to use ad blockers and script blockers to block JavaScript tracking scripts. A new method has been discovered that allows a site to track the mouse movements of their visitors by using on … | Continue reading
Security researchers brought to life and released a wicked variant of Clippy, the recently resurfaced assistant in Microsoft Office that we all loved so much to hate, that makes it more difficult to detect a malicious macro in documents. | Continue reading
Amazon announced in a post on the Amazon Simple Storage Service (S3) forum that the company will deprecate path-style API requests (used by many to circumvent censorship) starting with September 30, only keeping support for the virtual-hosted style request format. | Continue reading
Dell issued a security update to patch a SupportAssist Client software vulnerability which allows potential unauthenticated attackers on the same Network Access layer to remotely execute arbitrary executables on vulnerable computers. | Continue reading
Chromium-based Microsoft Edge users who try to use Google Earth are welcomed by an error message and a link directing them to download Google's Chrome web browser. | Continue reading
A publicly accessible Elasticsearch database discovered on March 27 exposed various types of personally identifiable information (PII) and medical info of more than 100,000 individuals. | Continue reading
When users of the Chromium-based Microsoft Edge use Google Docs, the service is stating that the browser is not supported. As the new Microsoft Edge uses the same HTML engine as Chrome and is clearly supported, some users feel that Google is playing unfairly. | Continue reading
Microsoft has started to display notifications in the action center asking Insiders to schedule a call with Windows 10 developers in order to provide feedback regarding the Taskbar experience. | Continue reading
Multiple malicious spam campaigns using signed emails have been observed while distributing the GootKit (aka talalpek or Xswkit) banking Trojan with the help of a multi-stage malware loader dubbed JasperLoader over the past few months. | Continue reading
Researchers have discovered a web site pushing a PC cleaner tool for Windows that in reality is just a front for the Azorult password and information stealing Trojan. | Continue reading
An unauthorized person gained access to a Docker Hub database that exposed the the user names and hashed passwords for approximately 190,000 users. In addition, a small percentage of users have had their GitHub and Bitbucket tokens for Docker autobuilds leaked as well. | Continue reading
An unauthorized person gained access to a Docker Hub database that exposed the the user names and hashed passwords for approximately 190,000 users. In addition, a small percentage of users have had their GitHub and Bitbucket tokens for Docker autobuilds leaked as well. | Continue reading
This week the biggest news is that MalwareHunterTeam was able to get a sample of the RobbinHood ransomware that targets the enterprise so that it could be analyzed. The other big news is that attackers are hacking into Confluence servers using a recently released vulnerability to … | Continue reading
Malicious actors compromised the Magento installations of a few hundred e-commerce websites and injected them with Magecart skimmer scripts hosted on GitHub. | Continue reading
If you using a Roaming User Profile and customize your Windows 10 Start Menu, any changes will be reset after upgrading to a newer version of Windows 10. | Continue reading
Microsoft has released Windows 10 Insider Preview Build 18885 for Insiders in the Fast ring. This build introduces new features for the Your Phone app, adds better dictation support, and includes a fix for USB drive and SD card drive letter reassignments after an upgrade. | Continue reading
Phone to PC notifications syncing with per-application configuration capabilities is currently being rolled out to Windows Insiders as announced by Microsoft's Director of Program Management Microsoft Mobile eXperiences Vishnu Nath. | Continue reading
Microsoft announced the configuration baseline settings draft release for Windows 10 version 1903 (19H1) and for Windows Server version 1903, as well as the intention to drop password expiration policies starting with the Windows 10 May 2019 Update. | Continue reading
The TA505 hacking group ran a spear phishing campaign targeting a financial institution during April with the help of a signed version of the ServHelper backdoor and a number of LOLBins designed to help the operation evade detection. | Continue reading
Malicious actors hosted phishing kits on the web-based GitHub code hosting platform by abusing the service's free repositories to deliver them to their targets via github.io domains. | Continue reading
Google has released Chrome 74 to the Stable desktop channel, which makes it available now for everyone to download. This version fixes numerous security vulnerabilities and adds new features such as support for reduced motion preferences and feature policy updates. | Continue reading
ASUS was not the only company targeted by supply-chain attacks during the ShadowHammer hacking operation as discovered by Kaspersky, with at least six other organizations having been infiltrated by the attackers. | Continue reading
Next month Microsoft will be releasing the Windows 10 May 2019 Update, also known as build 1903, and with it the Windows Start Menu will now be running under its own process called "Start". This is being done to increase performance and to make it easier to recover from hangs in … | Continue reading
The much anticipated Windows 10 tabbed window feature called Sets has been discontinued according to a tweet from a Microsoft senior project manager. | Continue reading
The new Chromium-based Microsoft Edge will impersonate other browsers depending on the site being visited. This is may be done for compatibility reasons, like properly rendering pages or how video will be streamed and played back. | Continue reading
Mozilla has told BleepingComputer that they will be enabling the tracking feature called hyperlink auditing, or Pings, by default in Firefox. There is no timeline for when this feature will be enabled, but it will be done when their implementation is complete. | Continue reading
Financial mobile apps come with large numbers of vulnerabilities stemming from a dangerous lack of security controls and insecure coding practices, according to a report prepared by advisory firm Aite Group for Arxan. | Continue reading
A new ransomware is in play called RobbinHood that is targeting entire networks and then encrypting all computers that they can gain access to. They then request a certain amount of bitcoins to decrypt a single computer or a larger amount to decrypt the entire network. | Continue reading
Third-party services running on most hotel websites have access to guest booking information, including personal data and payment card details. The data they're privy to also allows them to cancel reservations. | Continue reading
Researchers have found that the HTML feature called hyperlink auditing, or pings, is being used to perform DDoS attacks against various sites. This feature is normally used by sites to track link clicks, but is now found to be abused by attackers to send a massive amount of web r … | Continue reading
Security researchers discovered vulnerabilities in the WPA3-Personal protocol which allow potential attackers to crack Wi-Fi network passwords and get access to the encrypted network traffic exchanged between the connected devices. | Continue reading
A HTML standard called hyperlink auditing that allows sites to track link clicks is enabled by default on Safari, Chrome, Opera, and Microsoft Edge, but will soon have no way to disable it. As it is considered a privacy risk, browsers previously allowed you to disable this featur … | Continue reading
More than 540 million records of Facebook users were exposed by publicly accessible Amazon S3 buckets used by two third-party apps to store user data such as plain text app passwords, account names, user IDs, interests, relationship status, and more. | Continue reading
The extremely popular UC Browser and UC Browser Mini Android applications with a total of over 600 million installs expose their users to MiTM attacks by downloading and installing extra modules from their own servers using unprotected channels and bypassing Google Play's servers … | Continue reading
VirusTotal has quietly launched a new retro site this week that is designed for visitors using older browsers, who want a minimalist experience, or wish to feel the nostalgia of how it felt connecting to a console in the past. Due to its reduced page size, this new interface is a … | Continue reading
Security researcher Linus Henze demoed a zero-day macOS exploit impacting the Keychain password management system which can store passwords for applications, servers, and websites, as well as sensitive information related to banking accounts. | Continue reading
In numerous Mozilla bug tickets that were recently updated, Mozilla is getting closer to adding cryptomining and fingerprinting blocking to their Firefox browser. | Continue reading
An ethical hacker who discovered a security vulnerability in Magyar Telekom's IT systems during April 2018 is currently being investigated by the Hungarian Prosecution Service after the company filed a complaint and faces 8 years in prison, local Hungarian media reports. | Continue reading
Dailymotion on Friday announced that some accounts were the target of a credential stuffing attack. The video platform's security team discovered the unauthorized access attempts and stopped them.. | Continue reading
The Google Chrome team is working on shipping a Signed HTTP Exchanges (SXG) feature with a future Chrome release allowing the browser to load and navigate signed web documents designed to look as originating from a particular source, regardless of the server they're loaded from. | Continue reading
In future versions of Firefox, the browser will display recommended browser extensions that are related to the site that a user is visiting. These extension will provide extra functionality to the site such as enhancing search functions, protecting a user's privacy, or performing … | Continue reading
Potential attackers could view and change private information in flight bookings made by millions of customers of major international airlines because of a security issue in the Amadeus online booking system | Continue reading
Weaknesses in Epic Games' authentication process for the highly popular Fortnite left gamers' accounts exposed to take over risks. An attacker could have stolen login tokens by just tricking the victim into clicking a link. | Continue reading