Microsoft has released an out-of-band security update that fixes an actively exploited vulnerability in Internet Explorer.  This vulnerability has been assigned ID CVE-2018-8653 and was discovered by Google's Threat Analysis Group when they saw the vulnerability being used in tar … | Continue reading

If certain crooks have some sort of moral compass that keeps them away from certain victims, others ditch such boundaries for the right amount of money. A perpetrator from the latter category was able to fool the charitable organization Save the Children into misdirecting close t … | Continue reading

Information belonging to more than 66 million individuals was discovered in an unprotected database, within anyone's reach, if they knew where to look on the web. The records look like scraped data from LinkedIn profiles. | Continue reading

When the United Kingdom's National Cyber Security Center (NCSC) performs operational tasks, they may find technology vulnerabilities. When they find these vulnerabilities, they go through a decision making process called the "Equities Process" that determines what they will do wi … | Continue reading

iOS fitness apps were discovered that ask you to provide a fingerprint to continue or access your data, but instead pop up a subscription screen that automatically charges a saved credit card for over $100 USD. | Continue reading

When users have been installing Sennheiser's HeadSetup software, little did they know that they were also installing a root certificate into the Trusted Root CA Certificate store.  To make matters worse, the software was also installing an encrypted version of the certificate's p … | Continue reading

Memory modules with error-correcting code (ECC) protection are vulnerable to Rowhammer, an attack that can help corrupt data the computer stores in its volatile memory chips. | Continue reading

When Dropbox hired a security firm to perform a Red Team cyber attack simulation on their services, little did they know that they would discover zero day vulnerabilities in Apple products that could affect much more than Dropbox. | Continue reading

A person or group claiming to have hacked ProtonMail and stolen "significant" amounts of data has posted a lengthy ransom demand with some wild claims to an anonymous Pastebin. ProtonMail states it's complete BS. | Continue reading

iPhone X, Samsung Galaxy S9, and Xiaomi Mi6 all fell at the hands of hackers that found bugs in various components and crafted exploits that allowed complete take over of the targeted device. | Continue reading

Several router models from D-Link are vulnerable to three security bugs that could help an attacker get full control over them. | Continue reading

Services from Google on Monday became unavailable for up to two hours as user traffic followed a tortuous path through operators in Russia and Nigeria before hitting the Great Firewall of China. | Continue reading

This past April, Cloudflare and APNIC released a new 1.1.1.1 public DNS resolver service whose goal was not only to make looking up Internet addresses faster, but also make them more private. Today, Cloudflare has released a 1.1.1.1 app for Android and iOS to easily bring these s … | Continue reading

Popular drone maker DJI exposed user accounts to unauthorized access along with information that passes through the vendor's digital infrastructure; this includes flight logs, videos and images captured by the devices, live camera and microphone feed, and map. | Continue reading

Windows 10 19H1 preview build 18277 is now rolling out to the Insiders in the Fast and Skip Ahead Ring with some notable improvements. This test build improves Focus Assist feature, Action Center, introduces new Emojis and more. | Continue reading

A Russian vulnerability researcher and exploit developer has published detailed information about a zero-day vulnerability in VirtualBox. His explanations include step-by-step instructions for exploiting the bug. | Continue reading

Reports have been coming in the for the past 2 hours that AOL Mail is down. It is not currently known what is causing the outage, but the AOL Customer Support Twitter account has stated tht the company is looking into issues with both AOL and Yahoo. | Continue reading

Unknown attackers have exploited a vulnerability in software running on security hardware products from Cisco that could trigger a restart of the affected devices, the equivalent of a denial-of-service (DoS) condition. | Continue reading

A malware similar in nature to Stuxnet but more aggressive and sophisticated allegedly hit the infrastructure and strategic networks in Iran. | Continue reading

The Emotet malware is typically used as a banking trojan and more recently for distributing other malware, but has now become more versatile via a module that allows it to steal a victim's actual emails going back six months. | Continue reading

As the US midterm elections close in, the underground markets appear to be flush with voter databases available for affordable prices. | Continue reading

The Dashlane password management company has released research showing that the majority of the top 30 consumer sites do not offer a complete range of two factor authentication (2FA) options for login authentication. Of the top 30 sites, only 8 offered all of the tested for 2FA o … | Continue reading

As the infosec community talked about potential cyber attacks leveraging vulnerabilities in antivirus products, Microsoft took notes and started to work on a solution. The company announced that its Windows Defender can run in a sandbox. | Continue reading

A vulnerability that is trivial to exploit allows privilege escalation to root level on Linux and BSD distributions using X.Org server, the open source implementation of the X Window System that offers the graphical environment. | Continue reading