Microsoft fixed yesterday a faulty Debian package that was messing with users' OS settings during its installation routine. The faulty package that was causing all the problems was Open R v3.5. Open R is an enhanced version of the R programming language maintained by Microsoft. | Continue reading
Barcelona-based online survey and form building service Typeform announced a data breach today after an unknown attacker downloaded a backup file containing sensitive customer information. | Continue reading
A team of academics has published research yesterday that describes three attacks against the mobile communication standard LTE (Long-Term Evolution), also known as 4G. | Continue reading
Thousands of iOS and Android mobile applications are exposing over 113 GBs of data via over 2,271 misconfigured Firebase databases, according to a report released this week by mobile security firm Appthority. | Continue reading
Exploit broker Zerodium is offering rewards of up to $500,000 for zero-days in UNIX-based operating systems like OpenBSD, FreeBSD, NetBSD, but also for Linux distros such as Ubuntu, CentOS, Debian, and Tails. | Continue reading
An unknown hacker has temporarily taken control over the GitHub account of the Gentoo Linux organization and embedded malicious code inside the operating system's distributions that would delete user files. | Continue reading
Starting yesterday, there have been numerous reports of people being infected with something called "All-Radio 4.27 Portable". After researching this heavily today, it has been determined that seeing this program is a symptom of a much bigger problem on your computer. | Continue reading
The number of satellites transmitting GPS locations, cellphone signals and other sensitive information has been rapidly increasing, which has resulted in the creation of favorable circumstances for hackers. Even with all the advances in satellite technology, much of the US milita … | Continue reading
For the past two days, secure email provider ProtonMail has been fighting off DDoS attacks that have visibly affected the company's services, causing short but frequent outages at regular intervals. | Continue reading
Hackers are exploiting a vulnerability in Cisco software to crash and/or retrieve information from affected devices. Cisco is aware of the issue and has warned customers last week, Friday, June 22. | Continue reading
Microsoft just released Windows 10 Insider Preview Build 17704 (Redstone 5) to Windows Insiders in the Fast and Skip Ahead Rings. Windows 10 Insider Preview Build 17704 comes with a huge amount of improvements and new features that include ones for Microsoft Edge, new Skype exper … | Continue reading
An infosec researcher who uses the online pseudonym of Capt. Meelo has modified an NSA hacking tool known as DoublePulsar to work on the Windows IoT operating system (formerly known as Windows Embedded). | Continue reading
The Senate Foreign Relations Committee voted today to advance bill H.R. 3776, the Cyber Diplomacy Act. This bill outlines the restoration of the State Department's Cyber Office under the new name of Office of Cyberspace and the Digital Economy and the reinstatement of a head of c … | Continue reading
Security researchers from RIPS disclosed today details about an unpatched security flaw impacting WordPress, the Internet's most popular content management system (CMS). | Continue reading
A new file type format added in Windows 10 can be abused for running malicious code on users' computers, according to Matt Nelson, a security researcher for SpecterOps. | Continue reading
The personal details and payment card data of guests from hundreds of hotels, if not more, have been stolen this month by an unknown attacker, Bleeping Computer has learned. | Continue reading
On Monday, the Wi-Fi Alliance, the organization that manages Wi-Fi technologies, announced the official release of WPA3. WPA3 is the latest version of Wi-Fi Protected Access (WPA), a user authentication technology for Wi-Fi connections. | Continue reading
Mozilla will release Firefox 61 later today. The new browser version includes new features, bugfixes, security fixes, and modifications to the Firefox UI. | Continue reading
Security researchers have found, on average, five security flaws in each cryptocurrency ICO (Initial Coin Offering) held last year. Only one ICO held in 2017 did not contain any critical flaws. | Continue reading
Upcoming additions to the WebAssembly standard may render useless some of the mitigations put up at the browser level against Meltdown and Spectre attacks, according to John Bergbom, a security researcher at Forcepoint. | Continue reading
The Reserve Bank of India (RBI), the country's s central banking authority, told local banks to update all ATMs still running Windows XP to a newer operating system by June 2019, or face regulatory sanctions. | Continue reading
Many brands of webcams, security cameras, pet and baby monitors, use a woefully insecure cloud-based remote control system that can allow hackers to take over devices by performing Internet scans, modifying the device ID parameter, and using a default password to gain control ove … | Continue reading
An Iowa man will go to prison for the next 20 years after he attempted to hijack an Internet domain at gunpoint, tased and shot the victim, and got shot back himself. | Continue reading
Cybercriminals are currently developing a new strain of malware targeting Android devices which blends the features of a banking trojan, keylogger, and mobile ransomware. | Continue reading
New versions of the SamSam ransomware will not execute unless the person running the malware's payload enters a special password via the command-line. | Continue reading
A weird Edge bug that was fixed earlier this month, allows a malicious website to retrieve content from other sites by playing audio files in a malformed manner that produces unintended consequences. | Continue reading
Apple's macOS surreptitiously creates and caches thumbnails for images and other file types stored on password-protected / encrypted containers (hard drives, partitions), according to Wojciech Reguła and Patrick Wardle, two macOS security experts. | Continue reading
Security researchers from Romania-based antivirus vendor Bitdefender say they've discovered a new adware strain named Zacinlo that uses a rootkit component to gain persistence across OS reinstalls, a rootkit component that's even effective against Windows 10 installations. | Continue reading
An expert in Android security is warning users that some developers of crappy Android apps have come up with a new trick for fooling users into installing their apps. | Continue reading
Kaspersky Lab announced it was temporarily halting its cooperation with Europol following the voting of a controversial motion in the European Parliament today. | Continue reading
The Docker team has pulled 17 Docker container images that have been backdoored and used to install reverse shells and cryptocurrency miners on users' servers for the past year. | Continue reading
Gal Vallerius, a 36-year-old French national pleaded guilty this week in the US of selling narcotics on the Dark Web under the nickname of OxyMonster. | Continue reading
Over 43 million email addresses have leaked from the command and control server of a spam botnet, a security researcher has told Bleeping Computer today. | Continue reading
In a plenary session of the European Parliament that will be held today in Strasbourg, France, members of the European Parliament (MEPs) will vote on a motion for resolution which includes a clause to ban the use of software programs "that have been confirmed as malicious, such a … | Continue reading
The Slovak National Security Office (NBU) has identified ten malicious Python libraries uploaded on PyPI — Python Package Index — the official third-party software repository for the Python programming language. | Continue reading
The VPNFilter malware that infected over 500,000 routers and NAS devices across 54 countries during the past few months is much worse than previously thought. | Continue reading
Microsoft has recently published an interesting open source project called "PQCrypto-VPN" that implements post-quantum cryptography (PQC) with OpenVPN. This project is being developed by the Microsoft Research Security and Cryptography group as part of their research into post-qu … | Continue reading
Mobile app developers are going through the same growing pains that the webdev scene has gone through in the 90s and 2000s when improper input validation led to many security incidents. | Continue reading
Some of the recent additions to the Cascading Style Sheets (CSS) web standard are so powerful that a security researcher has abused them to deanonymize visitors to a demo site and reveal their Facebook usernames, avatars, and if they liked a particular web page of Facebook. | Continue reading
As if Ben and Jerry's, beautiful landscape, and legalized marijuana wasn't enough of an incentive, Vermont has passed legislation called the "New Remote Worker Grant Program" that will pay a remote worker's expenses if they move to Vermont. | Continue reading
Some of the recent additions to the Cascading Style Sheets (CSS) web standard are so powerful that a security researcher has abused them to deanonymize visitors to a demo site and reveal their Facebook usernames, avatars, and if they liked a particular web page of Facebook. | Continue reading
The developers behind Git and various companies providing Git repository hosting services have pushed out a fix to patch a dangerous vulnerability in the Git source code versioning software. | Continue reading
A 23-year-old Canadian man who hacked into Yahoo and Gmail accounts on behalf of Russian Secret Service (FSB) agents was sentenced to five years in prison and a fine of $250,000. | Continue reading
Four researchers from the Fraunhofer Institute for Applied and Integrated Safety in Munich, Germany have published a research paper this week detailing a method of recovering data that is normally encrypted by AMD's Secure Encrypted Virtualization (SEV), a safety mechanism design … | Continue reading
A new feature proposal for the Python programming language wants to add "transparency" to the runtime and let security and auditing tools view when Python may be running potentially dangerous operations. | Continue reading
The Z-Wave wireless communications protocol used for some IoT/smart devices is vulnerable to a downgrade attack that can allow a malicious party to intercept and tamper with traffic between smart devices. | Continue reading
As much as people enjoy their virtual assistants, sometimes they do things that are downright creepy. Such is the case for a family in Portland who discovered that Amazon Alexa recorded a conversation without permission and sent it to a random person in their contact list. | Continue reading