A new feature proposal for the Python programming language wants to add "transparency" to the runtime and let security and auditing tools view when Python may be running potentially dangerous operations. | Continue reading
The Z-Wave wireless communications protocol used for some IoT/smart devices is vulnerable to a downgrade attack that can allow a malicious party to intercept and tamper with traffic between smart devices. | Continue reading
As much as people enjoy their virtual assistants, sometimes they do things that are downright creepy. Such is the case for a family in Portland who discovered that Amazon Alexa recorded a conversation without permission and sent it to a random person in their contact list. | Continue reading
Two years after being ousted, a criminal operation that has been inserting malware in the firmware of low-cost Android devices is still up and running, and has even expanded its reach. | Continue reading
A new experimental, and may I dare say, creepy Chrome Extension called FacePause pauses a YouTube video when you look away from the screen. It does this by utilizing an API called FaceDetector that has been available in Chrome since version 56. | Continue reading
Mozilla is rolling out support for a two-step authentication process for Firefox Accounts, the credentials system that protects bookmarks, passwords, open tabs and other data synchronized between devices via the Firefox Sync feature. | Continue reading
BMW is working on firmware updates for some of its cars after researchers from the Tencent Keen Security Lab have discovered 14 flaws affecting high-profile car models such as BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series. | Continue reading
The Facebook Android app is asking for superuser permissions, and a bunch of users are freaking out about granting the Facebook app full access to their device, an understandable reaction following the fallout from the Cambridge Analytica privacy scandal. | Continue reading
Cisco released 16 security advisories yesterday, including alerts for three vulnerabilities rated "Critical" and which received a maximum of 10 out of 10 on the CVSSv3 severity score. | Continue reading
With the release of the April 2018 Update, the OpenSSH Client is now officially out of beta and is also installed by default in Windows 10. The OpenSSH Server for Windows is also out of beta, but still needs to be manually installed. | Continue reading
Dutch police have seized ten servers belonging to a bulletproof hosting provider known for harboring child pornography sites and command and control servers for DDoS botnets, cyber-espionage, malvertising, spam, and malware operations. | Continue reading
A study carried out at a college in the Philippines shows that students with better grades use bad passwords in the same proportion as students with bad ones. | Continue reading
Security researchers have found a security flaw in Electron, a software framework that has been used in the past half-decade for building a wealth of popular desktop applications. | Continue reading
With today's release of Windows 10 Insider Preview Build 17666, Microsoft added an updated Dark Theme for File Explorer that is for the most part usable. We first reported on the File Explorer Dark Theme back in April, but at that time it was an ugly mess. | Continue reading
Almost all major OS vendors released security patches yesterday after a researcher discovered that some OS makers have misinterpreted an Intel CPU debug feature and left their systems open to attacks. | Continue reading
Within days of Microsoft announcing that they are introducing custom JavaScript equations in Excel, a security researcher has developed a way to use this method to load the CoinHive in-browser JavaScript miner within Excel. | Continue reading
Barely a week has passed from the last attempt to hide a backdoor in a code library, and we have a new case today. This time around, the backdoor was found in a Python module, and not an npm (JavaScript) package. | Continue reading
At the Build 2018 developer conference that's taking place these days in Seattle, USA, Microsoft announced support for custom JavaScript functions in Excel. | Continue reading
The European Commission announced on Wednesday plans to cancel new registration and domain renewals for .eu domains owned by British citizens. EU citizens residing in the UK are also barred from registering or renewing domains. | Continue reading
Microsoft released a 948 page PDF titled the "Windows Command Reference" that contains documentation on over 250 Windows console commands. For each command, Microsoft has included a detailed description of the command, their command line arguments,.and for some commands, what ope … | Continue reading
A new service called GDPR Shield is making the rounds this week and for all the wrong reasons. The service, advertised as a piece of JavaScript that webmasters embed on their sites, blocks EU-based users from accessing a website, just so the parent company won't have to deal with … | Continue reading
Chinese cyberspies are evolving their tactics, focusing on IT staffers, relying more and more on spear-phishing instead of malware, and gathering code signing certificates from hacked software companies in the preparation of future supply-chain attacks. | Continue reading
The Node Package Manager (npm) team avoided a disaster today when it discovered and blocked the distribution of a cleverly hidden backdoor mechanism inside a popular —albeit deprecated— JavaScript package. | Continue reading
Link11, a DDoS mitigation firm, says that DDoS attacks fell 60% across Europe following the takedown of WebStresser, the largest DDoS-for-hire portal on the market. | Continue reading
For more than a week hackers have started scanning the Internet, searching for machines running Oracle WebLogic servers. Scans started after April 17, when Oracle published its quarterly Critical Patch Update (CPU) security advisory. | Continue reading
PDF files can be weaponized by malicious actors to steal Windows credentials (NTLM hashes) without any user interaction, and only by opening a file, according to Assaf Baharav, a security researcher with cyber-security Check Point. | Continue reading
A judge sentenced a Michigan man to 87 months —7 years 3 months— in prison for hacking into a county jail's computer system and modifying prisoner records in an attempt to get an inmate released early. | Continue reading
Microsoft announced today that the next Windows 10 feature update will be called "April 2018 Update" and will be released this Monday. With this update Microsoft is focusing on helping people making the most of their time by introducing new features that make it easier and faste … | Continue reading