There’s a lot Microsoft needs to further polish in Windows 11, and without a doubt, the company is fully aware of most problems, especially given all the buzz created on social media after the rollout of the new operating system. But some of the features missing from Windows 11 don’t make any sense, and the drag show more ...
Windows 11 comes with a redesigned Paint app which, as you could easily guess, comes with an overhauled interface that aligns it with the rest of the operating system. While the highly anticipated dark mode hasn’t been enabled just yet, it looks like the new Paint does come with something that you won’t be able to show more ...
Google has theoretically announced the Android 12 update already, though the new operating system isn’t yet available for Pixel smartphones. But this doesn’t necessarily mean that the world isn’t getting ready for Android 12, and phone makers out there are one by one trying to make sure their devices would run show more ...
Microsoft has already announced the Surface Duo 2 last month as part of a dedicated Surface hardware event, and the device is now expected to begin shipping on October 20. But as it turns out, the company has started charging the pre-orders for the new Surface Duo model, possibly as it’s getting ready to start show more ...
Microsoft has recently acknowledged a trio of new Windows 11 bugs, though this time, the company hasn’t enabled a new safeguard hold, which means that potentially affected devices would still get the new operating system once it becomes available. Previously, whenever the software giant came across critical bugs show more ...
Microsoft rolled out the very first Windows 11 cumulative update earlier this week, and given it was part of the Patch Tuesday rollout, it obviously included several critical fixes for devices out there. As many people know already, Windows 11 comes with updated system requirements, which means that some devices are show more ...
During the latest Patch Tuesday, Microsoft closed a total of 71 vulnerabilities. The most dangerous of them is CVE-2021-40449, a use-after-free vulnerability in the Win32k driver that cybercriminals are already exploiting. In addition to that, Microsoft closed three serious vulnerabilities already known to the public. show more ...
We kick off the Transatlantic Cable podcast this week with the recent Twitch data breach. Details are still scarce, but the topic is on the collective lips of the infosec community. From there, Jeff, Ahmed, and Dave move on to Facebook’s decision to crack down on its marketplace sales of Amazonian rainforest show more ...
On Wednesday, the St. Louis Post-Dispatch ran a story about how its staff discovered and reported a security vulnerability in a Missouri state education website that exposed the Social Security numbers of 100,000 elementary and secondary teachers. In a press conference this morning, Missouri Gov. Mike Parson (R) said show more ...
BlueVoyant released the findings of its survey on third-party cyber risk management, showing that 97% firms have been negatively impacted by a cybersecurity breach that occurred in their supply chain.
A cybersecurity incident has crippled activities at Meliá Hotels International, one of the largest hotel chains in the world. Several Spanish news outlets reported the incident as a ransomware attack.
The Series B round was led by Volition Capital, with participation from existing investors Moore Strategic Ventures, LLC (MSV), Glasswing Ventures, and Data Point Capital.
Researchers who report security flaws in Power Platform can now earn up to $20,000 in bounty rewards for severe flaws, as part of the recently rebranded Dynamics 365 and Power Platform Bounty Program.
A growing number of Visible subscribers are discovering someone else has purchased a brand new phone using their account. Visible confirmed that some customer accounts were breached.
Years of malicious activities have finally put ransomware gangs at the top-tier of cybercrimes. While some gangs were forced to shut down or rebrand, new gangs kept popping up.
Findings from a new report show basic practices for securing data, protecting identity and sharing information are lacking despite increased threats and heightened concern over cybercrime.
The bots are used to automatically call targets as a part of a phishing scam and lure them to giving up their OTP codes. Other bots are targeting social media users in SIM swapping and phishing attempts.
Security vendor Imperva’s research labs have found a browser extension that claims to block ads, but actually injects them into Chrome or Opera. The extension is named as AllBlock.
A recent phishing campaign targeting Coinbase users shows that cybercriminals are getting smarter about phishing one-time passwords (OTPs) needed to complete the login process.
Shift5 raised $20 million in Series A funding led by 645 Ventures to provide enhanced cybersecurity and operational intelligence for today’s commercial fleet operators and military platforms.
The PDF file attached with the phishing mail has the subject “Terrorists behind JK Attack gunned down in Mumbai”. To make it appear legitimate, the subject line claims “Intelligence Inputs.”
In recent months, the threat group that IBM X-Force tracks as ITG23, aka Trickbot or Wizard Spider, has expanded the number and variety of channels it uses to distribute its key initial payloads.
Apple on Wednesday published a 30-page threat analysis report in an effort to show why allowing sideloading on iOS would pose serious privacy and security risks to iPhone users.
The scammers are claiming to offer up free versions of the incredibly popular Among Us game. However, they also claim to have special hacked versions up for grabs that allow players to cheat.
The malware, dubbed Yanluowang ransomware (after a Chinese deity Yanluo Wang, one of the ten kings of hell) based on the extension it adds to encrypted files on compromised systems.
Thingiverse, a site for sharing user-created digital design files, has reportedly leaked a 36GB backup file that contains 228,000 unique email addresses and other personally identifiable information.
Ever since its re-emergence following the major takedown in 2020, the operators have released new and more persistent versions of the malware to claim successful attacks on victims.
Towards the end of September 2021, researchers at Juniper Threat Labs observed new activity from FreakOut aka 3Cr0m0rPh that resulted in the takeover of Visual Tools DVR.
While Acer didn't provide details regarding the attackers' identity behind this incident, a threat actor has already claimed on a hacker forum to have stolen more than 60GB of files.
Israel’s National Cyber Directorate (INCD) is urging organizations across the country to bolster their cyber defenses following a disruptive ransomware attack against a hospital in Israel’s northwest.
Intel released two advisories to fix privilege escalation and information disclosure vulnerabilities in the SGX software development kit and Hardware Accelerated Execution Manager software products.
As per a new report, every tested FHIR app enabled API access to health records belonging to other individuals. And over 60% of the tested apps and APIs had flaws that enabled unauthorized access.
The new injection of capital came from ION Crossover Partners, which joins Series D investors Icon Ventures, Lightspeed Venture Partners, Acrew Capital, Khosla Ventures, and M12, and others.
Vulnerabilities in the Brizy Page Builder plugin for WordPress sites could be chained together to allow attackers to completely take over a website, according to researchers.
WebKit suffers from a heap use-after-free vulnerability in DOMWindow::open.
WebKit suffers from a heap use-after-free vulnerability in EventHandler::keyEvent.
WebKit suffers from a heap use-after-free vulnerability in PointerCaptureController::processPendingPointerCapture.
Yellowfin versions prior to 9.6.1 suffer from persistent cross site scripting and insecure direct object reference vulnerabilities.
IFSC Code Finder Project version 1.0 suffers from a remote SQL injection vulnerability.
Red Hat Security Advisory 2021-3856-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include a server-side request forgery vulnerability.
TextPattern CMS version 4.8.7 suffers from an authenticated remote shell upload vulnerability.
Red Hat Security Advisory 2021-3851-01 - Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and show more ...
SolarWinds Kiwi CatTools version 3.11.8 suffers from an unquoted service path vulnerability.
Whitepaper that gives an overview on brute-forcing login and bypassing account lockout on elabFTW version 1.8.5.
Google's Threat Analysis Group (TAG) on Thursday said it's tracking more than 270 government-backed threat actors from more than 50 countries, adding it has approximately sent 50,000 alerts of state-sponsored phishing or malware attempts to customers since the start of 2021. The warnings mark a 33% increase from 2020, the internet giant said, with the spike largely stemming from "blocking an
Cloud security is the umbrella that holds within it: IaaS, PaaS and SaaS. Gartner created the SaaS Security Posture Management (SSPM) category for solutions that continuously assess security risk and manage the SaaS applications’ security posture. With enterprises having 1,000 or more employees relying on dozens to hundreds of apps, the need for deep visibility and remediation for SaaS security
Multiple security vulnerabilities have been disclosed in softphone software from Linphone and MicroSIP that could be exploited by an unauthenticated remote adversary to crash the client and even extract sensitive information like password hashes by simply making a malicious call. The vulnerabilities, which were discovered by Moritz Abrell of German pen-testing firm SySS GmbH, have since been
As many as 130 different ransomware families have been found to be active in 2020 and the first half of 2021, with Israel, South Korea, Vietnam, China, Singapore, India, Kazakhstan, Philippines, Iran, and the U.K. emerging as the most affected territories, a comprehensive analysis of 80 million ransomware-related samples has revealed. Google's cybersecurity arm VirusTotal attributed a
A large-scale unauthenticated scraping of publicly available and non-secured endpoints from older versions of Prometheus event monitoring and alerting solution could be leveraged to inadvertently leak sensitive information, according to the latest research. "Due to the fact that authentication and encryption support is relatively new, many organizations that use Prometheus haven't yet enabled
A married couple are accused of selling nuclear sub secrets, Facebook continues to make young lives a misery, and a school hacker lets loose one heck of a prank. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
VirusTotal's first Ransomware Activity Report reveals that it received ransomware submissions from 140 different countries around the world, and discovered at least 130 different ransomware families had been active since January 2020. Read more in my article on the Tripwire State of Security blog.
