Latest Security news

New Google Chrome feature blocks attacks against home networks

Google is testing a new feature to prevent malicious public websites from pivoting through a user's browser to attack devices and services on internal, private networks.
- Mayank Parmar
- February 17, 2024
- 10:07 AM
- 6
Over 5,300 GitLab servers exposed to zero-click account takeover attacks

Over 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month.
- Bill Toulas
- January 24, 2024
- 12:55 PM
- 3
Court charges dev with hacking after cybersecurity issue disclosure

A German court has charged a programmer investigating an IT problem with hacking and fined them €3,000 ($3,265) for what it deemed was unauthorized access to external computer systems and spying on data.
- Bill Toulas
- January 20, 2024
- 11:17 AM
- 3
LastPass now requires 12-character master passwords for better security

LastPass notified customers today that they are now required to use complex master passwords with a minimum of 12 characters to increase their accounts' security.
- Sergiu Gatlan
- January 03, 2024
- 12:11 PM
- 3
LogoFAIL attack can install UEFI bootkits through bootup logos

Multiple security vulnerabilities collectively named LogoFAIL affect image-parsing components in the UEFI code from various vendors. Researchers warn that they could be exploited to hijack the execution flow of the booting process and to deliver bootkits.
- Bill Toulas
- November 30, 2023
- 10:08 PM
- 0
Tor Project removes relays because of for-profit, risky activity

The Tor Project has explained its recent decision to remove multiple network relays that represented a threat to the safety and security of all Tor network users.
- Bill Toulas
- November 20, 2023
- 08:06 PM
- 1
Samsung Galaxy gets new Auto Blocker anti-malware feature

Samsung has unveiled a new security feature called 'Auto Blocker' as part of the One UI 6 update, offering enhanced malware protection on Galaxy devices.
- Bill Toulas
- October 31, 2023
- 12:20 PM
- 1
Amazon to make MFA mandatory for 'root' AWS accounts by mid-2024

Amazon will require all privileged AWS (Amazon Web Services) accounts to use multi-factor authentication (MFA) for stronger protection against account hijacks leading to data breaches, starting in mid-2024.
- Bill Toulas
- October 05, 2023
- 01:06 PM
- 2
Researchers warn of 100,000 industrial control systems exposed online

About 100,000 industrial control systems (ICS) were found on the public web, exposed to attackers probing them for vulnerabilities and at risk of unauthorized access. Among them are power grids, traffic light systems, security and water systems.
- Bill Toulas
- October 04, 2023
- 01:35 PM
- 0
Google extends security update support for Chromebooks to 10 years

Google has announced the Auto Update Expiration (AUE) date will be extended from 5 years to 10 for all Chromebooks, guaranteeing a decade of monthly security updates.
- Bill Toulas
- September 15, 2023
- 12:05 PM
- 1
Major U.S. energy org targeted in QR code phishing attack

A phishing campaign was observed predominantly targeting a notable energy company in the US, employing QR codes to slip malicious emails into inboxes and bypass security.
- Bill Toulas
- August 16, 2023
- 10:16 AM
- 1
Hackers increasingly abuse Cloudflare Tunnels for stealthy connections

Hackers are increasingly abusing the legitimate Cloudflare Tunnels feature to create stealthy HTTPS connections from compromised devices, bypass firewalls, and maintain long-term persistence.
- Bill Toulas
- August 07, 2023
- 04:03 PM
- 0
Retail chain Hot Topic discloses wave of credential-stuffing attacks

American apparel retailer Hot Topic is notifying customers about multiple cyberattacks between February 7 and June 21 that resulted in exposing sensitive information to hackers.
- Bill Toulas
- August 01, 2023
- 11:02 AM
- 0
Canon warns of Wi-Fi security risks when discarding inkjet printers

Canon is warning users of home, office, and large format inkjet printers that their Wi-Fi connection settings stored in the devices' memories are not wiped, as they should, during initialization, allowing others to gain access to the data.
- Bill Toulas
- July 31, 2023
- 12:51 PM
- 0
Google: Android patch gap makes n-days as dangerous as zero-days

Google has published its annual 0-day vulnerability report, presenting in-the-wild exploitation stats from 2022 and highlighting a long-standing problem in the Android platform that elevates the value and use of disclosed flaws for extended periods.
- Bill Toulas
- July 30, 2023
- 10:16 AM
- 2
WordPress Ninja Forms plugin flaw lets hackers steal submitted data

Popular WordPress form-building plugin Ninja Forms contains three vulnerabilities that could allow attackers to achieve privilege escalation and steal user data.
- Bill Toulas
- July 27, 2023
- 01:00 PM
- 3
Android July security updates fix three actively exploited bugs

Google has released the monthly security updates for Android operating system, which comes with fixes for 46 vulnerabilities. Three of the issues are likely actively exploited in the wild.
- Bill Toulas
- July 06, 2023
- 05:44 AM
- 0
Over 130,000 solar energy monitoring systems exposed online

Security researchers are warning that tens of thousands of photovoltaic (PV) monitoring and diagnostic systems are reachable over the public web, making them potential targets for hackers.
- Bill Toulas
- July 06, 2023
- 05:04 AM
- 1
New Python tool checks NPM packages for manifest confusion issues

A security researcher and system administrator has developed a tool that can help users check for manifest mismatches in packages from the NPM JavaScript software registry.
- Bill Toulas
- July 04, 2023
- 07:01 AM
- 0
Google Chrome password manager gets new safeguards for your credentials

Google Chrome is getting new security-enhancing features for the built-in Password Manager, making it easier for users to manage their passwords and stay safe from account hijacking attacks.
- Bill Toulas
- June 08, 2023
- 12:00 PM
- 0