New Azure Active Directory password brute-forcing flaw has no fix
Microsoft tells researchers it's "by design." Not like it's Patch Tuesday. Enlarge (credit: Michael Dziedzic) Imagine having unlimited attempts to guess someone's username and password without getting caught. That would make an ideal scenario.....»»
A hopper could explore more than 150 km of Triton"s surface in two years
Neptune's largest moon, Triton, is one of the most biologically interesting places in the solar system. Despite being hard to reach, it appears to have active volcanoes, a thin atmosphere, and even some organic molecules called tholins on its surface.....»»
Microsoft fixes 6 zero-days under active attack
August 2024 Patch Tuesday is here, and Microsoft has delivered fixes for 90 vulnerabilities, six of which have been exploited in the wild as zero-days, and four are publicly known. The zero-days under attack CVE-2024-38178 is a Scripting Engine Memor.....»»
35% of exposed API keys still active, posing major security risks
Nightfall AI’s research revealed that secrets like passwords and API keys were most often found in GitHub, with nearly 350 total secrets exposed per 100 employees every year. Hidden risks of secret sprawl in cloud and SaaS environments What’s.....»»
These exceptional Sony wireless headphones are over 40% off today
The Sony WH-1000XM4 wireless headphones with active noise cancellation and a 30-hour battery life are a steal at their discounted price of $198 from Amazon......»»
Apple forcing Patreon to use in-app purchase system or be removed from App Store
For years, Patreon has been exempt from Apple’s 30% App Store cut for reasons that weren’t entirely clear. But that era is about to end. The popular crowdfunding platform has announced to creators that supporters will need to start using Apple’.....»»
Millions of AMD chips are being ignored in major security flaw fix
A major security flaw impacting hundreds of millions of AMD CPUs is making the rounds, but AMD won't be patching all of the affected processors......»»
Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200)
A new MS Office zero-day vulnerability (CVE-2024-38200) can be exploited by attackers to grab users’ NTLM hashes, Microsoft has shared late last week. The vulnerability is exploitable remotely and requires no special privileges or user interact.....»»
Align or die: Revealing unknown mechanism essential for bacterial cell division
A previously unknown mechanism of active matter self-organization essential for bacterial cell division follows the motto "dying to align": Misaligned filaments "die" spontaneously to form a ring structure at the center of the dividing cell. The stud.....»»
Critical 1Password flaws may allow hackers to snatch your passwords (CVE-2024-42219, CVE-2024-42218)
Two vulnerabilities (CVE-2024-42219, CVE-2024-42218) affecting the macOS version of the popular 1Password password manager could allow malware to steal secrets stored in the software’s vaults and obtain the account unlock key, AgileBits has con.....»»
A critical security issue in 1Password for Mac left credentials vulnerable to attack
1Password has disclosed a now patched critical security flaw in its software that could give attackers access to users' unlock keys and credentials. Here's what to do to keep your data safe.1Password has disclosed a critical security flaw present in.....»»
These cheap wireless earbuds from Anker are down to $30 today
The Anker Soundcore P30i wireless earbuds with active noise cancellation are available from Amazon with a $20 discount, which drops their price to only $30......»»
Bose QuietComfort headphones are $100 off right now
The Bose QuietComfort wireless headphones with active noise cancellation and a 24-hour battery life are down to only $249 from Amazon after a $100 discount......»»
1Password 8 for Mac flaw allows attackers to steal credentials, here’s how to patch it
1Password has shared that its software for Mac has a vulnerability that exposes users to a potentially serious threat. Along with attackers being able to compromise credentials, the flaw can give bad actors access to your account unlock key. more.....»»
Forecasters still predict highly active Atlantic hurricane season in mid-season update
Federal forecasters are still predicting a highly active Atlantic hurricane season thanks to near-record sea surface temperatures and the possibility of La Niña, officials said Thursday......»»
Prompt injection attack on Apple Intelligence reveals a flaw, but is easy to fix
A prompt injection attack on Apple Intelligence reveals that it is fairly well protected from misuse, but the current beta version does have one security flaw which can be exploited. However, the issue would be very easy for the company to fix, so.....»»
Disney Plus password-sharing crackdown starts in September, for real this time
Disney’s plan to enforce a Disney Plus password-sharing crackdown feels like Marvel’s Blade reboot. Both were confirmed quite a while ago, but we keep seeing … The post Disney Plus password-sharing crackdown starts in September, for.....»»
Disney+ will finally start cracking down on password sharing next month
Disney+ is finally about to begin rolling out its password sharing crackdown “in earnest,” according to Disney CEO Bob Iger. This change has been a long time in the making, with Disney first detailing its plans one year ago. It comes after Netfli.....»»
Disney’s password-sharing crackdown goes big in September
Disney's CEO said the company would expand its crackdown on login sharing starting in September......»»
Roundcube flaws allow easy email account compromise (CVE-2024-42009, CVE-2024-42008)
Two cross-site scripting vulnerabilities (CVE-2024-42009, CVE-2024-42008) affecting Roundcube could be exploited by attackers to steal users’ emails and contacts, email password, and send emails from their account. About the vulnerabilities Rou.....»»
Proton Pass review: a privacy-first, open-source password manager
I reviewed Proton Pass, an open-source password manager with free and low-cost paid tiers that puts privacy first......»»