Serious vulnerabilities in Matrix’s end-to-end encryption are being patched
Previously overlooked flaws allow malicious homeservers to decrypt and spoof messages. Enlarge (credit: matrix.org) Developers of the open source Matrix messenger protocol are releasing an update on Thursday to fix critical en.....»»
Data breach costs hit new high, so make sure your business is patched
Affected businesses keep making the same mistakes, report claims......»»
Zyxel users still getting hacked by DDoS botnet emerge as public nuisance No. 1
12 weeks after critical vulnerability was patched, devices are still being wrangled. Enlarge (credit: Aurich Lawson / Ars Technica) Organizations that have yet to patch a 9.8-severity vulnerability in network devices ma.....»»
Google wants to bring end-to-end encryption to cross-platform messaging
Google has revealed their plans to incorporate end-to-end encryption in its messaging service that will support cross-platforms. A lot of messenger services these days support end-to-end encryption. The only problem is that it requires th.....»»
Apple adds a new security section to its enterprise site
Apple has added a brand new section to its enterprise website to promote its built-in security efforts like encryption, FileVault, and much more.Apple PasskeyApple's enterprise website, part of the "Apple at Work" initiative, has been around for a st.....»»
Firmware vulnerabilities in millions of computers could give hackers superuser status
BMCs give near-total control over entire fleets of servers. What happens when they're hacked? Enlarge (credit: Getty Images) Two years ago, ransomware crooks breached hardware-maker Gigabyte and dumped more than 112 giga.....»»
Apple says it would remove iMessage and FaceTime in the UK rather than break end-to-end encryption
Facing possible legislation that would require messaging services to offer backdoors in end-to-end encryption, Apple is saying it would rather remove apps like iMessage and FaceTime entirely from the UK market (via BBC News). The new Online Safety B.....»»
Apple threatens to kill iMessage & FaceTime in UK if controversial law passes
Apple is refusing to compromise iPhone and Mac security, and will cut off FaceTime and iMessage in the UK should the new Online Safety Bill challenging end-to-end encryption is passed as it stands.UK Houses of ParliamentApple made its position clear.....»»
Citrix NetScaler zero-day exploited in the wild, patch is available (CVE-2023-3519)
Citrix has patched three vulnerabilities (CVE-2023-3519, CVE-2023-3466, CVE-2023-3467) in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway), one of which is a zero-day being exploited by attackers. A zero-day patched.....»»
Exploited 0-days, an incomplete fix, and a botched disclosure: Infosec snafu reigns
The exploited code-execution flaws are the kind coveted by ransomware and nation-state hackers. Enlarge (credit: Getty Images) Organizations big and small are once again scrambling to patch critical vulnerabilities that.....»»
Adobe ColdFusion vulnerabilities exploited to deliver web shells (CVE-2023-29298, CVE-2023-38203)
Attackers are exploiting two Adobe ColdFusion vulnerabilities (CVE-2023-29298, CVE-2023-38203) to breach servers and install web shells to enable persistent access and allow remote control of the system, according to Rapid7 researchers. Flaws with in.....»»
Same code, different ransomware? Leaks kick-start myriad of new variants
Threat landscape trends demonstrate the impressive flexibility of cybercriminals as they continually seek out fresh methods of attack, including exploiting vulnerabilities, gaining unauthorized access, compromising sensitive information, and defraudi.....»»
Intel says it has now patched all its buggy Sapphire Rapids chips
Intel took some Sapphire Rapids chips off the shelves while it worked on a bug fix affecting non-commercially available software......»»
Owncast, EaseProbe security vulnerabilities revealed
Oxeye has uncovered two critical security vulnerabilities and recommends immediate action to mitigate risk. The vulnerabilities were discovered in Owncast (CVE-2023-3188) and EaseProbe (CVE-2023-33967), two open-source platforms written in Go. Owncas.....»»
Apple pushes out emergency fix for actively exploited zero-day (CVE-2023-37450)
Apple has patched an actively exploited zero-day vulnerability (CVE-2023-37450) by releasing Rapid Security Response updates for iPhones, iPads and Macs running the latest versions of its operating systems. The vulnerability has also been fixed with.....»»
E2E encryption: Should big tech be able to read people"s messages?
Who will win in the years-long stalemate between governments and big tech around super-secure messaging?.....»»
These Samsung phone flaws have been exploited by spyware
Top US security agency adds more Samsung mobile vulnerabilities to its catalog, with some already exploited......»»
Nokod Security raises $8 million to enhance low-code/no-code app security
Nokod Security announced its $8 million seed round, which will be used to establish a presence in the United States market, as well as to expand the R&D teams and support novel research of security vulnerabilities in the low-code/no-code domain. Fund.....»»
Turning A Truck Into A Giant Dot Matrix Printer
When Ryder set his mind to creating a massive dot matrix printer, he also decided that it would be awesome to drive it. Now he has a truck that can write on the road as it drives. The idea here is relatively simple. A bit of water on the road create.....»»
Apple urges UK to rethink anti-encryption Online Safety Bill
Apple has denounced the UK's Online Safety Bill's kneecapping of end-to-end encryption as a "serious threat" to citizens, and is trying to make the UK government think twice about the changes.UK Houses of ParliamentThe Online Safety Bill is being con.....»»
A Grid Collapse Would Make a Heat Wave Far Deadlier
Climate change is making summers hotter, blackouts more common, and heat-related illness more dangerous. The power system may be resilient—but it still has vulnerabilities......»»