Serious vulnerabilities in Matrix’s end-to-end encryption are being patched
Previously overlooked flaws allow malicious homeservers to decrypt and spoof messages. Enlarge (credit: matrix.org) Developers of the open source Matrix messenger protocol are releasing an update on Thursday to fix critical en.....»»
Public sector apps show higher rates of security flaws
Applications developed by public sector organizations tend to have more security flaws than applications created by the private sector, according to Veracode. The findings are notable because increased numbers of flaws and vulnerabilities in applicat.....»»
NinjaOne Patch Management enhancements mitigate security vulnerabilities
NinjaOne announced enhancements to NinjaOne Patch Management, delivering the latest automated patching solutions to maintain business operations and keep organizations secure. Patching is a tedious, time-consuming task but also a critical step to sec.....»»
Players replace Tears of the Kingdom’s patched-out item-dupe glitches
Please, Nintendo, just leave them alone this time. A guide for watching "memories" to perfectly time a new item-duplication glitch. It has been only a week since Nintendo removed a number of popular The Legend of Zelda: Tears of the.....»»
Zyxel firewalls under attack by Mirai-like botnet
CVE-2023-28771, the critical command injection vulnerability affecting many Zyxel firewalls, is being actively exploited by a Mirai-like botnet, and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. About CVE-2023-28771 CV.....»»
Russia claims Apple is helping US spy on thousands of iPhone users
Russia says that the National Security Agency (NSA) has been spying on Russian officials and civilians using iPhone backdoor vulnerabilities created for the US by Apple.Moscow, RussiaThe NSA has previously tried to get public opinion on its side as i.....»»
Research is the first to unlock the secret of microbial slime
The slimy outer layer of fungi and bacteria known as the "extracellular matrix," or ECM, has the consistency of jelly and acts as a protective and envelope layer. But, according to a recent study in the journal iScience, led by the University of Mass.....»»
Slack facing widespread protests to introduce end-to-end encryption
Over 90 organizations are urging Slack to introduce end-to-end encryption and other privacy-focused tools......»»
Zyxel patches vulnerability in NAS devices (CVE-2023-27988)
Zyxel has patched a high-severity authenticated command injection vulnerability (CVE-2023-27988) in some of its network attached storage (NAS) devices aimed at home users. About the vulnerability (CVE-2023-27988) The vulnerability was discovered in t.....»»
Critical Barracuda 0-day was used to backdoor networks for 8 months
Attackers then went on to steal data from infected systems. Enlarge (credit: Getty Images) A critical vulnerability patched 10 days ago in widely used email software from IT security company Barracuda Networks has been u.....»»
Microsoft found a macOS exploit that could completely bypass System Integrity Protection
Microsoft identified a new macOS vulnerability called "Migraine" that can cause headaches for Mac users — but only if you haven't updated your software recently.Apple patched macOS "Migraine" exploitOn May 30, Microsoft published a new threat intel.....»»
CISO-approved strategies for software supply chain security
Integrating proprietary and open-source code, APIs, user interfaces, application behavior, and deployment workflows creates an intricate composition in modern applications. Any vulnerabilities within this software supply chain can jeopardize your and.....»»
Fresh perspectives needed to manage growing vulnerabilities
In its inaugural 2023 Offensive Security Vision Report, NetSPI unveils findings that highlight vulnerability trends across applications, cloud, and networks. Vulnerability patterns The report offers a look back — and forward — at some of the most.....»»
12 vulnerabilities newly associated with ransomware
In March 2023, the total number of breaches reported was higher than those reported in the previous three years combined, according to Ivanti. Ransomware groups are continuously weaponizing vulnerabilities and adding them to their arsenal to mount cr.....»»
Proton’s new Family plan is tempting me to spend even more on encryption
I recently told you I was tempted to switch my password manager from 1Password to Proton Pass, a newly announced service from the Swiss software … The post Proton’s new Family plan is tempting me to spend even more on encryption appeared.....»»
Minister attacks Meta boss over Facebook message encryption plan
Minister Tom Tugendhat criticises Mark Zuckerberg over Facebook's extension of message encryption......»»
Red Hat Trusted Software Supply Chain enhances an organization’s resilience to vulnerabilities
Red Hat announced Red Hat Trusted Software Supply Chain, a comprehensive solution that enhances resilience to software supply chain vulnerabilities. As part of this solution, two new cloud services, Red Hat Trusted Application Pipeline and Red Hat Tr.....»»
Vaultree unveils Fully Functional Data-In-Use Encryption solution for the healthcare sector
Vaultree announces a major leap forward in healthcare data protection, bringing its Fully Functional Data-In-Use Encryption solution to the sector. Coupled with a groundbreaking software development kit and encrypted chat tool, Vaultree’s techn.....»»
Spain seeks to ban encryption, leaked document reveals
Majority of EU leaders express support for the Chat Control bill which proposes to weaken encryption on online safety grounds......»»
Apple security fix didn’t address root cause – now corrected in iOS 16.5
An Apple security fix in iOS 15.6.1 back in August of last year was said to close two major security vulnerabilities, one of which could have allowed a rogue app to execute arbitrary code with kernel privileges (aka do Very Bad Things). But it’s n.....»»
Zerto Cyber Resilience Vault allows users to monitor for encryption-based anomalies
Zerto launched a new real-time encryption detection mechanism and air-gapped recovery vault for enhanced hybrid cloud protection and security against cyber threats. These new features are part of Zerto 10, which includes advanced detection mechanisms.....»»