Tavis Ormandy, a prolific member of Google's Project Zero initiative, revealed that he discovered a new security issue in LastPass 4.1.42 (and maybe earlier). Ormandy revealed that he discovered an exploit, but did not reveal it. Project Zero discoveries are reported to the companies who produce the affected products. The companies have 90 days to […]
Computer security has always been important, but the rise of the Internet and the global Internet community have made it more pressing than ever. New threats have emerged with the Internet, including phishing attacks that spread via email, computer worms that replicate over the Internet, a new bread of trojans that take over a computer to include it in a bot network that is used for malicious activities, and spam and viruses are all threats that Internet users encounter these days.
We cover security updates when they are released for major software including Microsoft Windows, plugins like Java or Adobe Flash, and web browsers like Google Chrome or Firefox. In addition, we are also reporting about services, online and offline, that help you protect your systems against security threats, and post tutorials that explain how to recover a system when it has been successfully attacked.
The tenth anniversary of the Pwn2Own gathering of hackers, Pwn2Own 2017, saw eleven teams attempt to exploit products across four categories. The products that teams were allowed to target this year included operating systems and web browsers, but also the new product categories Enterprise applications and server-side. Programs like Adobe Reader, and Apache Web Server, […]
Security researchers of the Fraunhofer Institute found severe security issues in nine password managers for Android that they analyzed as part of their research. Password managers are a popular option when it comes to storing authentication information. All promise secure storage either locally or remotely, and some may add other features to the mix such […]
CloudBleed is the unofficial name for a security issue discovered on February 17th, 2017 that affected CloudFlare's reverse proxies. CloudFlare is a large provider that is used by more than 5.5 million Internet properties according to the company's website. It offers CDN and DDOS protection, optimization technologies for websites, dedicated SSL and a lot more. […]
Google disclosed a security vulnerability in Microsoft Edge and Internet Explorer yesterday that Microsoft failed to patch up until now. This is the second vulnerability that Google disclosed this mean. Last week, the company disclosed a Windows vulnerability that affected the gdi32.dll dynamic link library in Windows. The new vulnerability that Google disclosed yesterday affects […]
Google Project Zero member Mateusz Jurczyk disclosed a gdi32.dll vulnerability in the Windows operating system to Microsoft on November 16, 2016. The report itself is quite technical and it would go too far to go into details here on the site. The following describes the turn of events however. Jurczyk disclosed issues with gdi32.dll to […]
Researchers have developed a cross-browser fingerprinting technique that uses operating system and hardware level features. Fingerprinting has been limited for the most part to individual web browsers in the past. If a user switched browsers regularly, fingerprinting could not be used to link the user to these browsers. Fingerprinting tests like the Electronic Frontier Foundation's […]
The United States Computer Emergency Readiness Team (US-CERT) published a vulnerability note yesterday about a new zero-day vulnerability affecting Microsoft Windows 8, 10 and Server editions. It reads: Microsoft Windows contains a memory corruption bug in the handling of SMB traffic, which may allow a remote, unauthenticated attacker to cause a denial of service or […]
Malwarebytes 3.0.6 is the latest version of the popular security program for Windows that is available as a free and premium version. The company, also called Malwarebytes, released version 3.0 of the program not too long ago. The update changed things around quite a bit, and not all for the better. The new Malwarebytes unified […]
Don't touch my tabs! (rel=noopener) is a Firefox add-on that adds rel="noopener" to external links on sites open in Firefox automatically. Noopener_by_default is a userscript that does the same for links. Did you know that sites that you load by clicking on links may manipulate the page the link was posted on? Imagine two HTML […]
Researchers have discovered a new phishing attack that is currently underway that is targeting Google Gmail accounts in a sophisticated way. What's interesting about this specific attack is that it uses a new method, one that could even lure tech savvy users into its trap. The attacks begin with compromised Gmail accounts. The attackers use […]
Security researchers found a backdoor in the popular messaging application WhatsApp recently that could allow WhatsApp to intercept and read user messages. Facebook, the owner of WhatsApp, claims that it is impossible to intercept messages on WhatsApp thanks to the services end-to-end encryption. The company states that no one, not even itself, can read what […]
If you encrypt the hard drive of a computer running Windows 7, and then on the same computer running Windows 10, you will notice that the encryption process is faster on Windows 7. Bitlocker is a built-in disk encryption program that you can use to encrypt data so that it cannot be accessed by third-parties. […]
Most modern web browsers support comfortable features like auto-filling forms on sites using data that you have entered in the past. Instead of having to enter your name, email address or street address whenever you sign up for a new account for instance, you'd fill out the data once only and have the browser fill […]