Security

Security is one of the most significant considerations when owning any technology, as you can lose data and finance if not careful. You’ll find articles here that cover various apps and options, threats to browser and device security, and some tips.

Password Manager KeePass 2.55 warns users about weak security settings

A new version of the password manager KeePass is now available. KeePass 2.55 is a smaller release that improves security, imports and introduces some new features to the application. The new version […]

Microsoft Defender for Endpoint Automatic Attack Disruption promises an end of ransomware

Human-operated attacks against computer systems are often difficult to detect. Microsoft promises that Microsoft Defender for Endpoint is now capable to "disrupt human-operated attacks like ransomware early in the kill chain without […]

Microsoft is phasing out VBScript in Windows to improve security

Microsoft announced plans to deprecate Visual Basic Script (VBScript) support in its Windows operating system. The company introduced VBScript, which is modeled on Visual Basic, in 1996. Web developers were the initial […]

Act Now! Android October 2023 Update patches 2 actively exploited issues

Google has published the October 2023 security updates for Android. The update addresses a total of 54 different security issues. Two of the issues are exploited in the wild, according to Google's […]

Bing Chat Enterprise

AI responses may link to malware

AI tools are probably the biggest hype in tech in 2023. Companies have pushed out products or are about to. Bing Chat is one of the most prominent tools available, but there […]

Google Android Earthquake Alerts India

Google to launch Android Earthquake Alerts in India

Earthquakes, one of the most frequent natural disasters globally, have the potential to cause widespread destruction and loss of life. In such dire circumstances, having advanced warning systems can be the difference […]

CVE-2023-5129

Google confirms CVE-2023-5129 is the hidden threat in Libwebp

Google's recent confirmation of an exploited Chrome zero-day, CVE-2023-5129, has taken the cybersecurity world by storm. This exploit has a ripple effect that extends beyond Chrome, affecting numerous popular applications that rely […]

Nintendo adds Passkey passwordless authentication support to accounts

Nintendo users who have created an account at Nintendo may now switch to passwordless authentication thanks to passkey integration. Nintendo Switch users do not need an online account to use their device […]

ADVERTISEMENT

LastPass to enforce minimum Master Password length of 12 characters

LastPass announced today (via email) that the requirements for the master password have been changed. The master password is the primary password used to gain access to accounts. In an email, LastPass […]

Bitwarden Free: WebAuthn new passwordless 2FA method

Free users of the open source password manager Bitwarden may use a new two-factor authentication (2FA) method in the latest version of the application. The developers of the password management service have […]

Popular browsers released security patches against Webp vulnerability

Update your browsers ASAP

In a recent report by Stack Diary, it has come to light that Google, Mozilla, Microsoft, and Brave have all taken immediate action by releasing critical security patches. These patches address a […]

Notepad++ 8.5.7 fixes 4 security issues

The developer of the open source plain text editor Notepad++ has released the security update Notepad++ 8.5.7 to the public. The latest update addresses four security issues in the client and introduces […]

Microsoft offers an explanation for the hack of its cloud

Bugs and coincidences seem to have allowed Chinese-based hacking group Storm-0558 to steal a private MSA key from Microsoft and gain access to the accounts of organizations, including American government agencies. The […]

UK Government withdraws proposal for controversial spy clause in its Online Safety Bill

UK Government withdraws proposal for controversial spy clause in its Online Safety Bill

The UK Government has announced that it will not scan users' messages for harmful content. The announcement comes after Apple, WhatsApp and Signal had threatened to remove their messaging services from Britain […]

Okta IT service deck attack

Okta warns against attacks targeting IT service desk agents

Okta, an identity and access management company, has issued a warning about a new wave of social engineering attacks targeting IT service desk agents at U.S.-based customers. The attackers aim to trick […]

Critical security vulnerabilities in ASUS routers -- update immediately

Three ASUS Wi-Fi routers are vulnerable to three critically rated remote code execution vulnerabilities that can be exploited by malicious actors to take over the devices. The affected wireless routers are the […]

An evolved LockBit variant emerges

Kaspersky, a cybersecurity company, found a new version of LockBit ransomware that's different from the original. This one tells you upfront how much money you need to pay to get your files […]

Microsoft publishes mitigation instructions for Downfall vulnerability in Windows

Microsoft published a support article about the recently disclosed CVE-2022-40982 vulnerability, commonly referred to as Downfall, that affects Windows devices. The vulnerability was disclosed earlier this month. It affects several Intel processor […]

WinRAR security issue more wide-reaching than thought [Update]

A recently disclosed security issue in the archiving software WinRAR is affecting other software programs as well. The developers of WinRAR released version 6.23 of the popular archiving software earlier this month. […]

bitwarden

Bitwarden launches Secrets Manager for teams

Bitwarden Secrets Manager is an open source end-to-end encrypted service that teams may use to "store, manage, automate, and share secrets at scale". Aimed at development teams, who often need to share […]

Privacy is Sexy: custom privacy scripts for Windows, Linux and macOS

Privacy is Sexy is a free service that allows users of desktop operating systems to improve their privacy by creating and executing custom scripts. The service is available for Windows, Linux and […]

proton sentinel

Proton Sentinel: next level account security protection for (almost) everyone

Proton, maker of Proton Mail, VPN and several other services, announced the launch of Proton Sentinel earlier today. Proton Sentinel is a security add-on for Proton accounts that enables higher levels of […]

LinkedIn hack: You need to check your LinkedIn account

If you want to understand the ongoing LinkedIn hack easily, picture this: profiles locked, passwords changed, and the unsettling realization that unseen hands have infiltrated your professional realm. The battleground is set, […]

Discord.io data breach: 760K users affected

Following the Discord.io data breach, the custom invite platform has paused its operations, revealing the personal data of 760,000 users. Discord.io, a third-party entity distinct from the official Discord brand, enables server […]

lastpass

LastPass improves passwordless logins with FIDO2 authenticator support for desktops

Lastpass, maker of the password management service of the same name, announced today that customers may now use FIDO2 compatible authenticators on desktop devices for passwordless logins to their vaults. The new […]

chinese hackers breach us government

Microsoft Authenticator will soon provide codes via WhatsApp

Microsoft is working on two improvements for its Microsoft Authenticator application. The first tests the delivery of authentication codes via Meta's WhatsApp application instead of SMS, the second attempts to limit Authenticator […]

0Patch promises to support Windows Server 2012 and 2012 R2 with 3 years of security updates

Microsoft is ending support for Windows Server 2012 and Windows Server 2012 R2 in October 2023. Just like the recently dropped operating systems Windows 7 and Windows 8.1, Windows Server 2012 will […]

PSNI data breach left officers vulnerable

A huge data breach, including the personal information of every officer in the Northern Ireland Police Service (PSNI), has left personnel concerned for their safety. The PSNI data breach revealed important information […]

Avast Free Antivirus

Get Protected the Right Way with Avast Free Antivirus

Today’s internet safety is difficult to assess. Whereas the internet of yesteryear was a bit like the Far West, where only adventurous spirits wandered into the unknown, it’s a completely different picture […]

AI knows what you type by simply listening

Researchers have trained an AI deep learning model to detect computer keyboard keystrokes with up to 95% accuracy. While there is room for improvement, the core mechanic has an AI listen to […]

APT31 air gapped device malware

Hackers targeting air-gapped devices in Eastern Europe with new malware

A concerning cyber threat has emerged in Eastern Europe, where Chinese state-sponsored hackers are employing a new and sophisticated malware to breach air-gapped devices. These malicious actors, associated with the cyber espionage […]

MOVEit

Google: 0-Day vulnerabilities down in 2022, but still higher than average

Google published a summary of 0-day exploits in the wild in 2022 on the company's official Google Security Blog this week. It is the fourth report of its kind and Google uses […]

bitwarden

How to migrate your Bitwarden vaults from US to EU storage

When Bitwarden users sign-up for an account, they have the choice between storing their vault data on Bitwarden's US or EU servers. Many users of the password management service may not even […]

Roblox data leak

Roblox data leak may have affected nearly 4000 users

On July 19, 2023, a data breach at Roblox exposed sensitive user information from attendees of the 2017-2020 Roblox Developers Conferences. The leaked list contained 4,000 unique email addresses, alongside personal details […]

proton pass

Proton Pass password manager apps released as open source

Proton announced today that its password manager Proton Pass is now open source and that the apps have been audited for security. Proton announced its password manager Proton Pass in April 2023 […]

Malware with faked timestamps on the rise to bypass Windows protections

Microsoft banned more 100 signed malicious Windows drivers just last week after it was informed that malicious actors had joined the company's Windows Hardware Developer Program to create signed drivers with malware. […]

macOS malware

Latest macOS malware can steal your banking information

On macOS, a recently discovered security risk operates in the background to access logins, banking information, and other sensitive information. The new macOS malware is called "ShadowVault." It is unclear whether ShadowVault […]

chinese hackers breach us government

Chinese hackers breach US government emails using a Microsoft cloud bug

According to Microsoft, hackers from China have accessed the email accounts of about 25 organizations, including government organizations. The attacks have been linked to a threat group known as Storm-0558, which is […]

MOVEit

Malware found in over 100 signed Windows drivers

Yesterday's security updates for Windows and other Microsoft products came with an advisory regarding the malicious use of Microsoft signed drivers. Security researchers at Sophos, Trend Micro and Cisco informed Microsoft about […]

MOVEit

"Big Head" ransomware fakes Windows Update to trick users

Security researchers at FortiGuard Labs have discovered a new type of ransomware that is targeting home computer users. Dubbed Big Head, the ransomware fakes Windows Update to avoid detection. The researchers note […]


SPREAD THE WORD

GHACKS NEWSLETTER SIGN UP

Please click on the following link to open the newsletter signup page: Ghacks Newsletter Sign up