LogoFail vulnerability affects many Windows and Linux devices
Many commercial computers are vulnerable to a set of vulnerabilities that exploit flaws in the processing of startup logos during boot. Security researchers at Binarly have disclosed security vulnerabilities in system firmware […]
BLUFFS: new Bluetooth vulnerability discovered that affects most devices
BLUFFS is an acronym for a new Bluetooth vulnerability that security researcher Daniele Antonioli disclosed recently. BLUFFS, which stands for Bluetooth Forward and Future Secrecy, is actually a set of six unique […]
When will the cybersecurity company Okta ensure its own security?
On Tuesday, Okta revealed that hackers had stolen data from all of its customer support users in a major breach of its customer support system. The company had previously said that only […]
MDP warns parents about this iOS feature
In a recent social media post, the Middletown Division of Police in Ohio has put an iPhone NameDrop warning for parents. Introduced in the iOS 17 update, this feature allows users to […]
Enable 256-bit Bitlocker encryption on Windows 11 to boost security
Bitlocker is the default encryption technology of the Windows operating system. It is used widely on Windows, but some users prefer third-party solutions, such as VeraCrypt. What many users of Bitlocker don't […]
Data of 8.5 million patients compromised in the United States
Healthcare SaaS provider Welltok has disclosed a data breach that has compromised the personal information of nearly 8.5 million patients in the United States. Welltok works with healthcare providers across the US, […]
Security researchers bypass Windows Hello fingerprint authentication
Security researchers at Blackwing Intelligence managed to bypass Windows Hello fingerprint authentication on devices with the three most used fingerprint sensors on Windows. The researchers were asked by Microsoft's Offensive Research and […]
Protect your eBay account with Authenticator apps
Users of eBay had several options up until now to improve account login security using 2-step verification. They could get texts or emails from eBay that contain the code, or get codes […]
CVE-2023-4966 vulnerability becomes a global problem
Threat researcher Kevin Beaumont has been tracking attacks against various companies, including the Industrial and Commercial Bank of China (ICBC), DP World, Allen & Overy, and Boeing, and found they had something […]
Mullvad's public encrypted DNS Servers run in RAM now
Sweden-based VPN provider Mullvad announced today that its public encrypted DNS servers run fully in RAM. The announcement comes less than two months after Mullvad completed the migration of its VPN infrastructure […]
Suspicious Microsoft Authenticator requests don't trigger notifications anymore
Microsoft Authenticator will suppress suspicious authentication prompts to protect users against social engineering attacks. Microsoft has now enabled the security feature, which it unveiled back in August 2023. Microsoft Authenticator is a […]
Be careful if you use Apple's Find My network
Apple's "Find My" network is a powerful tool that can help users locate their lost or stolen devices. It works by using a combination of GPS and Bluetooth signals from other Apple […]
CVSS 4.0 standard has been released
The Common Vulnerability Scoring System (CVSS) is an open standard for assessing the severity of computer security vulnerabilities. CVSS scores are used by organizations and individuals around the world to prioritize vulnerability […]
Latest Bitwarden update introduces support for saving passkeys
A new version of the open source password manager Bitwarden is now available. Bitwarden 2023.10.0 introduces a number of important features to the password manager. Noteworthy additions are supported for saving passkeys […]
And the phishing Oscar goes to...
Cybercriminals are constantly evolving their tactics to exploit the latest trends and technologies. One way they do this is by using the names of popular celebrities to create phishing scams and other […]
Watch out for StripedFly malware
Cybersecurity researchers have discovered a sophisticated cross-platform malware platform named StripedFly malware that has infected over 1 million Windows and Linux systems since 2017. The malware, which was wrongly classified as just […]
Tor Browser Security Audit reveals 2 high security issues
The Tor Browser project asked the penetration testers at Cure53 to audit core components of the project. Among the components were the BridgeDB software, building infrastructure, specific Tor Browser alterations and rdsys […]
The fallout from the Okta breach continues
On September 29, 2023, 1Password discovered suspicious activity on its Okta tenant. The investigation revealed that the threat actor used a HAR file stolen in the recent Okta breach to access the […]
VMware Workstation 17.5 Player fixes a security issue
If you use VMWare Workstation Player to run virtual machines on your devices, you may want to update the existing version of the application to the newly released 17.5 version. VMWare Workstation […]
Dashlane limits Free users to 25 passwords starting next month
Users of the free version of the Dashlane password manager will soon have to cope with a severe limitation. Starting on November 7th, 2023, Dashlane Free will support a maximum of 25 […]
Old WinRAR vulnerability is exploited by government-backed actors
WinRAR users who have not updated the archiving software in some time may want to do so immediately. A report by Google's Threat Analysis Group TAG suggests that government-backed actors are exploiting […]
Password Manager KeePass 2.55 warns users about weak security settings
A new version of the password manager KeePass is now available. KeePass 2.55 is a smaller release that improves security, imports and introduces some new features to the application. The new version […]
Microsoft Defender for Endpoint Automatic Attack Disruption promises an end of ransomware
Human-operated attacks against computer systems are often difficult to detect. Microsoft promises that Microsoft Defender for Endpoint is now capable to "disrupt human-operated attacks like ransomware early in the kill chain without […]
Microsoft is phasing out VBScript in Windows to improve security
Microsoft announced plans to deprecate Visual Basic Script (VBScript) support in its Windows operating system. The company introduced VBScript, which is modeled on Visual Basic, in 1996. Web developers were the initial […]
Act Now! Android October 2023 Update patches 2 actively exploited issues
Google has published the October 2023 security updates for Android. The update addresses a total of 54 different security issues. Two of the issues are exploited in the wild, according to Google's […]
AI responses may link to malware
AI tools are probably the biggest hype in tech in 2023. Companies have pushed out products or are about to. Bing Chat is one of the most prominent tools available, but there […]
Google to launch Android Earthquake Alerts in India
Earthquakes, one of the most frequent natural disasters globally, have the potential to cause widespread destruction and loss of life. In such dire circumstances, having advanced warning systems can be the difference […]
Google confirms CVE-2023-5129 is the hidden threat in Libwebp
Google's recent confirmation of an exploited Chrome zero-day, CVE-2023-5129, has taken the cybersecurity world by storm. This exploit has a ripple effect that extends beyond Chrome, affecting numerous popular applications that rely […]
Nintendo adds Passkey passwordless authentication support to accounts
Nintendo users who have created an account at Nintendo may now switch to passwordless authentication thanks to passkey integration. Nintendo Switch users do not need an online account to use their device […]
LastPass to enforce minimum Master Password length of 12 characters
LastPass announced today (via email) that the requirements for the master password have been changed. The master password is the primary password used to gain access to accounts. In an email, LastPass […]
Bitwarden Free: WebAuthn new passwordless 2FA method
Free users of the open source password manager Bitwarden may use a new two-factor authentication (2FA) method in the latest version of the application. The developers of the password management service have […]
Update your browsers ASAP
In a recent report by Stack Diary, it has come to light that Google, Mozilla, Microsoft, and Brave have all taken immediate action by releasing critical security patches. These patches address a […]
Notepad++ 8.5.7 fixes 4 security issues
The developer of the open source plain text editor Notepad++ has released the security update Notepad++ 8.5.7 to the public. The latest update addresses four security issues in the client and introduces […]
Microsoft offers an explanation for the hack of its cloud
Bugs and coincidences seem to have allowed Chinese-based hacking group Storm-0558 to steal a private MSA key from Microsoft and gain access to the accounts of organizations, including American government agencies. The […]
UK Government withdraws proposal for controversial spy clause in its Online Safety Bill
The UK Government has announced that it will not scan users' messages for harmful content. The announcement comes after Apple, WhatsApp and Signal had threatened to remove their messaging services from Britain […]
Okta warns against attacks targeting IT service desk agents
Okta, an identity and access management company, has issued a warning about a new wave of social engineering attacks targeting IT service desk agents at U.S.-based customers. The attackers aim to trick […]
Critical security vulnerabilities in ASUS routers -- update immediately
Three ASUS Wi-Fi routers are vulnerable to three critically rated remote code execution vulnerabilities that can be exploited by malicious actors to take over the devices. The affected wireless routers are the […]
An evolved LockBit variant emerges
Kaspersky, a cybersecurity company, found a new version of LockBit ransomware that's different from the original. This one tells you upfront how much money you need to pay to get your files […]
Microsoft publishes mitigation instructions for Downfall vulnerability in Windows
Microsoft published a support article about the recently disclosed CVE-2022-40982 vulnerability, commonly referred to as Downfall, that affects Windows devices. The vulnerability was disclosed earlier this month. It affects several Intel processor […]
WinRAR security issue more wide-reaching than thought [Update]
A recently disclosed security issue in the archiving software WinRAR is affecting other software programs as well. The developers of WinRAR released version 6.23 of the popular archiving software earlier this month. […]
