Security

Security is one of the most significant considerations when owning any technology, as you can lose data and finance if not careful. You’ll find articles here that cover various apps and options, threats to browser and device security, and some tips.

Bitwarden Free: WebAuthn new passwordless 2FA method

Free users of the open source password manager Bitwarden may use a new two-factor authentication (2FA) method in the latest version of the application. The developers of the password management service have […]

Popular browsers released security patches against Webp vulnerability

Update your browsers ASAP

In a recent report by Stack Diary, it has come to light that Google, Mozilla, Microsoft, and Brave have all taken immediate action by releasing critical security patches. These patches address a […]

Notepad++ 8.5.7 fixes 4 security issues

The developer of the open source plain text editor Notepad++ has released the security update Notepad++ 8.5.7 to the public. The latest update addresses four security issues in the client and introduces […]

Microsoft offers an explanation for the hack of its cloud

Bugs and coincidences seem to have allowed Chinese-based hacking group Storm-0558 to steal a private MSA key from Microsoft and gain access to the accounts of organizations, including American government agencies. The […]

UK Government withdraws proposal for controversial spy clause in its Online Safety Bill

UK Government withdraws proposal for controversial spy clause in its Online Safety Bill

The UK Government has announced that it will not scan users' messages for harmful content. The announcement comes after Apple, WhatsApp and Signal had threatened to remove their messaging services from Britain […]

Okta IT service deck attack

Okta warns against attacks targeting IT service desk agents

Okta, an identity and access management company, has issued a warning about a new wave of social engineering attacks targeting IT service desk agents at U.S.-based customers. The attackers aim to trick […]

Critical security vulnerabilities in ASUS routers -- update immediately

Three ASUS Wi-Fi routers are vulnerable to three critically rated remote code execution vulnerabilities that can be exploited by malicious actors to take over the devices. The affected wireless routers are the […]

An evolved LockBit variant emerges

Kaspersky, a cybersecurity company, found a new version of LockBit ransomware that's different from the original. This one tells you upfront how much money you need to pay to get your files […]

ADVERTISEMENT

Microsoft publishes mitigation instructions for Downfall vulnerability in Windows

Microsoft published a support article about the recently disclosed CVE-2022-40982 vulnerability, commonly referred to as Downfall, that affects Windows devices. The vulnerability was disclosed earlier this month. It affects several Intel processor […]

WinRAR security issue more wide-reaching than thought [Update]

A recently disclosed security issue in the archiving software WinRAR is affecting other software programs as well. The developers of WinRAR released version 6.23 of the popular archiving software earlier this month. […]

bitwarden

Bitwarden launches Secrets Manager for teams

Bitwarden Secrets Manager is an open source end-to-end encrypted service that teams may use to "store, manage, automate, and share secrets at scale". Aimed at development teams, who often need to share […]

Privacy is Sexy: custom privacy scripts for Windows, Linux and macOS

Privacy is Sexy is a free service that allows users of desktop operating systems to improve their privacy by creating and executing custom scripts. The service is available for Windows, Linux and […]

proton sentinel

Proton Sentinel: next level account security protection for (almost) everyone

Proton, maker of Proton Mail, VPN and several other services, announced the launch of Proton Sentinel earlier today. Proton Sentinel is a security add-on for Proton accounts that enables higher levels of […]

LinkedIn hack: You need to check your LinkedIn account

If you want to understand the ongoing LinkedIn hack easily, picture this: profiles locked, passwords changed, and the unsettling realization that unseen hands have infiltrated your professional realm. The battleground is set, […]

Discord.io data breach: 760K users affected

Following the Discord.io data breach, the custom invite platform has paused its operations, revealing the personal data of 760,000 users. Discord.io, a third-party entity distinct from the official Discord brand, enables server […]

lastpass

LastPass improves passwordless logins with FIDO2 authenticator support for desktops

Lastpass, maker of the password management service of the same name, announced today that customers may now use FIDO2 compatible authenticators on desktop devices for passwordless logins to their vaults. The new […]

chinese hackers breach us government

Microsoft Authenticator will soon provide codes via WhatsApp

Microsoft is working on two improvements for its Microsoft Authenticator application. The first tests the delivery of authentication codes via Meta's WhatsApp application instead of SMS, the second attempts to limit Authenticator […]

0Patch promises to support Windows Server 2012 and 2012 R2 with 3 years of security updates

Microsoft is ending support for Windows Server 2012 and Windows Server 2012 R2 in October 2023. Just like the recently dropped operating systems Windows 7 and Windows 8.1, Windows Server 2012 will […]

PSNI data breach left officers vulnerable

A huge data breach, including the personal information of every officer in the Northern Ireland Police Service (PSNI), has left personnel concerned for their safety. The PSNI data breach revealed important information […]

Avast Free Antivirus

Get Protected the Right Way with Avast Free Antivirus

Today’s internet safety is difficult to assess. Whereas the internet of yesteryear was a bit like the Far West, where only adventurous spirits wandered into the unknown, it’s a completely different picture […]

AI knows what you type by simply listening

Researchers have trained an AI deep learning model to detect computer keyboard keystrokes with up to 95% accuracy. While there is room for improvement, the core mechanic has an AI listen to […]

APT31 air gapped device malware

Hackers targeting air-gapped devices in Eastern Europe with new malware

A concerning cyber threat has emerged in Eastern Europe, where Chinese state-sponsored hackers are employing a new and sophisticated malware to breach air-gapped devices. These malicious actors, associated with the cyber espionage […]

MOVEit

Google: 0-Day vulnerabilities down in 2022, but still higher than average

Google published a summary of 0-day exploits in the wild in 2022 on the company's official Google Security Blog this week. It is the fourth report of its kind and Google uses […]

bitwarden

How to migrate your Bitwarden vaults from US to EU storage

When Bitwarden users sign-up for an account, they have the choice between storing their vault data on Bitwarden's US or EU servers. Many users of the password management service may not even […]

Roblox data leak

Roblox data leak may have affected nearly 4000 users

On July 19, 2023, a data breach at Roblox exposed sensitive user information from attendees of the 2017-2020 Roblox Developers Conferences. The leaked list contained 4,000 unique email addresses, alongside personal details […]

proton pass

Proton Pass password manager apps released as open source

Proton announced today that its password manager Proton Pass is now open source and that the apps have been audited for security. Proton announced its password manager Proton Pass in April 2023 […]

Malware with faked timestamps on the rise to bypass Windows protections

Microsoft banned more 100 signed malicious Windows drivers just last week after it was informed that malicious actors had joined the company's Windows Hardware Developer Program to create signed drivers with malware. […]

macOS malware

Latest macOS malware can steal your banking information

On macOS, a recently discovered security risk operates in the background to access logins, banking information, and other sensitive information. The new macOS malware is called "ShadowVault." It is unclear whether ShadowVault […]

chinese hackers breach us government

Chinese hackers breach US government emails using a Microsoft cloud bug

According to Microsoft, hackers from China have accessed the email accounts of about 25 organizations, including government organizations. The attacks have been linked to a threat group known as Storm-0558, which is […]

MOVEit

Malware found in over 100 signed Windows drivers

Yesterday's security updates for Windows and other Microsoft products came with an advisory regarding the malicious use of Microsoft signed drivers. Security researchers at Sophos, Trend Micro and Cisco informed Microsoft about […]

MOVEit

"Big Head" ransomware fakes Windows Update to trick users

Security researchers at FortiGuard Labs have discovered a new type of ransomware that is targeting home computer users. Dubbed Big Head, the ransomware fakes Windows Update to avoid detection. The researchers note […]

RustBucket malware: A PDF could finish your Mac

Cybersecurity research conducted by the illustrious team at Elastic Security Labs has brought to light a virulent new strain of the RustBucket malware, a notorious enemy of macOS-powered devices. It appears the […]

Proton Pass password manager leaves beta: here is our take

Proton, the organization behind Proton Mail, VPN and other services, has released the first stable version of Proton Pass today after a beta period. Proton Pass is an open source password manager […]

Microsoft Teams vulnerability discovered to bypass file sending restrictions

A newly discovered vulnerability in Microsoft Teams allows attackers to push malware onto the devices of other Microsoft Teams users, even if they are considered external. IT security researchers at Jumpsec have […]

lastpass

Some LastPass users are locked out of their accounts after trying to reset their authenticator app

Password management service LastPass started to prompt its customers to reset their two-factor authentication method on May 9th, 2023. The company upgraded account security at the time by raising the number of […]

1password telemetry

1Password adds Telemetry to its password manager, but it is opt-in, sort of

The makers of the password management service 1Password announced the rollout of what they call a "privacy-preserving telemetry system" in the application today. Telemetry collects usage data and many applications and all […]

Asus releases firmware updates for routers to address critical security issues

Asus has released new firmware for a wide range of its routers that address nine different security issues, some of which rated critical. The company encourages customers to install the firmware update […]

New Bitwarden update fix a huge vulnerability on Windows.... update now!

The open source Bitwarden password manager supports biometric authentication. Windows Hello is supported on Windows, so that users may use biometric authentication to access their passwords and other vault data. Up until […]

Password Manager KeePass 2.53 released with password history improvements

KeePass password manager update improves security

Dominik Reichl, the lead developer of the KeePass password manager, has released KeePass 2.54 to the public. The new version of the application improves security in several meaningful ways, and it addresses […]

MOVEit

MOVEit file transfer vulnerability exploited by hackers

Security researchers have discovered that threat actors are using a serious zero-day flaw in the MOVEit file transfer product in a number of client scenarios. According to BleepingComputer, MoveIt Transfer from Progress Software […]


SPREAD THE WORD

GHACKS NEWSLETTER SIGN UP

Please click on the following link to open the newsletter signup page: Ghacks Newsletter Sign up