Google confirms CVE-2023-5129 is the hidden threat in Libwebp
Google's recent confirmation of an exploited Chrome zero-day, CVE-2023-5129, has taken the cybersecurity world by storm. This exploit has a ripple effect that extends beyond Chrome, affecting numerous popular applications that rely […]
Nintendo adds Passkey passwordless authentication support to accounts
Nintendo users who have created an account at Nintendo may now switch to passwordless authentication thanks to passkey integration. Nintendo Switch users do not need an online account to use their device […]
LastPass to enforce minimum Master Password length of 12 characters
LastPass announced today (via email) that the requirements for the master password have been changed. The master password is the primary password used to gain access to accounts. In an email, LastPass […]
Bitwarden Free: WebAuthn new passwordless 2FA method
Free users of the open source password manager Bitwarden may use a new two-factor authentication (2FA) method in the latest version of the application. The developers of the password management service have […]
Update your browsers ASAP
In a recent report by Stack Diary, it has come to light that Google, Mozilla, Microsoft, and Brave have all taken immediate action by releasing critical security patches. These patches address a […]
Notepad++ 8.5.7 fixes 4 security issues
The developer of the open source plain text editor Notepad++ has released the security update Notepad++ 8.5.7 to the public. The latest update addresses four security issues in the client and introduces […]
Microsoft offers an explanation for the hack of its cloud
Bugs and coincidences seem to have allowed Chinese-based hacking group Storm-0558 to steal a private MSA key from Microsoft and gain access to the accounts of organizations, including American government agencies. The […]
UK Government withdraws proposal for controversial spy clause in its Online Safety Bill
The UK Government has announced that it will not scan users' messages for harmful content. The announcement comes after Apple, WhatsApp and Signal had threatened to remove their messaging services from Britain […]
Okta warns against attacks targeting IT service desk agents
Okta, an identity and access management company, has issued a warning about a new wave of social engineering attacks targeting IT service desk agents at U.S.-based customers. The attackers aim to trick […]
Critical security vulnerabilities in ASUS routers -- update immediately
Three ASUS Wi-Fi routers are vulnerable to three critically rated remote code execution vulnerabilities that can be exploited by malicious actors to take over the devices. The affected wireless routers are the […]
An evolved LockBit variant emerges
Kaspersky, a cybersecurity company, found a new version of LockBit ransomware that's different from the original. This one tells you upfront how much money you need to pay to get your files […]
Microsoft publishes mitigation instructions for Downfall vulnerability in Windows
Microsoft published a support article about the recently disclosed CVE-2022-40982 vulnerability, commonly referred to as Downfall, that affects Windows devices. The vulnerability was disclosed earlier this month. It affects several Intel processor […]
WinRAR security issue more wide-reaching than thought [Update]
A recently disclosed security issue in the archiving software WinRAR is affecting other software programs as well. The developers of WinRAR released version 6.23 of the popular archiving software earlier this month. […]
Bitwarden launches Secrets Manager for teams
Bitwarden Secrets Manager is an open source end-to-end encrypted service that teams may use to "store, manage, automate, and share secrets at scale". Aimed at development teams, who often need to share […]
Privacy is Sexy: custom privacy scripts for Windows, Linux and macOS
Privacy is Sexy is a free service that allows users of desktop operating systems to improve their privacy by creating and executing custom scripts. The service is available for Windows, Linux and […]
Proton Sentinel: next level account security protection for (almost) everyone
Proton, maker of Proton Mail, VPN and several other services, announced the launch of Proton Sentinel earlier today. Proton Sentinel is a security add-on for Proton accounts that enables higher levels of […]
LinkedIn hack: You need to check your LinkedIn account
If you want to understand the ongoing LinkedIn hack easily, picture this: profiles locked, passwords changed, and the unsettling realization that unseen hands have infiltrated your professional realm. The battleground is set, […]
Discord.io data breach: 760K users affected
Following the Discord.io data breach, the custom invite platform has paused its operations, revealing the personal data of 760,000 users. Discord.io, a third-party entity distinct from the official Discord brand, enables server […]
LastPass improves passwordless logins with FIDO2 authenticator support for desktops
Lastpass, maker of the password management service of the same name, announced today that customers may now use FIDO2 compatible authenticators on desktop devices for passwordless logins to their vaults. The new […]
Microsoft Authenticator will soon provide codes via WhatsApp
Microsoft is working on two improvements for its Microsoft Authenticator application. The first tests the delivery of authentication codes via Meta's WhatsApp application instead of SMS, the second attempts to limit Authenticator […]
0Patch promises to support Windows Server 2012 and 2012 R2 with 3 years of security updates
Microsoft is ending support for Windows Server 2012 and Windows Server 2012 R2 in October 2023. Just like the recently dropped operating systems Windows 7 and Windows 8.1, Windows Server 2012 will […]
PSNI data breach left officers vulnerable
A huge data breach, including the personal information of every officer in the Northern Ireland Police Service (PSNI), has left personnel concerned for their safety. The PSNI data breach revealed important information […]
Get Protected the Right Way with Avast Free Antivirus
Today’s internet safety is difficult to assess. Whereas the internet of yesteryear was a bit like the Far West, where only adventurous spirits wandered into the unknown, it’s a completely different picture […]
AI knows what you type by simply listening
Researchers have trained an AI deep learning model to detect computer keyboard keystrokes with up to 95% accuracy. While there is room for improvement, the core mechanic has an AI listen to […]
Hackers targeting air-gapped devices in Eastern Europe with new malware
A concerning cyber threat has emerged in Eastern Europe, where Chinese state-sponsored hackers are employing a new and sophisticated malware to breach air-gapped devices. These malicious actors, associated with the cyber espionage […]
Google: 0-Day vulnerabilities down in 2022, but still higher than average
Google published a summary of 0-day exploits in the wild in 2022 on the company's official Google Security Blog this week. It is the fourth report of its kind and Google uses […]
How to migrate your Bitwarden vaults from US to EU storage
When Bitwarden users sign-up for an account, they have the choice between storing their vault data on Bitwarden's US or EU servers. Many users of the password management service may not even […]
Roblox data leak may have affected nearly 4000 users
On July 19, 2023, a data breach at Roblox exposed sensitive user information from attendees of the 2017-2020 Roblox Developers Conferences. The leaked list contained 4,000 unique email addresses, alongside personal details […]
Proton Pass password manager apps released as open source
Proton announced today that its password manager Proton Pass is now open source and that the apps have been audited for security. Proton announced its password manager Proton Pass in April 2023 […]
Malware with faked timestamps on the rise to bypass Windows protections
Microsoft banned more 100 signed malicious Windows drivers just last week after it was informed that malicious actors had joined the company's Windows Hardware Developer Program to create signed drivers with malware. […]
Latest macOS malware can steal your banking information
On macOS, a recently discovered security risk operates in the background to access logins, banking information, and other sensitive information. The new macOS malware is called "ShadowVault." It is unclear whether ShadowVault […]
Chinese hackers breach US government emails using a Microsoft cloud bug
According to Microsoft, hackers from China have accessed the email accounts of about 25 organizations, including government organizations. The attacks have been linked to a threat group known as Storm-0558, which is […]
Malware found in over 100 signed Windows drivers
Yesterday's security updates for Windows and other Microsoft products came with an advisory regarding the malicious use of Microsoft signed drivers. Security researchers at Sophos, Trend Micro and Cisco informed Microsoft about […]
"Big Head" ransomware fakes Windows Update to trick users
Security researchers at FortiGuard Labs have discovered a new type of ransomware that is targeting home computer users. Dubbed Big Head, the ransomware fakes Windows Update to avoid detection. The researchers note […]
RustBucket malware: A PDF could finish your Mac
Cybersecurity research conducted by the illustrious team at Elastic Security Labs has brought to light a virulent new strain of the RustBucket malware, a notorious enemy of macOS-powered devices. It appears the […]
Proton Pass password manager leaves beta: here is our take
Proton, the organization behind Proton Mail, VPN and other services, has released the first stable version of Proton Pass today after a beta period. Proton Pass is an open source password manager […]
Microsoft Teams vulnerability discovered to bypass file sending restrictions
A newly discovered vulnerability in Microsoft Teams allows attackers to push malware onto the devices of other Microsoft Teams users, even if they are considered external. IT security researchers at Jumpsec have […]
Some LastPass users are locked out of their accounts after trying to reset their authenticator app
Password management service LastPass started to prompt its customers to reset their two-factor authentication method on May 9th, 2023. The company upgraded account security at the time by raising the number of […]
1Password adds Telemetry to its password manager, but it is opt-in, sort of
The makers of the password management service 1Password announced the rollout of what they call a "privacy-preserving telemetry system" in the application today. Telemetry collects usage data and many applications and all […]
Asus releases firmware updates for routers to address critical security issues
Asus has released new firmware for a wide range of its routers that address nine different security issues, some of which rated critical. The company encourages customers to install the firmware update […]
