Security

Security is one of the most significant considerations when owning any technology, as you can lose data and finance if not careful. You’ll find articles here that cover various apps and options, threats to browser and device security, and some tips.

MOVEit

Malware found in over 100 signed Windows drivers

Yesterday's security updates for Windows and other Microsoft products came with an advisory regarding the malicious use of Microsoft signed drivers. Security researchers at Sophos, Trend Micro and Cisco informed Microsoft about […]

MOVEit

"Big Head" ransomware fakes Windows Update to trick users

Security researchers at FortiGuard Labs have discovered a new type of ransomware that is targeting home computer users. Dubbed Big Head, the ransomware fakes Windows Update to avoid detection. The researchers note […]

RustBucket malware: A PDF could finish your Mac

Cybersecurity research conducted by the illustrious team at Elastic Security Labs has brought to light a virulent new strain of the RustBucket malware, a notorious enemy of macOS-powered devices. It appears the […]

Proton Pass password manager leaves beta: here is our take

Proton, the organization behind Proton Mail, VPN and other services, has released the first stable version of Proton Pass today after a beta period. Proton Pass is an open source password manager […]

Microsoft Teams vulnerability discovered to bypass file sending restrictions

A newly discovered vulnerability in Microsoft Teams allows attackers to push malware onto the devices of other Microsoft Teams users, even if they are considered external. IT security researchers at Jumpsec have […]

lastpass

Some LastPass users are locked out of their accounts after trying to reset their authenticator app

Password management service LastPass started to prompt its customers to reset their two-factor authentication method on May 9th, 2023. The company upgraded account security at the time by raising the number of […]

1password telemetry

1Password adds Telemetry to its password manager, but it is opt-in, sort of

The makers of the password management service 1Password announced the rollout of what they call a "privacy-preserving telemetry system" in the application today. Telemetry collects usage data and many applications and all […]

Asus releases firmware updates for routers to address critical security issues

Asus has released new firmware for a wide range of its routers that address nine different security issues, some of which rated critical. The company encourages customers to install the firmware update […]

ADVERTISEMENT

New Bitwarden update fix a huge vulnerability on Windows.... update now!

The open source Bitwarden password manager supports biometric authentication. Windows Hello is supported on Windows, so that users may use biometric authentication to access their passwords and other vault data. Up until […]

Password Manager KeePass 2.53 released with password history improvements

KeePass password manager update improves security

Dominik Reichl, the lead developer of the KeePass password manager, has released KeePass 2.54 to the public. The new version of the application improves security in several meaningful ways, and it addresses […]

MOVEit

MOVEit file transfer vulnerability exploited by hackers

Security researchers have discovered that threat actors are using a serious zero-day flaw in the MOVEit file transfer product in a number of client scenarios. According to BleepingComputer, MoveIt Transfer from Progress Software […]

Critical vulnerability in Gigabyte Motherboards discovered

Millions of PC devices with Gigabyte motherboards are in danger. Researchers at Eclypsium have discovered backdoor-like tools in hundreds of Gigabyte motherboard models. The legitimate tools are used by Gigabyte for updating […]

1Password tightens the thumbscrews for users of the old version of the password manager

Password management service 1Password has deleted the classic browser extensions from the Google Chrome Web Store and Mozilla's Firefox Add-ons repository. The company announced the end of support for the classic browser […]

bitwarden

Password manager Bitwarden will soon be able to store passkeys

Bitwarden users will be able to save, store and manage passkeys in the password manager this summer, according to a new announcement on the official Bitwarden blog. Passkeys is a new authentication […]

Do you know which data breaches you have fallen victim to?

In today's digital landscape, the security of personal information is an ever-present concern. The ubiquity of data breaches raises questions about the extent to which identities are exposed and vulnerable. While high-profile […]

Your KeePass Master Password may be at risk, but a fix is coming

A recently disclosed vulnerability in the KeePass password manager may be exploited to retrieve the master password. The vulnerability, CVE-2023-32784. indicates that the master password may be recovered from system memory dumps, […]

us data breach

237,000 US government employees affected by data breach

According to a recent report, a data breach at the United States Department of Transportation (USDOT) led to the leak of personal information of 237,000 current and past federal government employees. A […]

Virustotal expands AI security scans to AutoHotkey and other scripts

Google launched VirusTotal Code Insight in April 2023 to expand the functionality of its malware detection and analysis platform. Up until now, VirusTotal could tell its users whether antivirus engines considered a […]

Microsoft scan ZIP archives

Microsoft's cloud services are scanning password protected ZIP archives

Microsoft cloud services, including OneDrive and SharePoint, have started to scan password protected ZIP archives that users upload or share using these services. Internet users have a number of options when it […]

toyota japan security breach

Toyota Japan confirms decade-long security breach

Toyota Japan has confirmed that due to a cloud misconfiguration, the personal and vehicle information of 2.15 million users was leaked on the internet. Moreover, the information has been on the internet […]

Google's .zip Top Level domain is already used in phishing attacks

Google released the top-level domain .zip to the public recently, which means that interested organizations and users may register .zip domains. Cyber criminals are already using .zip domains in phishing campaigns. According […]

Intel data breach

Data breach alert: Intel confronts massive security incident

MSI lost up to 1.5TB of sensitive data due to a security compromise, but it is not the only company facing issues. Because of the MSI data breach back in March, Intel […]

Google now lets you create Passkeys for your accounts

Should you protect your Google Account with a passkey instead of a password?

Last week, Google unlocked the ability to create passkeys to protect Google Accounts and to switch to using passkeys instead of passwords for protection. The question that Google customers may have is […]

Microsoft Defender Antivirus had highest system load impact in latest AV-Test

Modern Windows operating systems include Microsoft Defender Antivirus by default. The security component is enabled by default, but it will turn itself off for the most part if an administrator installs another […]

Western Digital informs customers that hackers stole personal data

Western Digital customers who have used the company's Western Digital online store may have had personal information stolen by hackers. The company revealed in early April 2023 that it suffered a security […]

1Password: Passkey support is coming in June

1Password revealed plans this week to launch passkeys support in June 2023. The announcement was published on the same day that Dashlane, another password service, announced support for passwordless sign-ins as well. […]

Password Manager Dashlane wants to eliminate the master password

Password management service Dashlane announced plans to eliminate the master password; this password is used currently to unlock a user's vault at the service. The company announced support for passkeys in its […]

AT&T email hackers

Protect your money: AT&T email accounts under attack by hackers

A recent report says that hackers have been breaking into email addresses provided by AT&T and stealing huge amounts of cryptocurrency. According to a report from Tech Crunch, unknown hackers have been […]

Google Authenticator adds support for syncing 2FA codes to the cloud

Why you shouldn't turn on Google Authenticator's cloud sync feature

Google Authenticator is a popular two-factor authentication app to create codes for authorization processes. Up until now, Google Authenticator did not sync codes across a customer's devices, which meant that customers had […]

VirusTotal Code Insight: AI-powered malware analysis feature

VirusTotal announced the launch of Code Insight, a new feature of the malware detection and analysis platform, which uses AI to analyse code and provide information on detected threats. One of VirusTotal's […]

Ireland is the next country to ban TikTok

According to a report by The Irish Times, the National Cyber Security Centre (NCSC) has instructed employees of government departments and agencies to remove TikTok from their work-related devices following a thorough […]

proton pass

Proton Pass: new password manager announced

Proton, the Switzerland-based company known for its Proton line of products, including Proton Mail, Proton VPN and Proton Drive, announced the launch of Proton Pass today. Proton Pass is a password manager […]

1Password ending support for classic browser extensions

1Password is a popular commercial password management solution. Agile Bits, the company behind the product announced a change recently that affects all users who still use classic extensions. Broken down to its […]

Microsoft's new naming convention for threat groups sound like an order at a cocktail bar

Strawberry Tempest, Night Tsunami, Aqua Blizzard or Circle Typhoon sound like something that you would order in a Cocktail bar, or a fancy coffee joint. These deliciously sounding constructs are, however, not […]

security-header

KeePassXC security audit published, recommends this security setting

KeePassXC is a popular password manager for Windows, Mac and Linux that uses the KDBX file format from the password manager KeePass. The developers of KeePassXC have published the results of a […]

Western Digital hackers claim to have copied 10TB of company data

Western Digital confirmed a network security incident earlier this month, but did not reveal much in terms of information, as the investigation was still ongoing at the time. The company did shut […]

Kodi confirms user forum data breach

Kodi, maker of the popular entertainment center app, confirmed a data breach of its user forum software earlier this week. The development team became aware of the hack after a dump of […]

FBI warns: avoid public charging stations

The Federal Bureau of Investigation has issued a warning against using public phone and tablet charging stations. Bad actors are using manipulated stations to infect phones and other connected devices with malware. […]

The impact of remote work on cybersecurity: Tips for staying safe

Remote work has seen an incredible boost during the pandemic. As governments and organizations scrambled to get things under control, many workers and students suddenly found themselves in quite the different work […]

MSI warns against installing unofficial firmware after suffering a cyberattack

MSI confirmed that it has become the victim of a cyberattack on Friday. The company published a short statement on its official site about the incident. In it, MSI describes that its […]


SPREAD THE WORD

GHACKS NEWSLETTER SIGN UP

Please click on the following link to open the newsletter signup page: Ghacks Newsletter Sign up