FreshRSS

πŸ”’
❌ About FreshRSS
☷
β–³ πŸ”ƒ
There are new available articles, click to refresh the page.
Today β€” May 20th 2024Your RSS feeds

iOS 17.5.1 patches cringey bug that was resurrecting old, deleted photos

iPhone and iPad users were reporting personal and sensitive images reappearing - even on wiped and sold devices. Keep those deleted photos deleted!
  • May 20th 2024 at 17:56
  • β†—

Are you being tracked? What new privacy features from Apple and Google can (and can't) tell you

How does your phone know that a Bluetooth tracker is monitoring you? What should you do if you find one? We answer all your questions about the new iOS and Android Bluetooth tracking features, and more.
  • May 20th 2024 at 17:51
  • β†—

Iranian MOIS-Linked Hackers Behind Destructive Attacks on Albania and Israel

By Newsroom
An Iranian threat actor affiliated with the Ministry of Intelligence and Security (MOIS) has been attributed as behind destructive wiping attacks targeting Albania and Israel under the personas Homeland Justice and Karma, respectively. Cybersecurity firm Check Point is tracking the activity under the monikerΒ Void Manticore, which is also known asΒ Storm-0842Β (formerly DEV-0842) by
  • May 20th 2024 at 16:05
  • β†—

Ubuntu Security Notice USN-6777-2

Ubuntu Security Notice 6777-2 - Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
  • May 20th 2024 at 14:28
  • β†—

Ubuntu Security Notice USN-6766-3

Ubuntu Security Notice 6766-3 - It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service. Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive information.
  • May 20th 2024 at 14:28
  • β†—

Red Hat Security Advisory 2024-2912-03

Red Hat Security Advisory 2024-2912-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include bypass and use-after-free vulnerabilities.
  • May 20th 2024 at 14:12
  • β†—

Red Hat Security Advisory 2024-2913-03

Red Hat Security Advisory 2024-2913-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 7. Issues addressed include bypass and use-after-free vulnerabilities.
  • May 20th 2024 at 14:12
  • β†—

Red Hat Security Advisory 2024-2910-03

Red Hat Security Advisory 2024-2910-03 - An update for nodejs is now available for Red Hat Enterprise Linux 9. Issues addressed include HTTP request smuggling, denial of service, and out of bounds read vulnerabilities.
  • May 20th 2024 at 14:11
  • β†—

Red Hat Security Advisory 2024-2911-03

Red Hat Security Advisory 2024-2911-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include bypass and use-after-free vulnerabilities.
  • May 20th 2024 at 14:11
  • β†—

Red Hat Security Advisory 2024-2906-03

Red Hat Security Advisory 2024-2906-03 - An update for firefox is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include bypass and use-after-free vulnerabilities.
  • May 20th 2024 at 14:10
  • β†—

Red Hat Security Advisory 2024-2907-03

Red Hat Security Advisory 2024-2907-03 - An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a denial of service vulnerability.
  • May 20th 2024 at 14:10
  • β†—

Red Hat Security Advisory 2024-2903-03

Red Hat Security Advisory 2024-2903-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include bypass and use-after-free vulnerabilities.
  • May 20th 2024 at 14:10
  • β†—

Red Hat Security Advisory 2024-2904-03

Red Hat Security Advisory 2024-2904-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include bypass and use-after-free vulnerabilities.
  • May 20th 2024 at 14:10
  • β†—

Red Hat Security Advisory 2024-2905-03

Red Hat Security Advisory 2024-2905-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include bypass and use-after-free vulnerabilities.
  • May 20th 2024 at 14:10
  • β†—

Researchers call out QNAP for dragging its heels on patch development

WatchTowr publishes report claiming vendor failed to issue fixes after four months

Infosec boffins say they were forced to go public after QNAP failed to fix various vulnerabilities that were reported to it months ago.…

  • May 20th 2024 at 14:00
  • β†—

DoJ, ByteDance ask court: Hurry up and rule on TikTok ban already

Forced selloff case will likely be appealed again ... see you in (Supreme) court

The Department of Justice and Bytedance spent a rare moment unified on Friday when the duo asked for a fast-tracked court schedule for the Chinese short video apps divest or ban case.…

  • May 20th 2024 at 13:30
  • β†—

WikiLeaks’ Julian Assange Can Appeal His Extradition to the US, British Court Says

By Dell Cameron, Matt Burgess
Two judges in London have ruled that WikiLeaks’ founder Julian Assange can appeal his extradition to the US on freedom of speech grounds.

How to Remove Your Personal Info From Google’s Search Results

By Reece Rogers
Maybe you don’t want your phone number, email, home address, and other details out there for all the web to see. Here’s how to make them vanish.

British Library's candid ransomware comms driven by 'emotional intelligence'

It quickly realized β€˜dry’ progress updates weren’t cutting it

CyberUK Emotional intelligence was at the heart of the British Library's widely hailed response to its October ransomware attack, according to CEO Roly Keating.…

  • May 20th 2024 at 09:32
  • β†—

Are all Linux vendor kernels insecure? A new study says yes, but there's a fix

All vendor kernels are plagued with security vulnerabilities, according to a CIQ whitepaper. Will the Linux community ever accept upstream stable kernels?
  • May 16th 2024 at 20:34
  • β†—

Hacker claims to have stolen Dell customer data, twice. Here's how to protect yourself

A hacker told TechCrunch he exploited flaws in two data breaches, giving him access to Dell customer names, phone numbers, email addresses, and physical addresses.
  • May 15th 2024 at 08:03
  • β†—

Lawmakers' Section 230 ultimatum to Big Tech: Work together to make the internet safer, or else

A bipartisan bill seeks to end the Section 230 liability shield for tech companies. Here's a timeline of what happens next.
  • May 14th 2024 at 20:34
  • β†—

Meet Hackbat: An open-source, more powerful Flipper Zero alternative

Hackbat has everything you need to carry out high-end penetration testing duties. Here's how to get your hands on one.
  • May 14th 2024 at 18:35
  • β†—

iOS and Android owners will now be alerted if an unknown tracker is moving with them

Last year, Apple and Google teamed up to develop a specification for alerting users if a Bluetooth tracking device is surreptitiously monitoring them. That feature just rolled out to iOS and Android users.
  • May 14th 2024 at 12:20
  • β†—

Google is planning on a fix to prevent accidental password deletion in Chrome

A default Google Chrome setting in Android could delete credentials saved in the Password Manager, but a potential fix is on the way.
  • May 14th 2024 at 10:47
  • β†—

The best VPN deals right now

We've found the best VPN deals and money-back guarantees on the market right now so you can protect your privacy without breaking the bank.
  • May 13th 2024 at 20:46
  • β†—

The best travel VPNs of 2024: Expert tested and reviewed

We tested the best travel VPNs that offer solid security and fast connections while you're on the road, working remotely, or vacationing.
  • May 13th 2024 at 16:00
  • β†—

Update your Chrome browser ASAP. Google has confirmed a zero-day exploited in the wild

A new Chrome JavaScript security hole is nasty, so get to patching your systems.
  • May 10th 2024 at 16:17
  • β†—

Transparency is sorely lacking amid growing AI interest

Getting companies to open up about how they train their foundation AI models is proving a challenge.
  • May 10th 2024 at 08:56
  • β†—

Singapore updates cybersecurity law to expand regulatory oversight

Amendments to the country's cybersecurity bill aim to bolster its administration amid changes in the threat landscape.
  • May 10th 2024 at 08:13
  • β†—

Why Reddit's new content policy is a big win for your privacy

Reddit will continue to sell user data, but it's enacting restrictions on companies that want to commercialize that data for free. Here's what's changing.
  • May 9th 2024 at 19:21
  • β†—

The best VPN for Mac in 2024: Expert tested and reviewed

Mac VPNs should offer high performance, speed, and security. Here are our Mac VPN recommendations for 2024.
  • May 8th 2024 at 14:58
  • β†—

Security researchers say this scary exploit could render all VPNs useless

VPNs are no longer safe if these security researchers are right.
  • May 7th 2024 at 18:26
  • β†—

BigID announces new AI data security features for Microsoft Copilot

The updates aim to improve AI training data for stronger, less biased models.
  • May 7th 2024 at 13:00
  • β†—

The waterproof Blink Mini 2 is the best Wyze Cam alternative available

The newest version of the Blink Mini sees key improvements that make it worthy even for non-budget shoppers.
  • May 6th 2024 at 19:48
  • β†—

Code faster with generative AI, but beware the risks when you do

Software developers can achieve significant productivity gains with GenAI-powered coding help, but these may come with baggage.
  • May 3rd 2024 at 18:49
  • β†—

What are passkeys? Experience the life-changing magic of going passwordless

Here's how to take the first steps toward ditching passwords for good.
  • May 2nd 2024 at 18:22
  • β†—

Foxit PDF Reader Flaw Exploited by Hackers to Deliver Diverse Malware Arsenal

By Newsroom
Multiple threat actors are weaponizing a design flaw in Foxit PDF Reader to deliver a variety of malware such as Agent Tesla, AsyncRAT, DCRat, NanoCore RAT, NjRAT, Pony, Remcos RAT, and XWorm. "This exploit triggers security warnings that could deceive unsuspecting users into executing harmful commands," Check PointΒ saidΒ in a technical report. "This exploit has been used by multiple
  • May 20th 2024 at 12:20
  • β†—

Strengthen Your Security Operations: MITRE ATT&CK Mapping in Cisco XDR

By Nirav Shah
Discover how Cisco XDR's MITRE ATT&CK mapping strengthens your security operations. Learn to identify security gaps and improve your cybersecurity posture.

Defending Your Commits From Known CVEs With GitGuardian SCA And Git Hooks

By The Hacker News
All developers want to create secure and dependable software. They should feel proud to release their code with the full confidence they did not introduce any weaknesses or anti-patterns into their applications. Unfortunately, developers are not writing theirΒ ownΒ code for the most part these days. 96% of all software contains some open-source components, and open-source components make
  • May 20th 2024 at 10:57
  • β†—

Cyber Criminals Exploit GitHub and FileZilla to Deliver Malware Cocktail

By Newsroom
A "multi-faceted campaign" has been observed abusing legitimate services like GitHub and FileZilla to deliver an array of stealer malware and banking trojans such as Atomic (aka AMOS), Vidar, Lumma (aka LummaC2), and Octo by impersonating credible software like 1Password, Bartender 5, and Pixelmator Pro. "The presence of multiple malware variants suggests a broad cross-platform targeting
  • May 20th 2024 at 09:26
  • β†—

Chinese telco gear may become verboten on German networks

Industry reportedly pressuring digital ministry not to cut the cord

Germany may soon remove Huawei and ZTE equipment from its 5G networks, according to media reports.…

  • May 20th 2024 at 06:28
  • β†—

Nissan infosec in the spotlight again after breach affecting more than 50K US employees

PLUS: Connected automakers put on notice; Cisco Talos develops macOS fuzzing technique; Last week's critical vulns

Infosec in brief Nissan has admitted to another data loss – this time involving the theft of personal information belonging to more than 50,000 Nissan employees.…

  • May 20th 2024 at 02:28
  • β†—

Weekly Update 400

By Troy Hunt
Weekly Update 400

This is the 400th time I've sat down in front of the camera and done one of these videos. Every single week since the 23rd of September in 2016 regardless of location, health, stress and all sorts of other crazy things that have gone on in my life for nearly the last 8 years now, I've done a video. As with so many of the things I create, these are as much for me as they are for you; doing these videos every week has given me a regular cadence amidst some pretty crazy times. I've written before about dealing with stress and I honestly cannot tell you how many times I was having the worst time of my life right up until the point where I went live... and then my entire mindset changed. I had to focus on what I was talking about and just like that, I had a reprieve from the stress.

So, thank you for tuning in, for engaging and commenting, and for giving me a platform not just to talk about tech (and coffee and beer), but to help keep me sane 😊

Weekly Update 400
Weekly Update 400
Weekly Update 400
Weekly Update 400

References

  1. Sponsored by:Β Kolide is an endpoint security solution for teams that want to meet SOC2 compliance goals without sacrificing privacy. Learn more here.
  2. The Post Millenial data breach more than doubled in size once the corrupted archive was fixed (to this time, still nothing from them on the incident AFAIK)
  3. The latest BreachForums has now gone the same way as the previous BreachForums (which went the same way as RaidForums - it's almost like there's an entirely predictable outcome for sites like this πŸ€”)
  4. OpenAI's GPT-4o is kinda mindblowing (it's not perfect - it's far from perfect - but take a moment to consider how quickly this is evolving and how it compares to something like Siri on iOS)

Latrodectus Malware Loader Emerges as IcedID's Successor in Phishing Campaigns

By Newsroom
Cybersecurity researchers have observed a spike in email phishing campaigns starting early March 2024 that deliversΒ Latrodectus, a nascent malware loader believed to be the successor to the IcedID malware. "These campaigns typically involve a recognizable infection chain involving oversized JavaScript files that utilize WMI's ability to invoke msiexec.exe and install a remotely-hosted MSI
  • May 20th 2024 at 05:47
  • β†—
Yesterday β€” May 19th 2024Your RSS feeds

Chinese Nationals Arrested for Laundering $73 Million in Pig Butchering Crypto Scam

By Newsroom
The U.S. Department of Justice (DoJ) has charged two arrested Chinese nationals for allegedly orchestrating a pig butchering scam that laundered at least $73 million from victims through shell companies. The individuals, Daren Li, 41, and Yicheng Zhang, 38, were arrested in Atlanta and Los Angeles on April 12 and May 16, respectively. The foreign nationals have been "charged for leading a scheme
  • May 19th 2024 at 09:46
  • β†—
10 feeds have been updated ❌