SN 719: Exim Under Siege
• A new DRAM problem called "RAMBleed"• A bad Linux TCP SACK server kernel crashing flaw• Last week's patch Tuesday• A Bluetooth surprise• Another useless warning about the BlueKeep vulnerability• Microsoft misses a 90-day Tavis Ormandy deadline• Good news...
SN 718: Update Exim Now!
• SandboxEscaper drops another 0-day• The still-not-yet-widely-exploited BlueKeep vulnerability• GoldBrute Botnet pounding on RDP servers (but not yet using BlueKeep)• The FBI issued an interesting advisory about not trusting secure sites just because they're secure• VLC receives 33 security...
SN 717: The Nansh0u Campaign
• Checking in on the BlueKeep RDP vulnerability• The planned shutdown of one of the most "successful" affiliate-based ransomware systems• An update on the anti-Robocalling problem• Russian and Chinese militaries plan to quit using Windows• Apple's announcement yesterday of...
SN 716: RDP – Really Do Patch
• The Internet is Doomed: BlueKeep Attacks Windows Remote Desktop Protocol• Google Stores Unhashed G Suite Passwords• Sandbox Escaper Drops FIVE New Zero-Day Exploits• Microsoft's Just-released Win10 Feature Update 1903• Security Enhancements in Firefox's Release 67We invite you to...
SN 715: CPU.fail
This Week's Stories• The next round of Intel processor information leakage problems: Microarchitectural Data Sampling vulnerabilities• Last Tuesday's patches from Microsoft, Abode and Apple includes one for Windows XP• Security problem for Cisco that ever has stock analysts taking...
SN 714: Android ‘Q’
This Week's Stories• Update WhatsApp NOW!• Security News from Google I/O 2019 conference• A new exploitable flaw in all Linux kernels earlier than v5.0.8• A new set of flaws affecting all Intel processors known as "ZombieLoad"• Security enhancements in...
SN 713: Post-Coinhive Cryptojacking
This Week's Stories• The continuing and changing world of cryptojacking after Coinhive closed their doors last month.• Google's announcement of self-expiring data retention• The mess arising from Mozilla's intermediate certificate expiration• Another wrinkle in the exploit marketplace• Mozilla's announcement...
SN 712: Credential Stuffing Attacks
• The large and emerging threat of website credential stuffing attacks.• Privacy fallout from our recent coverage of Facebook and Google• The uptake rate of recent Windows 10 feature releases• The source of the A/V troubles with the April...
SN 711: DNSpionage
Top Security Stories this Week:• Google uses its "SensorVault" to help catch the bad guys.• Time to update Drupal again.• Facebook steals users' email contact lists, logs plaintext Instagram passwords• Russia moves closer to adopting "Internet Master Cutoff Switch"...
SN 710: DragonBlood
• DragonBlood: the first effective attack on the new WPA3 protocol• Malicious use of the URL tracking "ping" attribute• The WinRAR Nightmare• More 3rd-party A/V troubles with Microsoft• What good did April's patch Tuesday accomplish?• Adobe 's big patch...
SN 709: URL “Ping” Tracking
This Week's StoriesYet another capitulation in the (virtually lost) battle against tracking our behavior on the Internet with URL "ping" tracking.UK government's plan to legislate, police and enforce online social media contentMicrosoft's Chromium-based Edge browser's securityImprovements to Windows 10's...
SN 708: Android Security
Android Security, 10 Years LaterWinRAR, a 20+ Year Old Tool With 500M Users, Acknowledged VulnerabilityRussian GPS Hacking and What It Means For UsAndroid's April Fools Day PatchesTesla Autopilot SpoofingThe ASUS "ShadowHammer" AttackWindows 10 (last) October 2018 UpdateA VMware UpdateWe...
SN 707: Tesla, Pwned
Results of the much anticipated Mid-March Vancouver Pwn2Own competitionThe return of "Clippy", Microsoft's much-loathed dancing paperclipOperation "ShadowHammer" which reports say compromised ASUS (... but did it?)The ransomware attack on Norsk Hydro aluminumThe surprise renaming of Windows DefenderA severe bug...
SN 706: Open Source eVoting
Last week's Patch Tuesday March MadnessWin7 SHA256 Windows Update... UpdateMany attacks leveraging the recently discovered WinRAR vulnerabilityWhat happens when Apple, Google, and GoDaddy all drop a bit?A big recent jump in Mirai Botnet CapabilityCompromised Counter-Strike gaming serversPrivacy enhancements coming...
SN 705: SPOILER
0-day exploit bidding warNSA releases Ghidra v9Firefox's adds Tor privacyA pair of nasty 0-daysA worrisome breach at CitrixThe risk of claiming to be an unhackable aftermarket car alarmA new and interesting "Windows developers chatting with users" idea at MicrosoftA...
6 Security Tips That’ll Keep the Summer Fun
Taking some time off this summer? Before you head out on vacation, make sure your devices and apps are also ready.
How AI-enhanced malware poses a threat to your organization
Malware controlled by artificial intelligence could create more convincing spam, avoid security detection, and better adapt itself to each target, says a new report from Malwarebytes.
Tech news roundup: HPE Discover 2019, Facebook’s Libra cryptocurrency, and Google Cloud’s debacle
This week's TechRepublic and ZDNet news stories include a look at the companies that hire the most data scientists, four significant impacts of a security breach, and a first-hand account of a major hack job.
ACLU tells Ga. Supreme Court Fourth Amendment should apply to personal data stored by cars
Fourth Amendment protections should apply to personal data in a
car’s Event Data Recorder, the American Civil Liberties Union (ACLU) will argue
before the Georgia Supreme Court today.
The state’s high court is hearing oral arguments in Mobley v.
State, which challenges law...
Can Anything Protect Us From Deepfakes?
Along with fake news, forged videos have become a national security concern, especially as the 2020 presidential elections draw near. Researchers at the University of Surrey have developed a solution that might solve the problem.
