ROCZNY KURS ANGIELSKIEGO -40%Ucz się języka w wygodnej apce eTutoraSPRAWDŹ >>

Security Now!

SN 948: What if a Bit Flipped? - Privacy Badger, Downfall, OpenVPN, Windshield Barnacle, Article 45

Dodany: 15 listopada 2023

Privacy Badger blocks trackers on news sites and prevents browser exposure to unwanted domains like TikTok and Datadog.
No major updates on EU's controversial Article 45 in eIDAS 2.0. Industry...

SN 947: Article 45 - Citrix Bleed update, Ace Hardware cyberattack, Bitwarden get Passkeys

Dodany: 8 listopada 2023

Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing key
A quartet of new 0-day vulnerabilities in Exchange Server that Microsoft declined to...

SN 946: CitrixBleed - iMessage Cotact Key Verification, HackerOne bug bounty news, CISA's Logging Made Easy

Dodany: 1 listopada 2023

What caused last week's connection interruption? Router was rebooting intermittently, but why?
David Redekop of AdamNetworks explained their enterprise network security solution aims to only allow...

SN 945: The Power of Privilege - New cURL vulnerabilities, CVSS 10.0 Cisco Nightmare, So long VBScript!

Dodany: 25 października 2023

How fake drives continue to be sold on Amazon despite negative reviews
Microsoft is discontinuing support for the VBScript language
The 30-year old NTLM authentication protocol will eventually be...

SN 944: Abusing HTTP/2 Rapid Reset - Passkeys, ValiDrive follow-up, 2FA apps, pre-release Spinrite

Dodany: 18 października 2023

ValiDrive release follow-up
Passkeys exportability and phishing risk
Passkeys for device verification like SSH keys
Possibility of hobby browsers vs. production browsers
Availability of...

SN 943: The Top 10 Cybersecurity Misconfigurations - MACE Act Passed, Brave Layoffs, 23andMe Breached

Dodany: 11 października 2023

Steve announces the release of his new freeware utility ValiDrive for detecting fake drive capacities.
23andMe claims a recent data breach exposed customer info due to credential stuffing attacks....

SN 942: Encrypting ClientHello - EXIM eMail Servers Exposed, Windows 11 Passkeys, Bing Chat Malware Risk

Dodany: 4 października 2023

Exim email server ignored ZDI's responsible disclosure of critical remote code execution flaws for over a year, putting millions of servers at risk.
Malicious ads are appearing in Bing Chat...

SN 941: We told you so! - NSA hacked Huawei? MS big AI data blunder, ValiDrive update

Dodany: 27 września 2023

Apple has quietly removed support for Postscript in macOS Ventura over security concerns with the outdated interpreter language.
China has formally accused the NSA of hacking and maintaining...

SN 940: When Hashes Collide - Secure-wipe best practices, browser identity segregation, bye bye Twitter (X)

Dodany: 20 września 2023

Last week's news about evidence of LastPass vault decryption targeting cryptocurrency keys, and the UK's backing down on its encryption monitoring legislation.
How hardware security modules (HSMs)...

SN 939: LastMess - Online Safety Bill, Microsoft Outlook breach details, auto brand data privacy

Dodany: 13 września 2023

UK government appears to back down on demands to break encryption in Online Safety Bill
Microsoft reveals how China-based hackers acquired secret key used to breach Outlook accounts
Multiple...

SN 938: Apple Says No - Topics coming to Android, Apple security research, browser extension vulnerabilities

Dodany: 6 września 2023

Steve provides an update on ValiDrive, his new freeware utility for testing USB drives. It identifies bogus mass storage drives and performance differences between drives.
There has been another...

SN 937: The Man in the Middle - WinRAR v6.23, fake flash drives, Voyager2 antenna, Google Topics

Dodany: 30 sierpnia 2023

Picture of the Week: Steve shares a funny "what we say vs what we mean" image about tech support conversations.
WinRAR v6.23 fixes: Steve explains that updating to the latest WinRAR is more...

SN 936: When Heuristics Backfire - OpenSUSE, SanDisk and Western Digital, 8Base, TSSHOCK

Dodany: 23 sierpnia 2023

OpenSUSE goes private.
Android to get satellite comms.
SanDisk and Western Digital in hot water.
You're asking for it: YouTube children's privacy.
Whoopsie! 8Base.
Where the money is.
The...

SN 935: "Topics" Arrives - Firefox multi-account containers, DuckDuckGo email alias, satellite crowding

Dodany: 16 sierpnia 2023

Picture of the Week.
Security Now!'s 18th birthday!
Closing the Loop.
Firefox Multi-Account Containers.
A question about Full Disk Encryption on SSD's.
Should I run SpinRite before I back up...

SN 934: Revisiting Global Privacy Control - Voyager 2, MS Security, keyboard acoustic side-channel attacks

Dodany: 9 sierpnia 2023

Picture of the Week.
NASA "shouted" at Voyager.
Another view of Microsoft.
What about this Chinese attack?
AI meets Keyboard Acoustic Side-Channel attacks.
Closing the Loop.
Revisiting Global...

SN 933: TETRA:BURST - Satellite Turla, Android tracker tech, VirusTotal 2023 report, open source in Russia

Dodany: 2 sierpnia 2023

Picture of the Week.
Satellite Turla: APT Command and Control in the Sky.
OS 17 to further crack down on device fingerprinting.
Android to start warning of "unknown trackers".
The 7th branch of...

SN 932: Satellite Insecurity, Part 2 - Apple vs EU, Cyber Resilience Act, Web Environment Integrity

Dodany: 26 lipca 2023

Picture of the Week.
R.I.P. Kevin Mitnick.
Apple says: "Thanks, but we'd rather leave."
Web Environment Integrity.
Web Analytics under the spotlight.
More progress on the IoT security front....

SN 931: Satellite Insecurity, Part 1 - Kaspersky on MS flaw, WormGPT, Bitcoin addresses, Twitter DM change

Dodany: 19 lipca 2023

Picture of the Week.
Kaspersky on Microsoft's Patch Tuesday.
As the worm turns: WormGPT.
Microsoft revokes 100+ malicious drivers.
MOVEit Update.
Does Dun & Bradstreet know you?
No Threads...

SN 930: Rowhammer Indelible Fingerprinting - MOVEit SQLi flaw, China's OpenKylin v1, Firefox 115, Syncthing

Dodany: 12 lipca 2023

Picture of the Week.
Another Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer Software.
And as for MOVEit...
What's a "Rug Pull" ??
"Avast, ye Matey"
China's OpenKylin v1....

SN 929: Operation Triangulation - DuckDuckBrowse, KasperskyOS Phone, Cyber Force, MOVEit

Dodany: 28 czerwca 2023

Picture of the Week.
Catching Leo up to speed from last week.
DuckDuckBrowse.
And an updated Tor Browser.
Opera, now enhanced with "AI".
The KasperskyOS Phone.
The cost of doing business in...