Proton has launched 'Docs in Proton Drive,' a free and open-source end-to-end encrypted web-based document editing and collaboration tool. [...]
...moreSummary
Total Articles Found: 41
Top sources:
Top Keywords:
- Security: 38
- Software: 5
- Mobile: 5
- Google: 3
- CryptoCurrency: 3
Top Authors
- Bill Toulas: 41
Top Articles:
- Hackers exploit bug in Elementor Pro WordPress plugin with 11M installs
- Kaspersky releases free tool that scans Linux for known threats
- A mishandled GitHub token exposed Mercedes-Benz source code
- Russian-linked Android malware records audio, tracks your location
- DuckDuckGo now blocks Google sign-in pop-ups on all sites
- VMware: 70% drop in Linux ESXi VM performance with Retbleed fixes
- New Android malware on Google Play installed 3 million times
- Unpatched DNS bug affects millions of routers and IoT devices
- Winamp releases source code, asks for help modernizing the player
- Malicious VSCode extensions with 229M installs found on Microsoft marketplace
Proton launches free, privacy-focused Google Docs alternative
Published: 2024-07-03 10:00:00
Popularity: 170
Author: Bill Toulas
Keywords:
đ¤: "Proton up!"
Malicious VSCode extensions with 229M installs found on Microsoft marketplace
đ¤: ""Extension Nightmare""
A group of Israeli researchers exploring the limits of VSCode security have managed to "infect" over 100 organizations with a typosquatting Dracula extension that was weaponized with risky code. [...]
...moreA mishandled GitHub token exposed Mercedes-Benz source code
A mishandled GitHub token gave unrestricted access to Mercedes-Benz's internal GitHub Enterprise Service, exposing source code to the public. [...]
...moreNew sandbox escape PoC exploit available for VM2 library, patch now
Security researchers have released yet another sandbox escape proof of concept (PoC) exploit that makes it possible to execute unsafe code on the host running the VM2 sandbox. [...]
...moreHackers exploit bug in Elementor Pro WordPress plugin with 11M installs
Hackers are actively exploiting a high-severity vulnerability in the popular Elementor Pro WordPress plugin used by over eleven million websites. [...]
...moreGoogle will boost Android security through firmware hardening
Google has presented a plan to strengthen the firmware security on secondary Android SoCs (systems on a chip) by introducing mechanisms like control flow integrity, memory safety systems, and compiler-based sanitizers. [...]
...moreCritical flaws in WordPress Houzez theme exploited to hijack websites
Hackers are actively exploiting two critical-severity vulnerabilities in the Houzez theme and plugin for WordPress, two premium add-ons used primarily in real estate websites. [...]
...moreDuckDuckGo now blocks Google sign-in pop-ups on all sites
DuckDuckGo apps and extensions are now blocking Google Sign-in pop-ups on all its apps and browser extensions, removing what it perceives as an annoyance and a privacy risk for its users. [...]
...moreEarSpy attack eavesdrops on Android phones via motion sensors
A team of researchers has developed an eavesdropping attack for Android devices that can, to various degrees, recognize the caller's gender and identity, and even discern private speech. [...]
...moreMalicious Android app found powering account creation service
âA fake Android SMS application, with 100,000 downloads on the Google Play store, has been discovered to secretly act as an SMS relay for an account creation service for sites like Microsoft, Google, Instagram, Telegram, and Facebook [...]
...moreNew ransomware encrypts files, then steals your Discord account
The new 'AXLocker' ransomware family is not only encrypting victims' files and demanding a ransom payment but also stealing the Discord accounts of infected users. [...]
...moreMassive cryptomining campaign abuses free-tier cloud dev resources
An automated and large-scale 'freejacking' campaign abuses free GitHub, Heroku, and Buddy services to mine cryptocurrency at the provider's expense. [...]
...moreCryptominers hijack $53 worth of system resources to earn $1
Security researchers estimate that the financial impact of cryptominers infecting cloud servers costs victims about $53 for every $1 worth of cryptocurrency threat actors mine on hijacked devices. [...]
...moreSignal calls on users to run proxies for bypassing Iran blocks
Signal is urging its global community to help people in Iran stay connected with each other and the rest of the world by volunteering proxies to bypass the aggressive restrictions imposed by the Iranian regime. [...]
...moreVMware: 70% drop in Linux ESXi VM performance with Retbleed fixes
VMware is warning that ESXi VMs running on Linux kernel 5.19 can have up to a 70% performance drop when Retbleed mitigations are enabled compared to the Linux kernel 5.18 release. [...]
...moreFirmware bugs in many HPE computer models left unfixed for over a year
A set of six high-severity firmware vulnerabilities impacting a broad range of HP Enterprise devices are still waiting to be patched, although some of them were publicly disclosed since July 2021. [...]
...moreGitLab âstrongly recommendsâ patching critical RCE vulnerability
GitLab is urging users to install a security update for branches 15.1, 15.2, and 15.3 of its community and enterprise editions to fix a critical vulnerability that could enable an attacker to perform remote command execution via Github import. [...]
...moreWindows malware delays coinminer install by a month to evade detection
A new malware campaign disguised as Google Translate or MP3 downloader programs was found distributing cryptocurrency mining malware across 11 countries. [...]
...moreThousands of Solana wallets drained in attack using unknown exploit
An overnight attack on the Solana blockchain platform drained thousands of software wallets of cryptocurrency worth millions of U.S. dollars. [...]
...moreEx-Coinbase manager charged in first crypto insider-trading case
The U.S. Department of Justice has charged a former Coinbase manager and two co-conspirators with wire fraud conspiracy and scheme to commit insider trading in cryptocurrency assets. [...]
...moreNew Android malware on Google Play installed 3 million times
A new Android malware family on the Google Play Store that secretly subscribes users to premium services was downloaded over 3,000,000 times. [...]
...moreHackers can unlock Honda cars remotely in Rolling-PWN attacks
A team of security researchers found that several modern Honda car models have a vulnerable rolling code mechanism that allows unlocking the cars or even starting the engine remotely. [...]
...moreAmazon fixes high-severity vulnerability in Android Photos app
Amazon has confirmed and fixed a vulnerability in its Photos app for Android, which has been downloaded over 50 million times on the Google Play Store. [...]
...moreCritical Jupiter WordPress plugin flaws let hackers take over sites
WordPress security analysts have discovered a set of vulnerabilities impacting the Jupiter Theme and JupiterX Core plugins for WordPress, one of which is a critical privilege escalation flaw. [...]
...moreUnpatched DNS bug affects millions of routers and IoT devices
A vulnerability in the domain name system (DNS) component of a popular C standard library that is present in a wide range of IoT products may put millions of devices at DNS poisoning attack risk. [...]
...moreUbuntu 22.04 LTS released with performance and security improvements
Canonical has announced the general availability of version 22.04 of the Ubuntu Linux distribution, codenamed 'Jammy Jellyfish', which brings better hardware support and an improved security baseline. [...]
...moreCritical flaw in Elementor WordPress plugin may affect 500k sites
The authors of the Elementor Website Builder plugin for WordPress have just released version 3.6.3 to address a critical remote code execution flaw that may impact as many as 500,000 websites. [...]
...moreRussian-linked Android malware records audio, tracks your location
A previously unknown Android malware has been linked to the Turla hacking group after discovering the app used infrastructure previously attributed to the threat actors. [...]
...moreHacking group 'ModifiedElephant' evaded discovery for a decade
Threat analysts have linked a decade of activity to an APT (advanced persistent threat) actor called 'ModifiedElephant', who has managed to remain elusive to all threat intelligence firms since 2012. [...]
...moreSwiss army bans all chat apps but locally-developed Threema
The Swiss army has banned foreign instant-messaging apps such as Signal, Telegram, and WhatsApp and requires army members to use the locally-developed Threema messaging app instead. [...]
...moreHackers use in-house Zoho ServiceDesk exploit to drop webshells
An advanced persistent threat (APT) group that had been exploiting a flaw in the Zoho ManageEngine ADSelfService Plus software has pivoted to leveraging a different vulnerability in another Zoho product. [...]
...moreFake end-to-end encrypted chat app distributes Android spyware
The GravityRAT remote access trojan is being distributed in the wild again, this time under the guise of an end-to-end encrypted chat application called SoSafe Chat. [...]
...moreMozilla Thunderbird 91.3 released to fix high impact flaws
âMozilla released  Thunderbird 91.3 to fix several high-impact vulnerabilities that can cause a denial of service, spoof the origin, bypass security policies, and allow arbitrary code execution. [...]
...moreOver 30,000 GitLab servers still unpatched against critical bug
A critical unauthenticated, remote code execution GitLab flaw fixed on April 14, 2021, remains exploitable, with over 50% of deployments remaining unpatched. [...]
...moreWordPress plugin bug impacts 1M sites, allows malicious redirects
The OptinMonster plugin is affected by a high-severity flaw that allows unauthorized API access and sensitive information disclosure on roughly a million WordPress sites. [...]
...moreMedtronic urgently recalls insulin pump controllers over hacking concerns
Medtronic is urgently recalling remote controllers for insulin pumps belonging to its 'MiniMed Paradigm' family of products, due to potential cybersecurity risks. [...]
...moreHackers use DNS tunneling for network scanning, tracking victims
Threat actors are using Domain Name System (DNS) tunneling to track when their targets open phishing emails and click on malicious links, and to scan networks for potential vulnerabilities. [...]
...moreKaspersky releases free tool that scans Linux for known threats
Published: 2024-06-01 15:17:34
Popularity: 1837
Author: Bill Toulas
Keywords:
đ¤: "Linux shield on"
Kaspersky has released a new virus removal tool named KVRT for the Linux platform, allowing users to scan their systems and remove malware and other known threats for free. [...]
...moreAI-Powered Malware Bypasses All Known Antivirus Solutions, Researchers Warn
đ¤: ""AI UhOh""
Researchers have discovered "MalVAI," an AI-powered malware that can bypass all known antivirus solutions by constantly adapting its behavior and code to evade detection. This new threat highlights the obsolescence of traditional cybersecurity methods, prompting an urgent need for AI-driven defense mechanisms. Experts emphasize the necessity for the cybersecurity industry to innovate and develop dynamic solutions capable of evolving alongside sophisticated AI-driven attacks.
...moreWinamp releases source code, asks for help modernizing the player
đ¤: "Code out"
The iconic Winamp media player has fulfilled a promise made in May to go open-source and has now published its complete source code on GitHub. [...]
...moreCritical flaw in NVIDIA Container Toolkit allows full host takeover
Published: 2024-09-29 14:23:34
Popularity: 159
Author: Bill Toulas
Keywords:
đ¤: ""host taken over""
A critical vulnerability in NVIDIA Container Toolkit impacts all AI applications in a cloud or on-premise environment that rely on it to access GPU resources. [...]
...more