AirDrop flaws could leak phone numbers, email addresses

You can only stay safe by disabling AirDrop discovery in the system settings of your Apple device, a study says. Two security loopholes in Apple’s AirDrop feature could let hackers access the phone numbers and email addresses associated with both the sending and receiving device, German researchers have found. The feature, which lets users easily … More AirDrop flaws could leak phone numbers, email addresses

Brave browser’s Tor mode exposed users’ dark web activity

A bug in the ad blocking component of Brave’s Tor feature caused the browser to leak users’ DNS queries. Brave, one of the top-rated browsers for privacy, has fixed a bug in its Private Windows with Tor feature that leaked the .onion URLs for websites visited by the browser’s users, according to a report by an anonymous researcher, … More Brave browser’s Tor mode exposed users’ dark web activity

Microsoft patches actively exploited Windows kernel flaw

This month’s relatively humble bundle of security updates fixes 56 vulnerabilities, including a zero-day bug and 11 flaws rated as critical. Yesterday was the second Tuesday of the month, which means that Microsoft is rolling out patches for security vulnerabilities found in Windows and its other products. This year’s second batch of security updates brings … More Microsoft patches actively exploited Windows kernel flaw

DNSpooq bugs expose millions of devices to DNS cache poisoning

Security flaws in a widely used DNS software package could allow attackers to send users to malicious websites or to remotely hijack their devices. Millions of devices could be vulnerable to Domain Name System (DNS) cache poisoning and remote code execution attacks due to seven security flaws in dnsmasq, DNS forwarding and caching software commonly found in smartphones, … More DNSpooq bugs expose millions of devices to DNS cache poisoning

ESET discovers Operation Spalax: Colombian government and industry sector under targeted attack

In 2020, ESET researchers observed several attacks exclusively targeting Colombian entities, which have collectively been dubbed Operation Spalax. These attacks are ongoing and are focused on both government institutions and private companies, especially in the energy and metallurgical industries. The attackers rely on the use of remote access trojans, most likely to conduct cyber-espionage activities.  … More ESET discovers Operation Spalax: Colombian government and industry sector under targeted attack