These things may be cool, but are they safe?

In the rush to embrace IoT devices, we shouldn’t trade in our privacy and security for the added convenience. Ours is an interconnected world. We have smart doorbells, so we can check on our smartphones who rang, smartwatches to track our children’s’ locations, and fitness trackers to see how we are doing with our physical … More These things may be cool, but are they safe?

Microsoft fixes vulnerability affecting all Windows versions since 1996

Another vulnerability in the same Windows component was abused by Stuxnet a decade ago. A vulnerability in a decades-old Windows component that controls printing on machines running the operating system could be abused by malicious actors to gain elevated privileges on the targeted system, according to security researchers Yarden Shafir and Alex Ionescu. The flaw, which … More Microsoft fixes vulnerability affecting all Windows versions since 1996

iOS Mail app flaws may have left iPhone users vulnerable for years

A pair of vulnerabilities in the default email app on iOS devices is believed to have been exploited against high-profile targets. Apple’s iOS Mail app, which comes pre-installed on all iOS devices, has been found to contain two severe security vulnerabilities that, if exploited, could enable hackers to steal the victims’ data. In fact, the … More iOS Mail app flaws may have left iPhone users vulnerable for years

KrØØk: Serious vulnerability affected encryption of billion+ Wi‑Fi devices

ESET researchers uncover a previously unknown security flaw allowing an adversary to decrypt some wireless network packets transmitted by vulnerable devices. ESET Research has published its latest white paper, KrØØk – CVE-2019-15126: Serious vulnerability deep inside your Wi-Fi encryption. This blogpost summarizes that white paper, authored by researchers Miloš Čermák, Robert Lipovský and Štefan Svorenčík. For updated … More KrØØk: Serious vulnerability affected encryption of billion+ Wi‑Fi devices

Google: Flaws in Apple’s privacy tool could enable tracking

Safari’s anti-tracking feature could apparently give access to users’ browsing habits. An anti-tracking tool baked into Apple’s Safari web browser was found to contain flaws that, if abused, could enable the very thing that the tool was designed to prevent, according to a team of Google researchers. In a recently released report, the researchers disclosed multiple … More Google: Flaws in Apple’s privacy tool could enable tracking

Microsoft exposed 250 million customer support records

Databases containing 14 years’ worth of customer support logs were publicly accessible with no password protection. Over 250 million customer service and support records were exposed by Microsoft over a two-day period in December 2019 due to a server misconfiguration. Since the records weren’t secured with any authentication measures, anyone with an internet connection and … More Microsoft exposed 250 million customer support records

New Internet Explorer zero‑day remains unpatched

You may want to implement a workaround or stop using the browser altogether, at least until Microsoft issues a a fix. Microsoft has released a security advisory alerting users to an as-yet unpatched vulnerability in its Internet Explorer (IE) web browser that is being exploited in limited targeted attacks. The zero-day, which is tracked as CVE-2020-0674, is a … More New Internet Explorer zero‑day remains unpatched