Researchers Say Microsoft Office 365 Uses Broken Email Encryption to Secure Messages
Researchers Say Microsoft Office 365 Uses Broken Email Encryption to Secure Messages Go to Source New research has disclosed what's being called a security vulnerability in Microsoft 365 that could be exploited to infer message...
Microsoft 365 Message Encryption found to leak structural information in messages
Microsoft 365 Message Encryption found to leak structural information in messages Go to Source Cybersecurity company WithSecure Oyj is warning that a security flaw in Microsoft 365 Message Encryption can leak structural information in...
At Ignite 2022, DevOps and ransomware protection are the focus of Microsoft’s security updates
At Ignite 2022, DevOps and ransomware protection are the focus of Microsoft’s security updates Go to Source As always, security was at the forefront for Microsoft Corp. today at Ignite 2022, with its extensive range of product updates...
Microsoft’s out-of-date driver list left Windows PCs open to malware attacks
Article URL: https://www.theverge.com/2022/10/16/23405739/microsoft-out-of-date-driver-list-windows-pcs-malware-attacks-years-byovd Comments URL: https://news.ycombinator.com/item?id=33226123 Points: 15 # Comments: 2
A 24-year-old bug in the Linux Kernel TCP stack (2021)
Article URL: https://engineering.skroutz.gr/blog/uncovering-a-24-year-old-bug-in-the-linux-kernel/ Comments URL: https://news.ycombinator.com/item?id=33214439 Points: 8 # Comments: 0
Researchers Detail Windows Zero-Day Vulnerability Patched Last Month
Researchers Detail Windows Zero-Day Vulnerability Patched Last Month Go to Source Details have emerged about a now-patched security flaw in Windows Common Log File System (CLFS) that could be exploited by an attacker to gain elevated...
Microsoft Office 365 vulnerability lets hackers sidestep email encryption
Microsoft Office 365 vulnerability lets hackers sidestep email encryption Go to Source A WithSecure researcher has uncovered a Microsoft Office 365 vulnerability that enables hackers to infer the contents of encrypted emails.Read...
Flaw in Microsoft OME Could Lead to Leakage of Encrypted Data
Flaw in Microsoft OME Could Lead to Leakage of Encrypted Data Go to Source WithSecure researcher Harry Sintonen has released an advisory on issues with Microsoft Office 365 Message Encryption (OME). OME is used to send encrypted...
Linux kernel 6.1 will contain fixes, features. Useful Rust modules? Not yet
But you get a super practical patch that prints CPU, core, and socket when you get a segfault The merge window for contributions to Linux 6.1 is still open and incoming features include Wi-Fi security fixes and hardware tests.…
Researchers Reveal Detail for Windows Zero-Day Vulnerability Patched Last Month
Researchers Reveal Detail for Windows Zero-Day Vulnerability Patched Last Month Go to Source Details have emerged about a now-patched security flaw in Windows Common Log File System (CLFS) that could be exploited by an attacker to...
Some remotely exploitable Linux kernel WiFi vulnerabilities
Article URL: https://lwn.net/Articles/911062/ Comments URL: https://news.ycombinator.com/item?id=33200171 Points: 178 # Comments: 62
Army Soldier Says Using Microsoft’s HoloLens AR Goggles Could Get Them Killed
Army Soldier Says Using Microsoft’s HoloLens AR Goggles Could Get Them Killed Go to Source (Photo: US Army)Nearly four years and $22 billion dollars into Microsoft’s development of HoloLens devices for the US military, an Army tester...
New PHP Version of Ducktail Malware Hijacking Facebook Business Accounts
A PHP version of an information-stealing malware called Ducktail has been discovered in the wild being distributed in the form of cracked installers for legitimate apps and games, according to the latest findings from Zscaler. "Like older versions (.NetCore), the...
LockBit 3.0 malware forced NHS tech supplier to shut down hosted sites
Managed software provider Advanced admits some customer data 'exfiltrated' in August ransomware attack Advanced, a managed software provider to the UK National Health Service, has confirmed that customer data was indeed lifted as part of the attack by cyber baddies...
Banks face their ‘darkest hour’ as malware steps up, maker of antivirus says
When I saw it, I had to reverse engineer it, Kaspersky's lead security researcher tells us Interview Crimeware targeting banks and other financial-services organizations today features sophisticated capabilities and evasion tools, according to Kaspersky's lead...
Microsoft’s HoloLens headsets are giving US Army testers nausea
Microsoft's HoloLens headsets are giving US Army testers nausea Go to Source Microsoft's HoloLens headsets for the US Army have some teething troubles. Bloomberg and Insider say a recent unclassified report reveals the current...
New Chinese Cyberespionage Group WIP19 Targets Telcos, IT Service Providers
A newly identified cyberespionage group operating out of China has been targeting IT services providers and telecommunications companies with signed malware. read more
New Chinese Malware Attack Framework Targets Windows, macOS, and Linux Systems
A previously undocumented command-and-control (C2) framework dubbed Alchimist is likely being used in the wild to target Windows, macOS, and Linux systems. "Alchimist C2 has a web interface written in Simplified Chinese and can generate a configured payload, establish...
Android security warning: These crooks phone you and trick you into downloading malware
Phishing websites steal your phone number - then a crook calls you to trick you into downloading malware.
The new Microsoft Designer is a DALL-E-powered Canva killer
The new Microsoft Designer is a DALL-E-powered Canva killer Go to Source Microsoft has built the first true practical use of text-to-image AI technology with a new tool called Designer. It may sound innocuous, just another...
Modified WhatsApp App Caught Infecting Android Devices with Malware
An unofficial version of the popular WhatsApp messaging app called YoWhatsApp has been observed deploying an Android trojan known as Triada. The goal of the malware is to steal the keys that "allow the use of a WhatsApp account without the app," Kaspersky said in a...
US election workers slammed with phishing, malware-stuffed emails
It's almost like there's some midterms coming up Election workers in US battleground states have been hit by a surge in phishing and malware-laced emails in the run up to their primaries and the upcoming 2022 midterm elections.…
Microsoft’s Edge browser gets shared Workspaces, new security features and more
Microsoft’s Edge browser gets shared Workspaces, new security features and more Go to Source It’s Microsoft Ignite this week and while a lot of the announcements this week target the kinds of IT professionals and admins who really...
Hackers Using Vishing to Trick Victims into Installing Android Banking Malware
Malicious actors are resorting to voice phishing (vishing) tactics to dupe victims into installing Android malware on their devices, new research from ThreatFabric reveals. The Dutch mobile security company said it identified a network of phishing websites targeting...
QBot Malware Infects Over 800 Corporate Users in New, Ongoing Campaign
More than 800 corporate users have been infected in a new QBot malware distribution campaign since September 28, Kaspersky warns. read more
Cyber Security Today, Oct. 12, 2022 – Toyota blames contractor for five-year data leak, code from Intel is leaked and more
Toyota blames contractor for five-year data leak, code from Intel is leaked and more. Welcome to Cyber Security Today. It’s Wednesday, October 12th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com. Third parties such as partners...
ICS Patch Tuesday: Siemens, Schneider Electric Release 19 New Security Advisories
Industrial giants Siemens and Schneider Electric have released a total of 19 security advisories for the October 2022 Patch Tuesday. The advisories cover 36 vulnerabilities affecting their ICS products. Siemens read more
64,000 Additional Patients Impacted by Omnicell Data Breach – What is Your Data Breach Action Plan?
In April 2022, Omnicell reported a data breach affecting nearly 62,000 patients. The company has revealed that the incident has impacted an additional 64,000 individuals. This brings the total number of patients affected to over 126,000. Will you be the next victim...
Critical Bug in Siemens SIMATIC PLCs Could Let Attackers Steal Cryptographic Keys
A vulnerability in Siemens Simatic programmable logic controller (PLC) can be exploited to retrieve the hard-coded, global private cryptographic keys and seize control of the devices. "An attacker can use these keys to perform multiple advanced attacks against Siemens...
SAP Patches Critical Vulnerabilities in Commerce, Manufacturing Execution Products
German enterprise software maker SAP has released 15 new security notes on its October 2022 Security Patch Day, including two ‘hot news’ notes dealing with critical vulnerabilities. The company also updated two previously released security notes. read more