Edge-Access Trojans (EATs) allow attackers to collect data and even disrupt crucial decisions as the edge of the network
Living Off the “Edge” of the Land
Microsoft Edge Adds Security Mode to Thwart Malware Attacks
A new security feature in the latest beta of the Microsoft Edge browser can help protect web surfers from zero-day attacks.
Project Zero: Zoom Platform Missed ASLR Exploit Mitigation
A prominent security researcher poking around at the Zoom video conferencing platform found worrying signs the company failed to enable a decades-old anti-exploit mitigation, a blunder that greatly increased exposure to malicious hacker attacks.
Multi-Factor Authentication Bypass Led to Box Account Takeover
A vulnerability in Box’s implementation of multi-factor authentication (MFA) allowed attackers to take over victim’s accounts without having access to the victim’s phone, according to new research from Varonis.
FCC Chair Proposes New Policies for Carrier Data Breach Reporting
Federal Communications Commission (FCC) chairwoman Jessica Rosenworcel this week proposed updated policies around telecom providers’ reporting of data breaches.
Apple Patches iOS HomeKit Flaw After Researcher Warning
Apple has released an iOS security update with a fix for a persistent denial-of-service flaw in the HomeKit software framework but only after an independent researcher publicly criticized the company for ignoring his discovery.
Mozilla Patches High-Risk Firefox, Thunderbird Security Flaws
Mozilla has released Firefox 96 with patches for 18 security vulnerabilities affecting its flagship web browser and the Thunderbird mail program.
Of the newly patched security flaws, nine are rated high-severity while six carry a “medium-severity” rating.
Patch Tuesday: Microsoft Calls Attention to ‘Wormable’ Windows Flaw
Microsoft’s first batch of patches for 2022 is a big one: 97 documented security flaws in the Windows ecosystem, some serious enough to cause remote code execution attacks.
Millions of Routers Impacted by NetUSB Kernel Vulnerability
A vulnerability in the NetUSB kernel module could allow remote attackers to execute code on millions of router devices, endpoint security company SentinelOne warns.
Apache Foundation Calls Out Open-Source Leechers
The Apache Software Foundation (ASF) is calling out for-profit companies leeching on open-source code, warning that “only a tiny percentage” of downstream vendors are contributing to securing the open-source ecosystem.
