Microsoft Edge Adds Security Mode to Thwart Malware Attacks
A new security feature in the latest beta of the Microsoft Edge browser can help protect web surfers from zero-day attacks.
Project Zero: Zoom Platform Missed ASLR Exploit Mitigation
A prominent security researcher poking around at the Zoom video conferencing platform found worrying signs the company failed to enable a decades-old anti-exploit mitigation, a blunder that greatly increased exposure to malicious hacker attacks.
Mandatory Chinese Olympics App Has ‘Devastating’ Encryption Flaw: Analyst
An app all attendees of the upcoming Beijing Olympics must use has encryption flaws that could allow personal information to leak, a cyber security watchdog said Tuesday.
Multi-Factor Authentication Bypass Led to Box Account Takeover
A vulnerability in Box’s implementation of multi-factor authentication (MFA) allowed attackers to take over victim’s accounts without having access to the victim’s phone, according to new research from Varonis.
U.S. Government, Tech Giants Discuss Open Source Software Security
FCC Chair Proposes New Policies for Carrier Data Breach Reporting
Federal Communications Commission (FCC) chairwoman Jessica Rosenworcel this week proposed updated policies around telecom providers’ reporting of data breaches.
Apple Patches iOS HomeKit Flaw After Researcher Warning
Apple has released an iOS security update with a fix for a persistent denial-of-service flaw in the HomeKit software framework but only after an independent researcher publicly criticized the company for ignoring his discovery.
Mozilla Patches High-Risk Firefox, Thunderbird Security Flaws
Mozilla has released Firefox 96 with patches for 18 security vulnerabilities affecting its flagship web browser and the Thunderbird mail program.
Of the newly patched security flaws, nine are rated high-severity while six carry a “medium-severity” rating.
Patch Tuesday: Microsoft Calls Attention to ‘Wormable’ Windows Flaw
Microsoft’s first batch of patches for 2022 is a big one: 97 documented security flaws in the Windows ecosystem, some serious enough to cause remote code execution attacks.
