A new security feature in the latest beta of the Microsoft Edge browser can help protect web surfers from zero-day attacks.
Microsoft Edge Adds Security Mode to Thwart Malware Attacks
Project Zero: Zoom Platform Missed ASLR Exploit Mitigation
A prominent security researcher poking around at the Zoom video conferencing platform found worrying signs the company failed to enable a decades-old anti-exploit mitigation, a blunder that greatly increased exposure to malicious hacker attacks.
Thousands of Industrial Firms Targeted in Attacks Leveraging Short-Lived Malware
Thousands of industrial organizations worldwide have been hit in campaigns that leverage short-lived malware to harvest corporate credentials that are then sold by threat actors for a profit, according to Kaspersky.
Multi-Factor Authentication Bypass Led to Box Account Takeover
A vulnerability in Box’s implementation of multi-factor authentication (MFA) allowed attackers to take over victim’s accounts without having access to the victim’s phone, according to new research from Varonis.
ICS Vendors Targeted in Espionage Campaign Focusing on Renewable Energy
Major industrial control system (ICS) vendors and other types of organizations have been targeted in a cyberespionage campaign that appears to focus on renewable energy.
Details Published on AWS Flaws Leading to Data Leaks
Researchers at cloud security startup Orca Security have publicly documented a pair of vulnerabilities in AWS CloudFormation and AWS Glue that attackers could use to leak sensitive files or access other customers’ data.
Apple Patches iOS HomeKit Flaw After Researcher Warning
Apple has released an iOS security update with a fix for a persistent denial-of-service flaw in the HomeKit software framework but only after an independent researcher publicly criticized the company for ignoring his discovery.
Mozilla Patches High-Risk Firefox, Thunderbird Security Flaws
Mozilla has released Firefox 96 with patches for 18 security vulnerabilities affecting its flagship web browser and the Thunderbird mail program.
Of the newly patched security flaws, nine are rated high-severity while six carry a “medium-severity” rating.
Patch Tuesday: Microsoft Calls Attention to ‘Wormable’ Windows Flaw
Microsoft’s first batch of patches for 2022 is a big one: 97 documented security flaws in the Windows ecosystem, some serious enough to cause remote code execution attacks.
Moxie Marlinspike Steps Down as Signal CEO
Celebrated cryptographer Moxie Marlinspike is stepping down as chief executive at Signal, temporarily turning the reins of the popular encrypted messaging platform to WhatsApp co-founder Brian Acton.