Mandatory reporting for ransomware attacks? – Week in security with Tony Anscombe
As the UK mulls new rules for ransomware disclosure, what would be the wider implications of such a move, how…
Security
An XSS flaw in GitLab allows attackers to take over accounts
GitLab addressed a high-severity cross-site scripting (XSS) vulnerability that allows unauthenticated attackers to take over user accounts. GitLab fixed a…
Friday Squid Blogging: Dana Squid Attacking Camera
Fantastic footage of a Dana squid attacking a camera at a depth of about a kilometer. As usual, you can…
Introducing Nimfilt: A reverse-engineering tool for Nim-compiled binaries
Available as both an IDA plugin and a Python script, Nimfilt helps to reverse engineer binaries compiled with the Nim…
Google fixes eighth actively exploited Chrome zero-day this year, the third in a month
Google rolled out a new emergency security update to fix another actively exploited zero-day vulnerability in the Chrome browser. Google…
On the Zero-Day Market
New paper: “Zero Progress on Zero Days: How the Last Ten Years Created the Modern Spyware Market“: Abstract: Spyware makes…
CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog
CISA adds Apache Flink improper access control vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security…
Usage of TLS in DDNS Services leads to Information Disclosure in Multiple Vendors
The use of Dynamic DNS (DDNS) services embedded in appliances can potentially expose data and devices to attacks. The use…
Recall feature in Microsoft Copilot+ PCs raises privacy and security concerns
UK data watchdog is investigating Microsoft regarding the new Recall feature in Copilot+ PCs that captures screenshots of the user’s…
The Unseen Danger of Undertrained Admins in Meta Suite Groups (WhatsApp, Facebook, Instagram)
The Unseen Dangers of Undertrained Admins in Facebook or Meta Groups In today’s digital age, social media platforms like Facebook…