Month: June 2024
A group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to “infect” over 100 organizations by trojanizing a copy of the popular ‘Dracula Official theme to include risky code. Visual Studio Code (VSCode) is a source code editor published by Microsoft and used by many professional software developers worldwide.…
Read MoreInternal source code and data belonging to The New York Times was leaked on the 4chan message board after being stolen from the company’s GitHub repositories in January 2024, The Times confirmed to BleepingComputer. As first seen by VX-Underground, the internal data was leaked on Thursday by an anonymous user who posted a torrent to a…
Read MoreHacktivists are conducting DDoS attacks on European political parties that represent and promote strategies opposing their interests, according to a report by Cloudflare. The European Parliament elections are already underway in the Netherlands and are set to begin in 26 more countries across the EU over the coming days, igniting politically motivated cyberattacks. Cloudflare reports…
Read MoreJun 08, 2024NewsroomVulnerability / Programming Details have emerged about a new critical security flaw impacting PHP that could be exploited to achieve remote code execution under certain circumstances. The vulnerability, tracked as CVE-2024-4577, has been described as a CGI argument injection vulnerability affecting all versions of PHP installed on the Windows operating system. According to…
Read MoreJun 08, 2024NewsroomArtificial Intelligence / Privacy Microsoft on Friday said it will disable its much-criticized artificial intelligence (AI)-powered Recall feature by default and make it an opt-in. Recall, currently in preview and coming exclusively to Copilot+ PCs on June 18, 2024, functions as an “explorable visual timeline” by capturing screenshots of what appears on users’…
Read MoreVideo Ticketmaster seems to have experienced a data breach, with the ShinyHunters hacker group claiming to have exfiltrated 560 million customer data. Watch as Tony discusses the story and provides useful tips on how to protect people’s data. 07 Jun 2024 Ticketmaster has reportedly been breached by a hacker group known as ShinyHunters, who claim…
Read MoreMS-ISAC ADVISORY NUMBER: 2024-068 DATE(S) ISSUED: 06/07/2024 OVERVIEW: A vulnerability has been discovered in SolarWinds Serv-U that could allow for path transversal that could lead to disclosure of sensitive information. SolarWinds Serv-U is a managed file transfer solution used to store and share files across an enterprise network. It can be hosted on both Windows…
Read MoreLastPass says its almost 12-hour outage yesterday was caused by a bad update to its Google Chrome extension. Starting at around 1 PM ET yesterday, LastPass users were suddenly unable to access their password vaults or log into their accounts, instead seeing “404 Not Found” errors, which typically indicate a page does not exist. The impact…
Read MoreAfter privacy and security experts voiced concerns about Recall – an exclusive, AI-driven search feature in Microsoft’s upcoming Copilot+ PCs – the Windows giant says it will turn off the feature by default, require Windows Hello authentication to use it and add ‘additional layers of data protection.’ Microsoft said it’s improving privacy and security safeguards…
Read MoreFriday Squid Blogging: Squid Catch Quotas in Peru Peru has set a lower squid quota for 2024. The article says “giant squid,” but that seems wrong. We don’t eat those. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog…
Read MoreRecent Posts
- A Vulnerability in Apache Struts2 Could Allow for Remote Code Execution
- CISA Adds One Known Exploited Vulnerability to Catalog | CISA
- Xerox To Buy Lexmark For $1.5B In Blockbuster Print Deal
- Vulnerability Summary for the Week of December 16, 2024 | CISA
- Arm To Seek Retrial In Qualcomm Case After Mixed Verdict