Recent Security News
-
The Definitive Enterprise Browser Buyer’s Guide
January 2, 2024 at 05:36AM Security stakeholders recognize the critical role of browsers in today’s corporate environment and the need for improved management and protection. Emerging enterprise browsers offer potential solutions, but best practices and evaluation criteria are still evolving. LayerX addresses this with a downloadable Enterprise Browser Buyer’s Guide, providing essential information and an…
-
Google Settles $5 Billion Privacy Lawsuit Over Tracking Users in ‘Incognito Mode’
January 2, 2024 at 05:36AM Google settled a lawsuit filed in June 2020, alleging that the company misled users by tracking their online activity in “incognito” or “private” mode on web browsers. The class-action lawsuit sought at least $5 billion in damages, accusing Google of violating federal wiretap laws by collecting data without explicit user…
-
Android game dev’s Google Drive misconfig highlights cloud security risks
January 1, 2024 at 09:23AM Japanese game developer Ateam mistakenly set a Google Drive to allow public access, leading to exposure of sensitive data for nearly one million people over six years. This included names, contact info, and customer ID numbers. While there’s no evidence of misuse, the company advises vigilance and emphasizes the need…
-
New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections
January 1, 2024 at 09:18AM Security researchers have uncovered a new DLL search order hijacking technique that allows threat actors to execute malicious code on Windows 10 and 11. By leveraging trusted WinSxS folder executables, adversaries can bypass security mechanisms and introduce potentially vulnerable binaries into the attack chain. Security Joes urges organizations to closely…
-
New Terrapin Flaw Could Let Attackers Downgrade SSH Protocol Security
January 1, 2024 at 04:48AM Security researchers from Ruhr University Bochum discovered a vulnerability in the Secure Shell (SSH) protocol, labeled Terrapin (CVE-2023-48795), allowing attackers to downgrade connection security by manipulating the connection’s sequence numbers during the handshake. This can lead to the interception of sensitive data and control over critical systems. Various SSH client…