September 30, 2024 at 04:52PM Microsoft Defender now alerts users with a Microsoft 365 Personal/Family subscription about unsecured Wi-Fi networks. The privacy protection feature, Defender VPN, safeguards data and identity on public Wi-Fi or untrusted networks by encrypting and routing internet traffic through Microsoft’s servers. It can also detect and alert users of potential attacks … Read more
July 17, 2024 at 03:09PM Microsoft is introducing inbound SMTP DANE with DNSSEC for Exchange Online in public preview to enhance email security. This includes utilizing TLS Authentication (TLSA) DNS record for verifying mail server identity and using DNSSEC for cryptographically verifying DNS records. The rollout, scheduled until 2025, aims to protect email domains from … Read more
March 27, 2024 at 11:34AM Meta, formerly Facebook, allegedly ran Project Ghostbusters through its acquisition Onavo to intercept data from mobile apps, including Snapchat, and used it to damage competitors’ ad business. This allegedly involved installing a research app to monitor users’ activity. Lawsuits accuse Meta of anticompetitive behavior, including manipulating ad prices and using … Read more
February 5, 2024 at 06:06PM Pen Test Partners discovered a security issue in the Flysmart+ suite of applications for pilot electronic flight bags developed by Airbus-owned Navblue. The iOS app had an important security feature disabled, making it vulnerable to potential attacks, which could have resulted in severe consequences for aircraft safety. Airbus confirmed the … Read more
December 20, 2023 at 02:50PM Otorio researchers demonstrated at Black Hack Europe 2023 how attackers can exploit access control systems installed on secure facility doors to gain unauthorized building access and breach internal IP networks. They highlighted vulnerabilities in modern physical access control systems (PACSs), particularly those using the Open Supervised Device Protocol (OSDP), urging … Read more
November 13, 2023 at 09:44PM An academic study has revealed that it is possible for someone to intercept SSH connections and impersonate devices by deducing private RSA keys. This allows the attacker to eavesdrop on users’ login details and monitor their activities on remote SSH servers. The vulnerability primarily affects Internet of Things devices and … Read more