2665 matches found
International Women’s Day: Women in tech name their heroes
Happy Monday! And if you haven’t yet checked the significance of this day—March 8—before grabbing coffee, today is International Women’s Day IWD. Since March 19, 1911, the year the very first IWD was observed in several European countries, millions of people have been calling for women to be give...
Defending online anonymity and speech with Eva Galperin: Lock and Code S02E03
This week on Lock and Code, we discuss the top security headlines generated right here on Labs. In addition, we talk to Eva Galperin, director of cybersecurity for Electronic Frontier Foundation, about the importance of protecting online anonymity and speech. In January, the New York Times expose...
Clop targets execs, ransomware tactics get another new twist
Ransomware peddlers have come up with yet another devious twist on the recent trend for data exfiltration. After interviewing several victims of the Clop ransomware, ZDNet discovered that its operators appear to be systematically targeting the workstations of executives. After all, the top manage...
Dependency Confusion: Another Supply-Chain Vulnerability
Alex Birsan writes about being able to install malware into proprietary corporate software by naming the code files to be identical to internal corporate code files. From a ZDNet article: Today, developers at small or large companies use package managers to download and import libraries that are...
VMware Carbon Black Named to the 2021 CRN Security 100 List
We are proud to announce that CRN®, a brand of The Channel Company, has named VMware Carbon Black to its annual Security 100 list. The Security 100 list features leading IT channel security vendors and is compiled by a panel of CRN editors, recognizing channel-focused security vendors across five...
Parler Says It’s Back
The platform was kicked off Amazon’s servers. Now it says it no longer relies on “Big Tech” for its infrastructure...
Malvertisers Exploited WebKit 0-Day to Redirect Browser Users to Scam Sites
A malvertising group known as "ScamClub" exploited a zero-day vulnerability in WebKit-based browsers to inject malicious payloads that redirected users to fraudulent websites gift card scams. The attacks, first spotted by ad security firm Confiant in late June 2020, leveraged a bug CVE-2021–1801...
Malvertising campaign on PornHub and other top adult brands exposes users to tech support scams
Threat actors involved in tech support scams have been running a browser locker campaign from November 2020 until February 2021 on the worlds largest adult platforms including PornHub. The same group behind this campaign has been active for much longer and we believe is tied to previous schemes...
Inspiring the Next Generation with DigiGirlz
photo courtesy of Microsoft DigiGirlz is an initiative organized by Microsoft to engage girls in technological education and careers. The initiative, which launched in 2000, consists of two main programs: DigiGirlz Day and High Tech Camp. This program has been a cornerstone of Microsoft's communi...
Inspiring the Next Generation with DigiGirlz
DigiGirlz is an initiative organized by Microsoft to engage girls in technological education and careers. The initiative, which launched in 2000, consists of two main programs: DigiGirlz Day and High Tech Camp. This program has been a cornerstone of Microsoft's community engagement for more than ...
SQL Injection Vulnerability in Jinan Ganan Information Technology Co.
Ltd. is a high-tech company engaged in Internet services, mainly for enterprises to provide website construction, website promotion and so on. Ltd. has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the database...
Skyworth Home Gateway Smart Terminal DT541 suffers from Denial of Service Vulnerability (CNVD-2021-10399)
hereinafter referred to as "Skyworth Digital" is a national high-tech enterprise focusing on providing comprehensive and systematic digital home solutions and services for global users. A denial of service vulnerability exists in the Skyworth Home Gateway Smart Terminal DT541, which can be...
A Place To Belong
While I've worked for Silicon Valley-based startups and even spent time in the travel tech industry, I'd sometimes feel I was just part of the system. Working each day to earn my keep, and with no bigger purpose than that...
Skyworth Digital Corporation DT521 suffers from a denial of service vulnerability
"Skyworth Digital" is a national high-tech enterprise specializing in providing comprehensive and systematic digital home solutions and services for global users. A denial of service vulnerability exists in Skyworth Digital's DT521, which can be exploited by attackers to cause a denial of service...
The Race Is On to Identify and Stop Inauguration Rioters
As tech companies scramble to tackle the extreme far-right, police and law enforcement are encasing Washington, DC, in a ring of steel...
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jul 2020 - Includes Oracle Jul 2020 CPU plus one additional vulnerability
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7, and 8 that are used by Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo Asset Management Essentials, Maximo Industry Solutions including...
Important: Red Hat Security Advisory: Red Hat Integration Tech-Preview 2 Camel K security update
An update to the Camel K operator image for Red Hat Integration tech-preview is now available. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common...
Researcher Builds Parler Archive Amid Amazon Suspension
A security researcher said she has scraped and is archiving 99 percent of Parler’s public posts, as the social-media network goes offline following suspensions from Amazon, Apple and Google. Archived content includes public posts from the social-media site. These posts reportedly included Parler...
Buffer overflow in SmallVec::insert_many
A bug in the SmallVec::insertmany method caused it to allocate a buffer that was smaller than needed. It then wrote past the end of the buffer, causing a buffer overflow and memory corruption on the heap. This bug was only triggered if the iterator passed to insertmany yielded more items than the...
New Year, New Ransomware: Babuk Locker Targets Large Corporations
Only a few days into the new year, one of the first new ransomware strains of 2021 has been discovered. Dubbed Babuk Locker, the ransomware appears to have successfully compromised five companies thus far, according to new research. The research author, Chuong Dong, a computer science student at...