784 matches found
Google Announces New Privacy, Safety, and Security Features Across Its Services
Google unveiled a slew of new privacy, safety, and security features today at its annual developer conference, Google I/O. The tech giant's latest initiatives are aimed at protecting its users from cyber threats, including phishing attacks and malicious websites, while providing more control and...
Google Announces New Privacy, Safety, and Security Features Across Its Services
Google unveiled a slew of new privacy, safety, and security features today at its annual developer conference, Google I/O. The tech giant's latest initiatives are aimed at protecting its users from cyber threats, including phishing attacks and malicious websites, while providing more control and...
CVE-2023-30551
Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory OOM conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can cause an out of...
CVE-2023-30551
Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory OOM conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can cause an out of...
Threat Source newsletter (May 4, 2023) — Recapping the biggest headlines to come out of RSA
Welcome to this weeks edition of the Threat Source newsletter. I didnt attend the RSA Conference in person, and on top of that, I was at the NFL Draft while the conference was going on. Im behind on the biggest talks, panels and presentations that came out during the annual security conference, s...
Friday Squid Blogging: More Squid Camouflage Research
Heres a research group trying to replicate squid cell transparency in mammalian cells. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...
CISA Requests for Comment on Secure Software Self-Attestation Form
CISA has issued requests for comment on the Secure Software Self-Attestation Form. CISA, in coordination with the Office of Budget and Management OMB, released proposed guidance on secure software. This guidance seeks to secure software leveraged by the federal government. CISA expects agencies t...
Microsoft Vulnerability Severity Classification for Online Services Publication
The Microsoft Security Response Center MSRC is always looking for ways to provide clarity and transparency around how we assess the impact of vulnerabilities reported in our products and services. We have published a new Microsoft Vulnerability Severity Classification for Online Services to provi...
WhatsApp introduces new security features
WhatsApp has announced several new security features which include an extra check when an account is transferred to a new device. This check asks that users confirm the transfer on their old device. This should warn users in case there is a transfer in progress started by somebody trying to hijac...
Google Launches New Cybersecurity Initiatives to Strengthen Vulnerability Management
Google on Thursday outlined a set of initiatives aimed at improving the vulnerability management ecosystem and establishing greater transparency measures around exploitation. "While the notoriety of zero-day vulnerabilities typically makes headlines, risks remain even after they're known and fixe...
Google Launches New Cybersecurity Initiatives to Strengthen Vulnerability Management
Google on Thursday outlined a set of initiatives aimed at improving the vulnerability management ecosystem and establishing greater transparency measures around exploitation. "While the notoriety of zero-day vulnerabilities typically makes headlines, risks remain even after they're known and fixe...
WhatsApp Introduces New Device Verification Feature to Prevent Account Takeover Attacks
Popular instant messaging app WhatsApp on Thursday announced a new account verification feature that ensures that malware running on a user's mobile device doesn't impact their account. "Mobile device malware is one of the biggest threats to people's privacy and security today because it can take...
Certwatcher - Tool For Capture And Tracking Certificate Transparency Logs, Using YAML Templates Based DSL
CertWatcher is a tool for capturing and tracking certificate transparency logs, using YAML templates. The tool helps detect and analyze websites using regular expression patterns and is designed for ease of use by security professionals and researchers. Certwatcher continuously monitors the...
Google Mandates Android Apps to Offer Easy Account Deletion In-App and Online
Google is enacting a new data deletion policy for Android apps that allow account creation to also offer users with a setting to delete their accounts in an attempt to provide more transparency and control over their data. "For apps that enable app account creation, developers will soon need to...
Google Mandates Android Apps to Offer Easy Account Deletion In-App and Online
Google is enacting a new data deletion policy for Android apps that allow account creation to also offer users with a setting to delete their accounts in an attempt to provide more transparency and control over their data. "For apps that enable app account creation, developers will soon need to...
CertWatcher - A Tool For Capture And Tracking Certificate Transparency Logs, Using YAML Templates Based DSL
CertWatcher is a tool for capture and tracking certificate transparency logs, using YAML templates. The tool helps to detect and analyze phishing websites and regular expression patterns, and is designed to make it easy to use for security professionals and researchers. Certwatcher continuously...
Lottery owner can rig the draw to win the jackpot by swapping the source
Lines of code Vulnerability details Lottery owner can rig the draw to win the jackpot by swapping the source Impact The lottery owner has the ability to swap the Random Source under certain cirumstances, and this can be exploited to set a new source contract that returns any number set by it. Thi...
Experts Reveal Google Cloud Platform's Blind Spot for Data Exfiltration Attacks
Malicious actors can take advantage of "insufficient" forensic visibility into Google Cloud Platform GCP to exfiltrate sensitive data, a new research has found. "Unfortunately, GCP does not provide the level of visibility in its storage logs that is needed to allow any effective forensic...
Even Top-Ranked Android Apps in Google Play Store Provide Misleading Data Safety Labels
An investigation into data safety labels for Android apps available on the Google Play Store has uncovered "serious loopholes" that allow apps to provide misleading or outright false information. The study, conducted by the Mozilla Foundation as part of its Privacy Not Included initiative, compar...
[SECURITY] Fedora 37 Update: OpenImageIO-2.4.8.1-1.fc37
OpenImageIO is a library for reading and writing images, and a bunch of relat ed classes, utilities, and applications. Main features include: - Extremely simple but powerful ImageInput and ImageOutput APIs for reading a nd writing 2D images that is format agnostic. - Format plugins for TIFF,...