A few months ago, Microsoft let slip a forthcoming Windows 10 feature that was, at the time, called InPrivate Desktop: a lightweight virtual machine for running untrusted applications in an isolated environment. That feature has now been officially announced with a new name, Windows Sandbox.
That smartphone that you access using facial recognition might not be secure as you think it is. Spoofing your face to unlock a smartphone could be piece of cake with the right resources—like a 3D printer.
According to a report released Thursday, Forbes tested just that and worked with a laboratory to see how a life-size 3D printed head fared at unlocking smartphones.
Early on at Amazon, CEO Jeff Bezos famously issued a memo about how software was to be built at the company. Teams would share their data through service interfaces, or APIs, the same way that they would share it with an outside customer. That meant that a developer on one team didn’t need to know anything about how another team operated in order to integrate the product it made—he or she could follow the documentation and use that product as though it were an external service.
Organizations in the United Arab Emirates and Saudi Arabia are once again being targeted in a new wave of attacks involving Shamoon, a malware strain that was used to destroy more than 30,000 PCs at oil giant Saudi Aramco in 2012.
The past few years have seen some amazing progress in the deployment of encryption protocols. In less than a decade, encryption protocols like TLS have gone from a novelty to the “table stakes” for running a secure website. Smartphone manufacturers have deployed default device encryption to billions of phones, and and end-to-end encrypted messaging and phone calls are now available to more than two billion users.
Researchers discovered 53 new and critical vulnerabilities in Adobe Reader over the course of 50 days by using common Windows fuzzing framework WinAFL, new analysis shows.
The massive data breach that affected 500 million Marriott customers feels like a recent event, given that the company just discovered and disclosed it over the past four months. But it's important to remember that the attack began much earlier, especially as Reuters and others have reported that state-sponsored Chinese hackers were behind it. If that attribution holds up, China's broader hacking campaign against the US in 2014 will go down as a historic assault.
A British teenager has been jailed for three years for making hoax bomb threats that closed hundreds of schools up and down the UK.
In March 2018, George Duke-Cohan emailed more than 1700 schools, colleges, and nurseries from the bedroom of his home in Watford, warning that explosives had been planted. The emails said that unless US $5,000 was paid within three hours into the account of US-based Minecraft server VeltPvP, buildings would be blown up.
If you run a Kubernetes cluster, you probably heard the news this week about CVE-2018-1002105. This is a privilege escalation issue within Kubernetes that essentially allowed one to send commands to a Kubernetes cluster and administer the cluster without appropriate permissions.
Malware authors, ad farmers, and scammers are abusing a Firefox bug to trap users on malicious sites.
This wouldn't be a big deal, as the web is fraught with this kind of malicious sites, but these websites aren't abusing some new never-before-seen trick, but a Firefox bug that Mozilla engineers appear to have failed to fix in the 11 years ever since it was first reported back in April 2007.
