The Internet’s two most widely used methods for encrypting e-mail--PGP and S/Mime--are vulnerable to hacks that can reveal the plaintext of encrypted messages, a researcher warned late Sunday night. He went on to say there are no reliable fixes and to advise anyone who uses either encryption standard for sensitive communications to remove them immediately from e-mail clients.
Microsoft has launched some new features in its Excel spreadsheet software that will boost its power. But will that only be for the benefit of users?
In its blog post about the new functionality, Microsoft says that there are “many reasons” why people might be interested in writing JavaScript custom functions, and gives the following examples:
Microsoft’s May Patch Tuesday fixes include two critical remote code-execution vulnerabilities, both of which are under active attack.
The most serious of the two is tied to a Windows 10 VBScript engine and can be triggered when a victim visits a malicious website.
Sierra Wireless has patched two critical vulnerabilities for its range of wireless gateways that would leave the enterprise devices helpless to an array of remote threats, including the charms of the Reaper IoT botnet.
The more critical of the two (with a 9.4 CVSSv3 Temp Score) is a privilege-escalation bug (CVE-2018-10251), which could allow a remote attacker with no authentication whatsoever to the device to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges.
At TheBestVPN, we generally advise against the use of free VPNs.
The reason is simple – many of them simply sell your data to 3rd party advertisers.
And this defeats the whole purpose of having a VPN in the first place.
But there’s more:
1. Many free VPN services are not transparent about how they make money from you using their services; in most cases, when you’re not being sold a product you are most likely the product.
2. Many free VPNs simply sell your data to affiliated/partnered companies or to the third party who is willing to pay the most.
North Korea on Wednesday denied hacking the database of a UN committee tasked with monitoring sanctions against Pyongyang, and called on Washington to focus on peace efforts ahead of a planned summit between the countries' leaders.
In a statement, the North Korean mission at the UN said Pyongyang "has never recognized the illegal and unlawful Security Council's 'sanctions resolutions'" and "is not interested in what the Sanctions Committee does," adding the idea that it had carried out a hacking operation was "nonsense."
Jennifer Leggio, chief marketing officer at Flashpoint, is an executive with more than a decade's experience in managing corporate cyber security marketing at the highest levels -- much of the time seeking and advocating a greater ethical stance in marketing. At last month's Hack in the Box Conference in Amsterdam, she delivered a keynote presentation entitled, 'A Risk Assessment of Logo Disclosures'.
GitHub has instructed some users to reset their passwords after a bug caused internal logs to record passwords in plain text.
Several users posted screenshots on Twitter of the security-related email they received from GitHub on Tuesday. The company told impacted customers that the incident was discovered during a regular audit.
GitHub claims only a “small number” of users are affected and the issue has been resolved, but impacted individuals will only regain access to their accounts after they reset their password.
Manipulierte Smart-Home-Geräte mit Apple-Chip können den Schlüssel zum WLAN des Nutzers preisgeben, warnt ein Sicherheitsforscher. Es handle sich um ein grundlegendes Problem, das für Jahre bestehen werde – nicht nur bei Apple.
Even with all Apple's expertise and investment in cybersecurity, there are some security problems that are so intractable the tech titan will require a whole lot more time and money to come up with a fix. Such an issue has been uncovered by Don A. Bailey, founder of Lab Mouse Security, who described to Forbes a hack that, whilst not catastrophic, exploits iOS devices' trust in Internet of Things devices like connected toasters and TVs. And, as he describes the attack, it can turn Apple's own security chip on iPhones into a kind of "skeleton key."
