"Today we're announcing that Zoom acquired Keybase."
Let me tell you this “funny” story of me trying to bypass a domain check in a little webapp, and acidentally bypassing a URL parser that is used in (almost) every Google product.
Some users may want to know about these URLs to block them right away. A user could block update requests to update Microsoft Edge manually when it is appropriate, or disable the experimentation and configuration service to avoid configuration or functionality changes made by Microsoft.
I think I already have ecs.skype.com set in PiHole
German newspaper Handelsblatt reports that the German Federal Ministry is looking to secure at least 33,000 machines still running Windows 7, which involves paying Microsoft a fee per device for a year of extended security protection.
Reported by Qihoo 360 ATA, the vulnerability affects the browser's Just in Time Compiler. Since it is exploited in the wild, Mozilla had to react quickly to release a patch.
L’unité spécialisée de la gendarmerie est parvenue à désinfecter à distance ces ordinateurs, utilisés à l’insu de leur propriétaire pour générer de la cryptomonnaie.
One of the more tricky parts to integrating Android apps with Chrome OS has been networking. It took a while for VPNs running on Chrome OS to apply to Android apps, and even longer for the opposite to work. Thankfully, VPN support for applications running in a Linux container has now arrived.
A story on German computer site Golem (in English) describes how Golem got its hands on a domain responsible for Tile content delivery to Windows systems because Microsoft failed to protect properly against what is called a subdomain takeover attack.
Les entreprises exploitant la solution d’e-commerce Magento doivent installer au plus vite les derniers correctifs de sécurité.
On trouve un peu de tout : risque d’exploiter l’interface pour générer un faux jeton d’authentification, exécution de code arbitraire via un fichier CHM malveillant, dépassement de mémoire tampon dans les PuTTY Tools, réutilisation de nombres aléatoires pour le chiffrement, etc.
Quand un serveur mail aura un souci de connexion TLS avec votre serveur mail, il vous enverra un mail (qui ignorra les erreurs TLS, sera signé via DKIM une fois par jour maximum) détaillant pourquoi ça a déconné.
La firme de sécurité Trend Micro a découvert la présence de 29 applications malicieuses sur le Google Play Store. En se faisant passer pour des applications de retouche photo (« beauty camera »), elles subtilisaient les photos des utilisateurs.
By now everyone should know that two-factor authentication via SMS is outdated and insecure. But in case anyone needs a reminder, here it is: Metro Bank in the UK was recently the victim of something called SS7 attacks, which basically allow anyone with access to reroute text messages and calls as they please, as well as track the location of a compromised phone. This is far from the first time this has happened, and it seems European banks are more at risk than US banks.
how we found, analyzed (with the help of Reddit) and in the end caught the culprit of a malicious device in our network
Botnet is still up and running but law enforcement has been notified.
Dans un article technique, la firme explique que la puce T2 contrôle donc l’intégrité de la chaîne de démarrage, comme le Windows avec un UEFI et Secure Boot activé. Pour des besoins de compatibilité Boot Camp, le certificat Microsoft Corporation UEFI CA 2011 est présent dans l’UEFI des Mac. Mais il n’y a rien pour Linux.