October 1, 2023

Passkeys: all the news and updates around passwordless sign-on (The Verge)

The Verge: Passkeys: all the news and updates around passwordless sign-on. “Passkeys are built on WebAuthn (or Web Authentication) tech and stored directly on your device. They are supported by companies like Apple, Google, and Microsoft because they’re more secure than passwords or PINs which can be stolen. Password managers can help backup and sync passkeys across all your devices. It’s expected that passkeys will eventually replace passwords entirely, though it’s going to take some time. Here you can follow all the updates and developments — including which companies have rolled out support in preparation for a passwordless future.”

Security & Legal Issues 0
September 29, 2023

Krebs on Security: ‘Snatch’ Ransom Group Exposes Visitor IP Addresses

Krebs on Security: ‘Snatch’ Ransom Group Exposes Visitor IP Addresses. “The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors, KrebsOnSecurity has found. The leaked data suggest that Snatch is one of several ransomware groups using paid ads on Google.com to trick people into installing malware disguised as popular free software, such as Microsoft Teams, Adobe Reader, Mozilla Thunderbird, and Discord.”

Security & Legal Issues 0
September 29, 2023

How-To Geek: Update LibreOffice Now to Fix a Security Flaw

How-To Geek: Update LibreOffice Now to Fix a Security Flaw. “Earlier this month, a security vulnerability in the popular libwebp software library was discovered, affecting everything from web browsers to email clients. The Document Foundation, the developers behind the free and open-source LibreOffice suite, has now released an emergency update for LibreOffice that includes the fix. You should update as soon as possible if you have LibreOffice installed.”

Security & Legal Issues 0
September 27, 2023

CISA: CISA Launches National Public Service Announcement Campaign Encouraging Americans to Take Steps to Keep Themselves and Their Families Safe Online

CISA: CISA Launches National Public Service Announcement Campaign Encouraging Americans to Take Steps to Keep Themselves and Their Families Safe Online. “The campaign includes a public service announcement (PSA) that will air on stations around the country, as well as digital content, a toolkit, and other resources. Recognizing that technology is an integral part of our modern lives, Congress tasked CISA with creating this program to provide small businesses, communities, and individuals with the guidance and tools they need to protect themselves online.”

New Resources 0
September 24, 2023

BBC: AI-generated naked child images shock Spanish town of Almendralejo

BBC: AI-generated naked child images shock Spanish town of Almendralejo. “A sleepy town in southern Spain is in shock after it emerged that AI-generated naked images of young local girls had been circulating on social media without their knowledge. The pictures were created using photos of the targeted girls fully clothed, many of them taken from their own social media accounts.”

Security & Legal Issues 0
September 22, 2023

Bleeping Computer: Apple emergency updates fix 3 new zero-days exploited in attacks

Bleeping Computer: Apple emergency updates fix 3 new zero-days exploited in attacks. “Apple released emergency security updates to patch three new zero-day vulnerabilities exploited in attacks targeting iPhone and Mac users, for a total of 16 zero-days fixed this year. Two bugs were found in the WebKit browser engine (CVE-2023-41993) and the Security framework (CVE-2023-41991), enabling attackers to bypass signature validation using malicious apps or gain arbitrary code execution via maliciously crafted webpages.”

Security & Legal Issues 0
September 18, 2023

Popular Science: Patch a potential privacy risk by deleting your ancient LiveJournal

Popular Science: Patch a potential privacy risk by deleting your ancient LiveJournal. “I looked into ways to back up LiveJournal posts. It wasn’t straightforward. At all. LiveJournal offers an official exporting tool, but it can only export one month’s worth of posts at a time, which is basically useless. I tried using Wget to scrape old entries, but this backfired hilariously: LiveJournal blocked my IP address. After a lot of research, I figured out that using WordPress is the best way to back up your old LiveJournal posts. Of course, if you have no interest in saving anything and just want to delete your LiveJournal account, you can skip straight to that section below.”

Security & Legal Issues 0
September 17, 2023

WIRED: China-Linked Hackers Breached a Power Grid—Again

WIRED: China-Linked Hackers Breached a Power Grid—Again. “Today, researchers on the Threat Hunter Team at Broadcom-owned security firm Symantec revealed that a Chinese hacker group with connections to APT41, which Symantec is calling RedFly, breached the computer network of a national power grid in an Asian country—though Symantec has declined to name which country was targeted. The breach began in February of this year and persisted for at least six months as the hackers expanded their foothold throughout the IT network of the country’s national electric utility, though it’s not clear how close the hackers came to gaining the ability to disrupt power generation or transmission.”

Security & Legal Issues 0
September 17, 2023

BBC: Greater Manchester Police officers’ details hacked in cyber attack

BBC: Greater Manchester Police officers’ details hacked in cyber attack. “Police officers’ personal details have been hacked after a company was targeted in a cyber attack. The firm in Stockport, which makes ID cards, holds information on various UK organisations including some of the staff employed by Greater Manchester Police (GMP). The force confirmed it was aware of the ransomware attack.”

Security & Legal Issues 0
September 17, 2023

TechCrunch: TikTok fined $379M in EU for failing to keep kids’ data safe

TechCrunch: TikTok fined $379M in EU for failing to keep kids’ data safe. “It’s been a long time coming but TikTok has finally been found in breach of the European Union’s General Data Protection Regulation (GDPR) in relation to its handling of children’s data. Under the decision issued today by the Irish Data Protection Commission (DPC), the video sharing platform has been reprimanded and fined €345 million (~$379 million). It has also been ordered to bring its offending data processing into compliance within three months.”

Security & Legal Issues 0
September 15, 2023

Bleeping Computer: Fake Cisco Webex Google Ads abuse tracking templates to push malware

Bleeping Computer: Fake Cisco Webex Google Ads abuse tracking templates to push malware. “Threat actors use Google Ads tracking templates as a loophole to create convincing Webex software search ads that redirect users to websites that distribute the BatLoader malware. Webex is a video conferencing and contact center suite that is part of Cisco’s collaboration products portfolio and used by corporations and businesses worldwide.”

Security & Legal Issues 0

The ResearchBuzz Firehose is regular RB content presented as individual posts.
For digest-type posts a couple of times a day, please visit ResearchBuzz.

Want to know how to best use the Firehose for content discovery?
Check out this handy article.

Get RB Firehose Via EMail

Enter your email address to subscribe to ResearchBuzz Firehose and get a firehose of new posts straight to your email.

Join 2,020 other subscribers

Recent Posts

Popular Posts

Latest ResearchBuzz Gizmos

Stephen’s Cloud Seeder
Search Mastodon Instances for Two Hashtags at a Time
Search Wikipedia for Mastodon Accounts with WMT
RSStodon v2
Mastodon Username Helper

Brought to you by Calishat.