Patch Tuesday update for November brings dozens of fixes
Microsoft's Patch Tuesday update includes 91 fixes, with urgent attention needed for two actively exploited zero-day vulnerabilities. Immediate patch installation is crucial.
For August, Patch Tuesday means patch now
Microsoft's August Patch Tuesday requires urgent action to patch six zero-day vulnerabilities across Windows and Office.
Focus on mitigating the risks associated with zero-day flaws is essential for user security.
Microsoft fixes exploited bugs, one used in QakBot attacks
Microsoft disclosed and patched 60 Windows CVEs, including two widely exploited ones: CVE-2024-30051 and CVE-2024-30040 with significant CVSS ratings.
January Patch Tuesday: New year, new Windows' bugs
Microsoft released 49 Windows security updates, including fixes for two critical-rated bugs.
There are four high-severity Chrome flaws in Microsoft Edge.
Patch Tuesday update for November brings dozens of fixes
Microsoft's Patch Tuesday update includes 91 fixes, with urgent attention needed for two actively exploited zero-day vulnerabilities. Immediate patch installation is crucial.
For August, Patch Tuesday means patch now
Microsoft's August Patch Tuesday requires urgent action to patch six zero-day vulnerabilities across Windows and Office.
Focus on mitigating the risks associated with zero-day flaws is essential for user security.
Microsoft fixes exploited bugs, one used in QakBot attacks
Microsoft disclosed and patched 60 Windows CVEs, including two widely exploited ones: CVE-2024-30051 and CVE-2024-30040 with significant CVSS ratings.
January Patch Tuesday: New year, new Windows' bugs
Microsoft released 49 Windows security updates, including fixes for two critical-rated bugs.
There are four high-severity Chrome flaws in Microsoft Edge.
ONCD releases report on the adoption of memory-safe languages
Memory safe programming languages can reduce common vulnerabilities.
National Cyber Director calls for software and hardware creators to prioritize addressing memory safety issues.
US cyber officials issue urgent warning to millions of Apple users
Cyber officials urge Apple device updates for enhanced security.
Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel
A new technique can bypass Microsoft's Driver Signature Enforcement on patched Windows systems, allowing OS downgrade attacks with severe security implications.
Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries
Multiple vulnerabilities in MMS protocol can severely impact industrial environments, allowing potential crashes and remote code execution.
Researchers pose as hackers, exposing security flaw that could open your hotel-room door
Hotel security flaw exposed by researchers posing as hackers
Lock manufacturer updating security to fix vulnerabilities
Five real-world cyberattacks and how to stop them
Cybercrime is projected to cost $23.8 trillion per year by 2027; existing security measures are often inadequate against innovative email attacks.
ONCD releases report on the adoption of memory-safe languages
Memory safe programming languages can reduce common vulnerabilities.
National Cyber Director calls for software and hardware creators to prioritize addressing memory safety issues.
US cyber officials issue urgent warning to millions of Apple users
Cyber officials urge Apple device updates for enhanced security.
Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel
A new technique can bypass Microsoft's Driver Signature Enforcement on patched Windows systems, allowing OS downgrade attacks with severe security implications.
Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries
Multiple vulnerabilities in MMS protocol can severely impact industrial environments, allowing potential crashes and remote code execution.
Researchers pose as hackers, exposing security flaw that could open your hotel-room door
Hotel security flaw exposed by researchers posing as hackers
Lock manufacturer updating security to fix vulnerabilities
Five real-world cyberattacks and how to stop them
Cybercrime is projected to cost $23.8 trillion per year by 2027; existing security measures are often inadequate against innovative email attacks.
Why copilots and low-code apps portend a security nightmare
The boom in low-code platforms raises security risks, with many apps lacking proper security measures.
62% of apps built on these platforms have security vulnerabilities.
The rise of citizen developers can blur security protocols.
Feeld bugs allow message tampering, image, and video theft
Feeld dating app has critical security flaws that can expose private user data.
WhatsApp 'View Once' could be 'View Whenever' due to a flaw
WhatsApp's View Once feature is flawed and can easily be bypassed, undermining its intended privacy safeguards.
Critical Flaws in Traccar GPS System Expose Users to Remote Attacks
Traccar GPS system has critical vulnerabilities allowing remote code execution via path traversal if guest registration is enabled, posing serious security risks.
Ecovacs home robots can be hacked to spy on their owners, researchers say | TechCrunch
Malicious hackers can exploit vulnerabilities in Ecovacs robots to take control and spy on owners.
Free Software Evaluation Templates | ClickUp
Software evaluation templates are essential for structuring the evaluation processes of software solutions.
It's time to junk your Cisco SPA300 and SPA500 IP phones
Three critical flaws found in Cisco's Small Business IP phones will not be fixed as the devices are in the end-of-life process.
Researchers Bypass Windows Security Smart App Control And SmartScreen
Researchers identified weaknesses in Windows SmartScreen and Smart App Control, showing how attackers can bypass security measures.
Basic failures led to hack of Electoral Commission data on 40 million people | Computer Weekly
ICO reprimands Electoral Commission for basic security errors allowing Chinese hackers to access 40 million people's data.
Mitigating cyber risks in mergers and acquisitions
Acquisitions can pose significant security threats, as seen in cases like Dropbox, Marriott, and Yahoo, leading to data breaches, regulatory fines, and legal scrutiny.
Enhancing mobile app security with behaviour-based biometrics | Computer Weekly
Behaviour-based biometrics analyze unique user patterns for robust security.
How to Clear Your Browser's Cache, and Why You Should
Regularly clearing your browser cache can help prevent outdated content, performance issues, and potential security vulnerabilities.
VMware discloses flaws in Workstation and Fusion Pro products after making them free for personal use
VMware disclosed critical vulnerabilities in its hypervisor solutions, urging immediate patching to prevent exploitation by unauthorized actors.
How to protect your keyless car from theft
Using wireless key fobs and push-button starters in cars can make them vulnerable to relay attacks by thieves.
Connected cars' illegal data collection and use now on FTC's "radar"
Automakers are warned against excessive monetization of consumers' data from connected cars, stressing the importance of privacy safeguards.
No Country for No-Code: Are We Heading Towards a Wild West of Software Security? - DevOps.com
No-code platforms democratize development but can lead to security vulnerabilities.
Cross Site Scripting (XSS)
Cross Site Scripting (XSS) includes stored and unstored attacks, which can be devastating by executing malicious scripts on users' browsers.
Ubuntu 24.04 LTS, Noble Numbat, overhauls its installation and app experience
The absence of vulnerabilities to the XZ backdoor is viewed as a significant aspect of Ubuntu 24.04.
JetBrains fixes 26 'security problems,' offering no details
JetBrains urged users to upgrade due to 26 security issues in TeamCity.
JetBrains declined to disclose details for security fixes.
GitHub's latest AI tool that can automatically fix code vulnerabilities | TechCrunch
GitHub launches code scanning autofix feature for security vulnerabilities.
GitHub's new feature combines Copilot and CodeQL for real-time vulnerability remediation.
Researchers jimmy OpenAI's and Google's closed models
Researchers discovered an attack on AI services to reveal hidden parts of transformer models through API queries.
The attack can expose the embedding projection layer of black box models, costing from a few dollars to several thousand depending on model size.
How New Relic's Kubernetes Agents team decreased release time by 99% with GitHub workflows
New Relic automated their software agent release process for the Kubernetes integration, reducing deployment time from two weeks to one hour per week.
New Relic improved their response to security vulnerabilities by enabling code-scanning tools in their continuous integration pipeline, automatically patching code without human interaction within a week of a fix being available.
Warning: "AI Girlfriends" Are Hoarding Your Personal Data
AI companion bots have concerning privacy pitfalls and murky data use policies.
AI soulmates and AI girlfriends/boyfriends are data-hoarding troves of privacy tripwires.
Sadiq Khan demands action from car manufacturers as keyless vehicle thefts soar in London
Sadiq Khan demands action from car manufacturers after spike in vehicle thefts in London
Between 60-65% of car thefts in the last year were keyless car thefts
How one city took on rising car thefts and brought the numbers down
St. Paul, Minnesota has seen a dramatic decrease in car thefts due to a focus on prevention and youth intervention.
Car thefts nationwide increased after a viral TikTok video exposed security vulnerabilities in certain models of Kia and Hyundai cars.
Custom GPTs from OpenAI May Leak Sensitive Information
OpenAI's GPT models are susceptible to prompt injection attacks, which can expose sensitive information.
Customizable GPT models need robust security frameworks to address potential vulnerabilities.
Apple Security Update Fixes Zero-Day Webkit Exploits
Apple has patched two zero-day vulnerabilities affecting iOS, iPadOS, and macOS.
The vulnerabilities were discovered by Google's Threat Analysis Group.
Apple rolls out iOS 16.4 and macOS Ventura 13.3 with new emoji and features
Apple released new updates for most of its software platforms today, including macOS Ventura 13.3, iOS 16.4, iPadOS 16.4, tvOS 16.4, and watchOS 9.4.These are all feature updates, meaning they actually add new functionality in addition to fixing bugs or addressing security vulnerabilities.iOS and iPadOS 16.4 add a number of minor features.
Apple releases iOS 16.2 and iPadOS 16.2 with Freeform and Apple Music Sing on board
A few hours ago the latest versions of Apple's mobile operating systems started going out to all supported devices.We're talking, of course, about iOS 16.2 and iPadOS 16.2.With these releases, Freeform makes its debut.This is a new app that is designed for "creative brainstorming and collaboration", according to Apple.
Apple rolls out iOS 16.4 and macOS Ventura 13.3 with new emoji and features
Apple released new updates for most of its software platforms today, including macOS Ventura 13.3, iOS 16.4, iPadOS 16.4, tvOS 16.4, and watchOS 9.4.These are all feature updates, meaning they actually add new functionality in addition to fixing bugs or addressing security vulnerabilities.iOS and iPadOS 16.4 add a number of minor features.
Apple releases iOS 16.2 and iPadOS 16.2 with Freeform and Apple Music Sing on board
A few hours ago the latest versions of Apple's mobile operating systems started going out to all supported devices.We're talking, of course, about iOS 16.2 and iPadOS 16.2.With these releases, Freeform makes its debut.This is a new app that is designed for "creative brainstorming and collaboration", according to Apple.
Exploring NestJS middleware benefits, use cases, and more - LogRocket Blog
Backend developers often apply some common tasks to the requests that our service receives.Some of these tasks are applied before fulfilling the request, like authentication and authorization.Others are applied after the request is processed, but just before the response is sent, such as a log of the resource accessed.
Code Intelligence introduces integration of Jazzer.js into Jest - SD Times
The automated testing platform Code Intelligence recently announced that it has integrated its open-source JavaScript fuzz testing engine, , into , a unit testing framework for JavaScript.Jazzer.js is a free, coverage-guided, in-process fuzzer spanning the Node.jsplatform.It is currently available within JavaScript's node package manager.
Blue-Green Deployment: What Are the Options?
By: Gilad David Maayan on Blue-green deployment is a change management strategy for software releases.Blue-green deployments require two identically configured hardware environments.One environment is active and serves end users while the other remains idle.Blue-green deployments are typically used for applications with strict uptime requirements.
Exploring NestJS middleware benefits, use cases, and more - LogRocket Blog
Backend developers often apply some common tasks to the requests that our service receives.Some of these tasks are applied before fulfilling the request, like authentication and authorization.Others are applied after the request is processed, but just before the response is sent, such as a log of the resource accessed.
Code Intelligence introduces integration of Jazzer.js into Jest - SD Times
The automated testing platform Code Intelligence recently announced that it has integrated its open-source JavaScript fuzz testing engine, , into , a unit testing framework for JavaScript.Jazzer.js is a free, coverage-guided, in-process fuzzer spanning the Node.jsplatform.It is currently available within JavaScript's node package manager.
Blue-Green Deployment: What Are the Options?
By: Gilad David Maayan on Blue-green deployment is a change management strategy for software releases.Blue-green deployments require two identically configured hardware environments.One environment is active and serves end users while the other remains idle.Blue-green deployments are typically used for applications with strict uptime requirements.
Salt Labs identifies OAuth security flaw within Booking.com | Computer Weekly
Critical security flaws in Booking.com'simplementation of Open Authorization (OAuth) could have enabled attackers to launch large-scale account takeovers, putting millions of people's sensitive personal data at risk, finds threat research by Salt Labs.An industry-standard social login protocol, OAuth allows users to log in to sites via their social media accounts, but by manipulating certain steps in Booking.com's
Security warning: Beep malware can evade detection
Find out how Beep malware can evade your security system, what it can do and how to protect your business.Cybersecurity experts at Minerva recently made a stunning discovery of a new malware tagged Beep that has the features to evade detection and analysis by security software.The cybersecurity organization discovered Beep after samples were uploaded on VirusTotal.
Apple Patches WebKit Code Execution in iPhones, MacBooks
Apple's product security response team on Monday rolled out patches to cover numerous serious security vulnerabilities affecting users of its flagship iOS and macOS platforms.The most serious of the documented vulnerabilities affect WebKit and can expose both iOS and macOS devices to code execution attacks via booby-trapped web content, Apple warned in multiple advisories.
Security Mindset Tips for Engineers
As a software engineer, having a security mindset is essential to ensure you are developing reliable production-ready software.New Relic recently hosted a Twitter Space with Harry Kimpel from Snyk and Frank Dornberger from movingimage to discuss how software engineers can develop a security mindset.
Lego fixes dangerous API vuln in BrickLink service | TechTarget
The Lego Group has moved swiftly to fix a pair of application programming interface (API) security vulnerabilities that existed in its BrickLink digital resale platform, after they were identified by Salt Labs, the research arm of API specialist Salt Security.With over a million members, BrickLink is the world's largest forum for buying and selling second-hand Lego sets.
Salt Labs identifies OAuth security flaw within Booking.com | Computer Weekly
Critical security flaws in Booking.com'simplementation of Open Authorization (OAuth) could have enabled attackers to launch large-scale account takeovers, putting millions of people's sensitive personal data at risk, finds threat research by Salt Labs.An industry-standard social login protocol, OAuth allows users to log in to sites via their social media accounts, but by manipulating certain steps in Booking.com's
Security warning: Beep malware can evade detection
Find out how Beep malware can evade your security system, what it can do and how to protect your business.Cybersecurity experts at Minerva recently made a stunning discovery of a new malware tagged Beep that has the features to evade detection and analysis by security software.The cybersecurity organization discovered Beep after samples were uploaded on VirusTotal.
Apple Patches WebKit Code Execution in iPhones, MacBooks
Apple's product security response team on Monday rolled out patches to cover numerous serious security vulnerabilities affecting users of its flagship iOS and macOS platforms.The most serious of the documented vulnerabilities affect WebKit and can expose both iOS and macOS devices to code execution attacks via booby-trapped web content, Apple warned in multiple advisories.
Security Mindset Tips for Engineers
As a software engineer, having a security mindset is essential to ensure you are developing reliable production-ready software.New Relic recently hosted a Twitter Space with Harry Kimpel from Snyk and Frank Dornberger from movingimage to discuss how software engineers can develop a security mindset.
Lego fixes dangerous API vuln in BrickLink service | TechTarget
The Lego Group has moved swiftly to fix a pair of application programming interface (API) security vulnerabilities that existed in its BrickLink digital resale platform, after they were identified by Salt Labs, the research arm of API specialist Salt Security.With over a million members, BrickLink is the world's largest forum for buying and selling second-hand Lego sets.
Samsung Galaxy S22 Series Exynos Variants Get The January 2023 Security Patch: List Of Other Eligible Devices
Samsung recently started rolling out the January 2023 security patches to its multiple devices.The Snapdragon-powered Samsung Galaxy S22 series in the US were one of the first devices to receive the latest security update.Now, the brand has started pushing the update for the Exynos-powered units sold in Europe.
Samsung Galaxy A03 and Galaxy F12 are the latest to receive Android 13 update
Samsung wanted to finish sending out its update to One UI 5 based on Android 13 by the end of 2022, but it looks like it was too optimistic.We're saying that because the company is still, even today, rolling out the software to more and more devices.In this case, the lucky ones are the Galaxy A03 and the Galaxy F12.
Advent Calendars For Web Designers And Developers (2022 Edition) - Smashing Magazine
Are you ready for the countdown to Christmas?This year, the web community was once again busy creating tech advent calendars jam-packed with fantastic content to sweeten your days.But which ones to follow?We help you find the right one, whether you're a front-end dev, UX designer, or content strategist.
Better dependency management: npm query - LogRocket Blog
Available on the npm CLI as of v8.16.0, query is a new sub-command that exposes a powerful new way to inspect and understand the dependencies of your Node.js project.With it comes a powerful new query syntax, based on a familiar paradigm: CSS.That's right, you can now use special CSS selectors with to better understand your project's dependency tree.