8 best practices for securing your Mac from hackers in 2023
1. Always keep your Mac updated with the latest security patches and software updates. 2. Use a strong, unique password for your Mac and use two-factor authentication. 3. Use a reputable antivirus and anti-malware software to protect your Mac from malicious threats.
Apple Patches WebKit Code Execution in iPhones, MacBooks
Apple's product security response team on Monday rolled out patches to cover numerous serious security vulnerabilities affecting users of its flagship iOS and macOS platforms.The most serious of the documented vulnerabilities affect WebKit and can expose both iOS and macOS devices to code execution attacks via booby-trapped web content, Apple warned in multiple advisories.
Salt Labs identifies OAuth security flaw within Booking.com | Computer Weekly
Critical security flaws in Booking.com'simplementation of Open Authorization (OAuth) could have enabled attackers to launch large-scale account takeovers, putting millions of people's sensitive personal data at risk, finds threat research by Salt Labs.An industry-standard social login protocol, OAuth allows users to log in to sites via their social media accounts, but by manipulating certain steps in Booking.com's
Lego fixes dangerous API vuln in BrickLink service | TechTarget
The Lego Group has moved swiftly to fix a pair of application programming interface (API) security vulnerabilities that existed in its BrickLink digital resale platform, after they were identified by Salt Labs, the research arm of API specialist Salt Security.With over a million members, BrickLink is the world's largest forum for buying and selling second-hand Lego sets.
Researchers jimmy OpenAI's and Google's closed models
Researchers discovered an attack on AI services to reveal hidden parts of transformer models through API queries.
The attack can expose the embedding projection layer of black box models, costing from a few dollars to several thousand depending on model size. [ more ]
How New Relic's Kubernetes Agents team decreased release time by 99% with GitHub workflows
New Relic automated their software agent release process for the Kubernetes integration, reducing deployment time from two weeks to one hour per week.
New Relic improved their response to security vulnerabilities by enabling code-scanning tools in their continuous integration pipeline, automatically patching code without human interaction within a week of a fix being available. [ more ]
Azul detects Java vulnerabilities in production apps
Java services company Azul has unveiled Azul Vulnerability Detection, a SaaS product that leverages the Azul JVM to continuously monitor Java applications for security vulnerabilities.Azul Vulnerability Detection, introduced November 2, is an agentless cloud service designed for production use.It addresses enterprise risk around software supply chain attacks and eliminates false positives while not impacting performance, Azul said.
Microsoft's Windows Hello fingerprint authentication has been bypassed
Flaws have been found in the fingerprint authentication implementation on laptops from Dell, Lenovo, and Microsoft.
Blackwing Intelligence researchers identified vulnerabilities in popular fingerprint sensors from Goodix, Synaptics, and ELAN.
The process to bypass Windows Hello involved reverse engineering software and hardware, as well as decoding and reimplementing proprietary protocols. [ more ]
Apple Releases iOS 16.5 With Security And Bug Fixes: Won't Be The Last iPhone Update Before iOS 17
Apple released the iOS 16.5 update for its iPhone devices this week.The update is a significant one but it does not contain new and pathbreaking features and functions.The iOS 16.5 update contains two minor new additions to preexisting features.However, there are some important bug fixes, and Apple has addressed multiple security vulnerabilities.
Apple rolls out iOS 16.4 and macOS Ventura 13.3 with new emoji and features
Apple released new updates for most of its software platforms today, including macOS Ventura 13.3, iOS 16.4, iPadOS 16.4, tvOS 16.4, and watchOS 9.4.These are all feature updates, meaning they actually add new functionality in addition to fixing bugs or addressing security vulnerabilities.iOS and iPadOS 16.4 add a number of minor features.
Google's June Feature Drop is here with loads of novelties for Pixel phones and the Pixel Watch
A bit later than usual - it generally sends out updates on the first Monday of each month - today Google has finally released its June update for Pixels.But this is no ordinary monthly update, it's the latest Feature Drop.These come out every three months, and while the rest of the company's monthly updates focus solely on patching security vulnerabilities and fixing bugs, these Feature Drops bring with them new features as well, just like the name implies.
Samsung Galaxy A03 and Galaxy F12 are the latest to receive Android 13 update
Samsung wanted to finish sending out its update to One UI 5 based on Android 13 by the end of 2022, but it looks like it was too optimistic.We're saying that because the company is still, even today, rolling out the software to more and more devices.In this case, the lucky ones are the Galaxy A03 and the Galaxy F12.
Samsung Galaxy Z Flip4 and Z Fold4 get stable One UI 5.0 and Android 13
Last week, Samsung released a stable update to One UI 5.0 based on Android 13 for the Samsung Galaxy Z Flip4 and Z Fold4, but it was made available only to beta testers in the US.Now, the Korean tech giant has open the floodgates and is seeding the new more widely.As of now, reports are coming from South Korea, but we should see other markets get the latest and greatest from Samsung and Google in the following days.
Exploring Yup-A Powerful Validation Library for React
Data validation is crucial for maintaining data integrity, enhancing security, and providing a seamless user experience in React forms.Yup is a popular validation library that provides a declarative and intuitive approach to data validation in JavaScript and React applications.It offers a rich set of validation parameters, including various data types, conditional validation, nested object validation, and more.
Exploring NestJS middleware benefits, use cases, and more - LogRocket Blog
Backend developers often apply some common tasks to the requests that our service receives.Some of these tasks are applied before fulfilling the request, like authentication and authorization.Others are applied after the request is processed, but just before the response is sent, such as a log of the resource accessed.
Code Intelligence introduces integration of Jazzer.js into Jest - SD Times
The automated testing platform Code Intelligence recently announced that it has integrated its open-source JavaScript fuzz testing engine, , into , a unit testing framework for JavaScript.Jazzer.js is a free, coverage-guided, in-process fuzzer spanning the Node.jsplatform.It is currently available within JavaScript's node package manager.
By: Gilad David Maayan on Blue-green deployment is a change management strategy for software releases.Blue-green deployments require two identically configured hardware environments.One environment is active and serves end users while the other remains idle.Blue-green deployments are typically used for applications with strict uptime requirements.
5 Simple Tips to Help Prevent Against DDOS Attacks
DDOS (Distributed denial of service) is an extension to DOS(Denial of service) where an attacker tries to slow down or even crash the server to stop the services the victim provides.An attacker will set up one machine that continuously makes requests to the host to achieve the point is called DOS and when the number of devices or systems is more than just one then its called a DDOS attack Example Let's take a very basic example of DDOS and how can you replicate it.
Zyxel silently patches command injection vulnerability with 9.8 severity rating
Hardware manufacturer Zyxel quietly released an update fixing a critical vulnerability that gives hackers the ability to control tens of thousands of firewall devices remotely.
Microsoft points out privilege-escalation flaws in Linux
Flaws in networkd-dispatcher, a service used in the Linux world, can be exploited by a rogue logged-in user or application to escalate their privileges to root level, allowing the box to be commandeered, say Microsoft researchers.
Security warning: Beep malware can evade detection
Find out how Beep malware can evade your security system, what it can do and how to protect your business.Cybersecurity experts at Minerva recently made a stunning discovery of a new malware tagged Beep that has the features to evade detection and analysis by security software.The cybersecurity organization discovered Beep after samples were uploaded on VirusTotal.
China likely is stockpiling vulnerabilities, says Microsoft
Microsoft has asserted that China's offensive cyber capabilities have improved, thanks to a law that has allowed Beijing to create an arsenal of unreported software vulnerabilities.China's 2021 law required organizations to report security vulnerabilities to local authorities before disclosing them to any other entity.
Dump these routers, says Cisco, because we won't patch them
Cisco patched three security vulnerabilities in its products this week, and said it will leave unpatched a VPN-hijacking flaw that affects four small business routers.
Almost 2,000 data breaches reported for the first half of 2022
Though the number of breaches reported in the first half of 2022 were lower than those for the same period in 2021, Flashpoint expects the final numbers to be similar.
As a software engineer, having a security mindset is essential to ensure you are developing reliable production-ready software.New Relic recently hosted a Twitter Space with Harry Kimpel from Snyk and Frank Dornberger from movingimage to discuss how software engineers can develop a security mindset.
Advent Calendars For Web Designers And Developers (2022 Edition) - Smashing Magazine
Are you ready for the countdown to Christmas?This year, the web community was once again busy creating tech advent calendars jam-packed with fantastic content to sweeten your days.But which ones to follow?We help you find the right one, whether you're a front-end dev, UX designer, or content strategist.
Samsung Galaxy S22 Series Exynos Variants Get The January 2023 Security Patch: List Of Other Eligible Devices
Samsung recently started rolling out the January 2023 security patches to its multiple devices.The Snapdragon-powered Samsung Galaxy S22 series in the US were one of the first devices to receive the latest security update.Now, the brand has started pushing the update for the Exynos-powered units sold in Europe.
Apple releases iOS 16.2 and iPadOS 16.2 with Freeform and Apple Music Sing on board
A few hours ago the latest versions of Apple's mobile operating systems started going out to all supported devices.We're talking, of course, about iOS 16.2 and iPadOS 16.2.With these releases, Freeform makes its debut.This is a new app that is designed for "creative brainstorming and collaboration", according to Apple.
The 'Viral' Secure Programming Language That's Taking Over Tech
Whether you run IT for a massive organization or simply own a smartphone, you're intimately familiar with the unending stream of software updates that constantly need to be installed because of bugs and security vulnerabilities.People make mistakes, so code is inevitably going to contain mistakes-you get it.
What to Do if Your Email is Hacked (+ Sample Messages To Send)
If you've received an email from someone claiming to have hacked your account, don't panic.It's important to stay calm and take the necessary steps to protect yourself and your data.This blog post will provide sample emails you can send to your contacts after being hacked.We will also share tips on protecting yourself from future hacking attempts.
Apple patches high-severity 0-day for iPhones and iPads
Apple on Monday patched a high-severity zero-day vulnerability that gives attackers the ability to remotely execute malicious code that runs with the highest privileges inside the operating system kernel of fully up-to-date iPhones and iPads.In an advisory, Apple said that CVE-2022-42827, as the vulnerability is tracked, "may have been actively exploited," using a phrase that's industry jargon for indicating a previously unknown vulnerability is being exploited.
Better dependency management: npm query - LogRocket Blog
Available on the npm CLI as of v8.16.0, query is a new sub-command that exposes a powerful new way to inspect and understand the dependencies of your Node.js project.With it comes a powerful new query syntax, based on a familiar paradigm: CSS.That's right, you can now use special CSS selectors with to better understand your project's dependency tree.
Former Uber Security Chief Found Guilty of Hiding Hack From Authorities
A jury found Joe Sullivan, who led security at the ride-hailing company, guilty on two different counts.The case could change how security professionals handle data beaches.
Senators blast Twitter's alleged security failures as whistleblower testifies
The Democratic and Republican leaders of the US Senate Judiciary Committee blasted Twitter for alleged security failures in a letter last night on the eve of today's hearing featuring testimony from whistleblower Peiter "Mudge" Zatko.
Elon Musk's legal team subpoenas Twitter whistleblower for deposition
(Matt McClain/The Washington Post)Elon Musk's legal team subpoenaed Twitter whistleblower Peiter Zatko to appear Sept. 9 for a deposition in an ongoing legal fight over the billionaire's deal to acquire the social network for $44 billion.
...
The subpoena, which became public Monday, signals how Zatko's allegations could factor into the litigation in Delaware's Chancery Court between Musk and Twitter of the Tesla CEO's efforts to back out of his pledge to acquire the social network.
Apple Warns Users of a Security Flaw That Could Allow Attackers to Control Devices
SAN FRANCISCO Apple disclosed serious security vulnerabilities for iPhones, iPads and Macs that could potentially allow attackers to take complete control of these devices.
Apple Urges iPhone, iPad Users to Update Devices Immediately, Hackers Could Take Control' of Device
A newly discovered security exploit is already taking over iPhones, iPads, and other Apple devices in the wild, and Apple people should drop everything and get the latest software update.
Apple security flaw 'actively exploited' by hackers to fully control devices
Apple disclosed serious security vulnerabilities for iPhones, iPads and Macs that could potentially allow attackers to take complete control of these devices on Wednesday.
Meeting Owl videoconference device used by govs is a security disaster
The Meeting Owl Pro is a videoconference device with an array of cameras and microphones that captures 360-degree video and audio and automatically focuses on whoever is speaking to make meetings more dynamic and inclusive.