Microsoft update fixes already exploited vulnerabilities
Microsoft has fixed a number of already exploited vulnerabilities in its monthly Patch Tuesday update. The most important is CVE-2024-26234, which allows malicious actors to monitor and intercept network traffic.
In the April 2024 security update with 190 enhancements, Microsoft states that the ... Read more
Darktrace introduces ActiveAI Security Platform
The new platform is designed to visualize and investigate security incidents in cloud, email, network, endpoint, identity, and OT environments.
To do this, the ActiveAI Security Platform uses an AI engine. This analyzes a company's data to learn about the organization. Based on this, the engine ... Read more
Purple AI takes SentinelOne platform to the next level
Purple AI, the new generative AI addition to the SentinelOne platform is going to save a lot of time for security teams and also provide them with much better insights into the weaknesses and vulnerabilities of the organizations they work for, according to the company. As of today, this new AI secu... Read more
Dutch hacker finds critical vulnerability in macOS
The process injection vulnerability allows access to webcams, microphones and sensitive information.
Thijs Alkemade, an ethical hacker from Computest Security, discovered a way to circumvent security measures within Apple's operating system. It bears some resemblance to Alkemede's discovery in t... Read more
Microsoft now offers a unified SecOps platform: what does it entail?
Microsoft is presenting a public preview of its unified security operations platform announced in November. This platform connects SIEM and XDR from Microsoft Sentinel and Defender XDR with GenAI features from Microsoft Copilot for Security. It aims to give SOCs more agency to directly disrupt atta... Read more
Microsoft reveals high prices for extended support for Windows 10
Windows 10 will no longer receive free security updates starting Oct. 14, 2025. Microsoft therefore recommends that users switch to Windows 11 before that date. If not, safe continued usage will only be possible through the Extended Security Updates program. That comes at a high cost.
Microsoft ... Read more
‘Cascade of errors’ enabled Chinese infiltration at Microsoft
Chinese hacker group Storm-0558's attack on Microsoft in 2023 should never have happened. That is the conclusion of the U.S. Cyber Safety Review Board (CSRB). In the report, the CSRB describes a host of security flaws that made the infiltration possible.
Microsoft, aside from being active in a w... Read more
xz backdoor shows how vulnerable open-source is to hackers playing the long game
A security leak in the Linux compression tool xz shows open-source systems' vulnerability to multi-year infiltration tactics by "trusted" contributors. In this case, the culprits added malicious code after the original creator appeared to neglect the project. A competent successor was supposedly re... Read more
Google patches critical Android vulnerability for devices with Qualcomm chipsets
Google closed 28 leaks during the April Android patch cycle, including one critical one. This leak makes phones with Qualcomm chipsets susceptible to remote attacks. Another high-priority vulnerability is in Android's own code, which allows malicious apps to increase their permissions without user ... Read more
Temporarily no new users welcome on PyPi due to malware
The Python repository felt compelled to intervene after packages were uploaded that executed malicious code on devices. It was also temporarily unable to create new projects.
PyPi has since returned to normal operation. However, it was not possible to register and create projects for 10 hours. G... Read more