An exploit could lead to remote shutdown of security systems: who is responsible?
A security systems app appears to have leaked highly sensitive data. MASmobile Classic, intended for alarm systems installers to look up customer data, could unintentionally send codes to disable security systems online to malicious people.
This is according to research by the Dutch station BNR.... Read more
Rust rolls out critical fix for Windows vulnerability and urges immediate updating
A critical vulnerability has been identified in the programming language Rust, potentially allowing attackers to execute malicious commands on Windows machines. The Rust team quickly released version 1.77.2 to address the vulnerability, although it affects more languages than just Rust.
The vuln... Read more
xz-Utils available again on GitHub, creator investigates backdoor
The Linux data compression tool xz-Utils is available again through GitHub. Last month, a backdoor was discovered, prompting GitHub to temporarily disable the tool's repositories.
Lasse Collin, the developer of xz-Utils, announced via his personal website that the repositories are available agai... Read more
Microsoft update fixes already exploited vulnerabilities
Microsoft has fixed a number of already exploited vulnerabilities in its monthly Patch Tuesday update. The most important is CVE-2024-26234, which allows malicious actors to monitor and intercept network traffic.
In the April 2024 security update with 190 enhancements, Microsoft states that the ... Read more
Darktrace introduces ActiveAI Security Platform
The new platform is designed to visualize and investigate security incidents in cloud, email, network, endpoint, identity, and OT environments.
To do this, the ActiveAI Security Platform uses an AI engine. This analyzes a company's data to learn about the organization. Based on this, the engine ... Read more
Purple AI takes SentinelOne platform to the next level
Purple AI, the new generative AI addition to the SentinelOne platform is going to save a lot of time for security teams and also provide them with much better insights into the weaknesses and vulnerabilities of the organizations they work for, according to the company. As of today, this new AI secu... Read more
Dutch hacker finds critical vulnerability in macOS
The process injection vulnerability allows access to webcams, microphones and sensitive information.
Thijs Alkemade, an ethical hacker from Computest Security, discovered a way to circumvent security measures within Apple's operating system. It bears some resemblance to Alkemede's discovery in t... Read more
Microsoft now offers a unified SecOps platform: what does it entail?
Microsoft is presenting a public preview of its unified security operations platform announced in November. This platform connects SIEM and XDR from Microsoft Sentinel and Defender XDR with GenAI features from Microsoft Copilot for Security. It aims to give SOCs more agency to directly disrupt atta... Read more
Microsoft reveals high prices for extended support for Windows 10
Windows 10 will no longer receive free security updates starting Oct. 14, 2025. Microsoft therefore recommends that users switch to Windows 11 before that date. If not, safe continued usage will only be possible through the Extended Security Updates program. That comes at a high cost.
Microsoft ... Read more
‘Cascade of errors’ enabled Chinese infiltration at Microsoft
Chinese hacker group Storm-0558's attack on Microsoft in 2023 should never have happened. That is the conclusion of the U.S. Cyber Safety Review Board (CSRB). In the report, the CSRB describes a host of security flaws that made the infiltration possible.
Microsoft, aside from being active in a w... Read more