Google Chrome Drops Support for TLS 1.0 and 1.1

Google Chrome Drops Support for TLS 1.0 and 1.1

The latest stable release of Google Chrome, version 72, has removed support for the aging 1.0 and 1.1 versions of TLS, as well as for the problematic HTTP-based Public Key Pinning protocol and FTP resources. The Transport Layer Security (TLS) protocol is the successor of SSL and is the foundation ... Read More
Security Boulevard
unified communications collaboration HR data

FaceTime Group Chat Disabled Due to Snooping Bug

Apple has disabled the group chat feature in its FaceTime video calling app after a bug was discovered that allows callers to remotely turn on the microphones on the recipients’ devices. The issue was disclosed on social media and word about it spread rapidly. It works by initiating a FaceTime ... Read More
Security Boulevard
phishing cybersecurity

Trojan Infects Browser Extensions After Disabling Integrity Checks

Security researchers have discovered a new Trojan program dubbed Razy that installs itself as a browser extension or infects existing browser extensions after disabling integrity checks. According to researchers from Kaspersky Lab, Razy is distributed via malicious advertisements on websites or through free file-hosting services where it poses as legitimate ... Read More
Security Boulevard
vulnerability ADA bots standing Boa Web3 NIST supply chain digital data

Volunteer Project Takes Down 100,000 Malware Distribution Sites

A community of volunteer researchers has managed to take down around 100,000 malware distribution websites over the past 10 months as part of a new URL blacklisting project. The initiative, called URLhaus, was launched last March by abuse.ch, a non-profit organization based in Switzerland that has made a name for ... Read More
Security Boulevard
hackers

Wi-Fi Chip Firmware Flaws Enable Over-the-Air Hacking

Editor’s Note: This post was updated Jan. 29 to include a statement from Marvell Wi-Fi chips used in several gaming consoles, Chromebooks, streaming boxes, routers and other types of devices have several firmware vulnerabilities that could allow attackers to compromise those systems over the air with no user interaction. The ... Read More
Security Boulevard
Government, E-commerce Sites Hacked Through Database Tool

Government, E-commerce Sites Hacked Through Database Tool

For the past year, hackers—some of them associated with the MageCart online skimming group—have broken into high-profile online stores by exploiting a previously unknown vulnerability in a web-based database management tool. The vulnerability is located in Adminer, a simple tool written in PHP that allows administrators to manage a site’s ... Read More
Security Boulevard
Fortnite Attack Allowed Taking Over Player Accounts

Fortnite Attack Allowed Taking Over Player Accounts

Security researchers have found several vulnerabilities in the online game Fortnite that could have allowed hackers to break into player accounts, access their personal information, buy in-game currency with the linked credit cards and record their conversations. Fortnite is one of the most popular online games, with more than 125 ... Read More
Security Boulevard
Windows VCF Zero-Day Exploit Allows Remote Code Execution

Windows VCF Zero-Day Exploit Allows Remote Code Execution

A new unpatched vulnerability in Windows has been disclosed along with proof-of-concept exploit code. It could allow hackers to more easily install malware on computers, but it requires user interaction. The vulnerability was discovered by a security researcher named John Page, aka hyp3rlinx, who reported it to Microsoft in August ... Read More
Security Boulevard
ransomware, attack, healthcare

Ryuk Ransomware That Hit U.S. Newspapers Not State-Sponsored

According to reports from several cybersecurity firms, the Ryuk ransomware that reportedly recently disrupted operations at several U.S.-based newspapers is run by cybercriminals, not state-sponsored actors. Some online sources have attributed the Ryuk ransomware to North Korea, but according to the new research, it’s more likely run by a Russian ... Read More
Security Boulevard
AI cybersecurity

New Phishing Kit Allows Bypassing Two-Factor Authentication with Ease

Attackers have a new phishing tool in their arsenal, and it’s a powerful one. A penetration tester released an open source toolkit that can be used to easily set up phishing attacks that can bypass two-factor authentication (2FA). Dubbed Modlishka (Polish for mantis), the toolkit acts as a reverse proxy ... Read More
Security Boulevard