Security News > 2021 > September

Privacy-centric communications specialist Proton, best known for its ProtonMail encrypted email platform, has announced the appointment of web daddy Sir Tim Berners-Lee to its advisory board. "I'm delighted to join Proton's advisory board and support Proton on their journey," Sir Tim said of the appointment.

Christopher Ford: Supervised and unsupervised learning are techniques that help to facilitate different use cases within the sphere of machine learning. In the machine learning world, labeled data is data that you, as a human, go through and describe to your machine learning system.

The ActiveX code activates the Windows MSHTML component, used for viewing web pages, exploits a bug in it to give itself the same level of control that you yourself would have right from the Windows desktop, and uses it to implant malware of the attacker's choice. MSHTML isn't a full-on browser, like Internet Explorer or Edge, but is a part of the operating system that can be used to create browsers or browser-like applications that need or want to display HTML files.

A new report from consumer website Comparitech looks at dark web selling prices for credit cards and PayPal accounts in particular. Credit cards are sold on the dark web either as digital items or physical clones of real cards.

Three weeks after an independent researcher found a critical bug in the Services Australia COVID-19 digital vaccine certificate that would allow an attacker to falsify someone's vaccine status, it still hasn't been fixed. Researcher Richard Nelson looked into the security behind a new digital vaccine passport app from the Australian government's Express Plus Medicare program, which automatically pulls someone's vaccine status from the Australian Immunization Register.

The OpenSSL team has released version 3.0 of its eponymous secure communications library after a lengthy gestation period. Coming nearly three years after its predecessor, version 1.1.1, the update lays claim to 17 alpha releases, two beta releases, and more than 7,500 commits.

The TeamTNT malware pushers have a slew of new toys with which to wreak havoc - multiple shell/batch scripts, open-source tools, a cryptocurrency miner, an IRC and more - that have inflicted more than 5,000 infections globally as antivirus tools struggle to catch up with the newest malware. TeamTNT typically uses open-source tools for its dirty work.

Affecting Windows desktops and servers, the attacks exploit an MSHTML vulnerability by using specially crafted Microsoft Office documents. Microsoft has raised alarm bells over a new cyberattack that's actively targeting Windows users by exploiting a security flaw through malicious Office documents.

The private Howard University in Washington disclosed that it suffered a ransomware attack late last week and is currently working to restore affected systems. The attack took offline a large number of university systems, leading to reduced operations.

Sites used by the infamous cybercrime group have mysteriously come back to life. Following a two-month disappearing act in which its internet-faced servers went offline, the REvil ransomware group has popped up again.