Security News > 2023 > September

Microsoft reminds users Windows will disable insecure TLS soon
2023-09-03 14:20

Microsoft reminded users that insecure Transport Layer Security 1.0 and 1.1 protocols will be disabled soon in future Windows releases. The original TLS 1.0 specification and its TLS 1.1 successor have been used for nearly two decades, with TLS 1.0 initially introduced in 1999 and TLS 1.1 in 2006).

Children's snack recalled after its website caught serving porn
2023-09-03 10:06

Supermarket chain Lidl has been recalling four types of PAW Patrol-themed snacks across the UK. Except, the reason for the recall has got nothing to do with food contents, but the website listed on the snack's packaging serving porn. Rated R. Last month, Lidl stores across the UK started recalling four types of PAW Patrol snacks because of an issue with its packaging.

Championing cybersecurity regulatory affairs with Nidhi Gani
2023-09-03 09:56

Nidhi Gani is a seasoned regulatory affairs professional with over a decade of experience in cybersecurity, medical devices, and digital health. Nidhi works at Embecta as a Regulatory Affairs Software and Cybersecurity and is a Cybersecurity Fellow at the Archimedes Center for Health Care and Medical Device Cybersecurity at Northeastern University.

Week in review: 11 search engines for cybersecurity research, PoC for RCE in Juniper firewall released
2023-09-03 08:00

What does optimal software security analysis look like?In this Help Net Security interview, Kevin Valk, co-CEO at Codean, discusses the consequences of relying solely on automated tools for software security. Apple offers security researchers specialized iPhones to tinker withApple is inviting security researchers to apply for its Security Research Device Program again, to discover vulnerabilities and earn bug bounties.

PoC Exploit Released for Critical VMware Aria's SSH Auth Bypass Vulnerability
2023-09-03 04:42

Proof-of-concept exploit code has been made available for a recently disclosed and patched critical flaw impacting VMware Aria Operations for Networks. "A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI," VMware said earlier this week.

Chrome extensions can steal plaintext passwords from websites
2023-09-02 15:04

A team of researchers from the University of Wisconsin-Madison has uploaded to the Chrome Web Store a proof-of-concept extension that can steal plaintext passwords from a website's source code. An examination of the text input fields in web browsers revealed that the coarse-grained permission model underpinning Chrome extensions violates the principles of least privilege and complete mediation.

Fake YouPorn extortion scam threatens to leak your sex tape
2023-09-02 14:12

A new sextortion scam is making the rounds that pretends to be an email from the adult site YouPorn, warning that a sexually explicit video of you was uploaded to the site and suggesting you pay to have it taken down. Threat actors have created various email extortion scams, including ones that pretend to be hitman contracts, bomb threats, CIA investigations, threats of installing ransomware, and threats to infect your family with Coronavirus.

New ‘YouPorn’ sextortion scam threatens to leak your sex tape
2023-09-02 14:12

A new sextortion scam is making the rounds that pretends to be an email from the adult site YouPorn, warning that a sexually explicit video of you was uploaded to the site and suggesting you pay to have it taken down. In sextortion email scams the scammers pretend to have images or videos of you performing sexual acts and then demand money not publicly to publish them.

Yes, there's an npm package called @(-.-)/env and some others like it
2023-09-02 12:00

My colleague and Sonatype senior software engineer Lex Vorona came across not one but several npm packages that do not strictly follow naming conventions, or have rather striking names. That means, the package itself is called "-" but published under an oddly named scope "!-!" giving it a funky moniker altogether.

Cops drill into chat apps, sink plot to smuggle tonnes of coke into Europe
2023-09-02 07:55

Video Efforts by cops to seize and shut down encrypted messaging apps favored by criminals, and then mine their conversations for evidence, appear to have led to more arrests - plus the seizure of about 2.7 tonnes of cocaine. Europol on Friday celebrated its "Dismantling of a large drug-trafficking organization," following an investigation into a Balkan cartel that was suspected of smuggling coke into Europe from South America via sea.