Security News > 2024 > April

YouTube announced yesterday that third-party applications that block ads while watching YouTube videos violates its Terms of Service, and it will soon start taking action against the apps. Google exposes numerous APIs allowing developers to integrate YouTube into their applications, showing videos or retrieving data about videos hosted on the platform.

A vulnerability in PuTTY, a popular SSH and Telnet client, could allow attackers to recover NIST P-521 client keys due to the "Heavily biased" ECDSA nonces, researchers have discovered. According to PuTTY maintainers, 521-bit ECDSA is the only affected key type.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Cisco warns about a large-scale credential brute-forcing campaign targeting VPN and SSH services on Cisco, CheckPoint, Fortinet, SonicWall, and Ubiquiti devices worldwide. The researchers say the attacks started on March 18, 2024, while all attacks originate from TOR exit nodes and various other anonymization tools and proxies, which the threat actors use to evade blocks.

Google's Chrome web browser held a 64.41% command of the global browser market share in January 2024. This guide, written by Jack Wallen for TechRepublic Premium, will provide you with some of the most important tips for using Google's Chrome web browser.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Hackers have managed to compromise a telephony provider for Duo, the Cisco-owned company providing secure access solutions, and steal MFA SMS message logs of Duo customers."The threat actor downloaded message logs for SMS messages that were sent to certain users under your Duo account between March 1, 2024 and March 31, 2024," the Cisco Data Privacy and Incident Response Team notified its MSP partners.

Security researchers have uncovered a "credible" takeover attempt targeting the OpenJS Foundation in a manner that evokes similarities to the recently uncovered incident aimed at the open-source...

A vulnerability tracked as CVE-2024-31497 in PuTTY 0.68 through 0.80 could potentially allow attackers with access to 60 cryptographic signatures to recover the private key used for their generation. PuTTY is a popular open-source terminal emulator, serial console, and network file transfer application that supports SSH, Telnet, SCP, and SFTP. System administrators and developers predominantly use the software to remotely access and manage servers and other networked devices over SSH from a Windows-based client.

UnitedHealth Group reported an $872 million impact on its Q1 earnings due to the ransomware attack disrupting the U.S. healthcare system since February. Change Healthcare is the biggest payment exchange platform used by doctors, healthcare providers, and over 70,000 pharmacies within the United States healthcare system.