Security News > 2024 > April

Microsoft is now using a Windows driver to prevent users from changing the Windows 10 and Windows 11 default browser manually or through software. SetDefaultBrowser works similarly but is only for changing the default browser in Windows.

How Google plans to make stolen session cookies worthless for attackersGoogle is working on a new security feature for Chrome called Device Bound Session Credentials, meant to prevent attackers from using stolen session cookies to gain access user accounts. A "Cascade" of errors let Chinese hackers into US government inboxesMicrosoft still doesn't known how Storm-0558 attackers managed to steal the Microsoft Services Account cryptographic key they used to forge authentication tokens needed to access email accounts belonging to US government officials.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

The U.S. Department of Health and Human Services warns that hackers are now using social engineering tactics to target IT help desks across the Healthcare and Public Health sector. The sector alert issued by the Health Sector Cybersecurity Coordination Center this week says these tactics have allowed attackers to gain access to targeted organizations' systems by enrolling their own multi-factor authentication devices.

A threat researcher has disclosed a new arbitrary command injection and hardcoded backdoor flaw in multiple end-of-life D-Link Network Attached Storage device models. The two main issues contributing to the flaw, tracked as CVE-2024-3273, are a backdoor facilitated through a hardcoded account and a command injection problem via the "System" parameter.

Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites. The attack leverages CVE-2024-20720 (CVSS score: 9.1), which has been...

Microsoft says Windows 10 updates released since the start of the year are breaking Microsoft Connected Cache node discovery on enterprise networks. "After installing the January 2024 non-security update, released January 23, 2024, or later updates, some Windows devices which use the DHCP Option 235 for discovery of Microsoft Connected Cache nodes in their network might be unable to use the MCC nodes," Microsoft explains.

Ransomware attacks targeting VMware ESXi and other virtual machine platforms are wreaking havoc among the enterprise, causing widespread disruption and loss of services. Panera's massive IT outage last month that took down internal systems, the website, mobile apps, and phones was caused by a ransomware attack encrypting the company's virtual machines.

William April 5, 2024 5:21 PM. Could you imagine discovering that your identity had been used to take out fraudulent loans and when you tried to resolve the issue and didn't know the answers to the account security questions connected to the loans, but instead provided your California state ID and Social Security card you were instead arrested, charged with multiple felonies, jailed for over a year, incarcerated in a mental hospital for over a year where you were given psychotropic drugs and eventually released with a criminal record and a judge's order that you could no longer use your real name? As dystopian as this might sound, it actually happened.

Figure A. Both countries will now "Align their scientific approaches" and work together to "Accelerate and rapidly iterate robust suites of evaluations for AI models, systems, and agents." This action is being taken to uphold the commitments established at the first global AI Safety Summit last November, where governments from around the world accepted their role in safety testing the next generation of AI models. The MoU primarily relates to moving forward on plans made by the AI Safety Institutes in the U.K. and U.S. The U.K.'s research facility was launched at the AI Safety Summit with the three primary goals of evaluating existing AI systems, performing foundational AI safety research and sharing information with other national and international actors.