Security News

We'll refer to this one a Fourthytuesday instead, now that Firefox has reduced its update wavelength to four weeks to get important-but-not-zero-day-critical fixes out just that bit more frequently. If your automatic update hasn't happened yet, a manual check will let you "Jump the queue" and get the update a bit sooner.

A vulnerability in the Point-to-Point Protocol Daemon software, which comes installed on many Linux-based and Unix-like operating systems and networking devices, can be exploited by unauthenticated attackers to achieve code execution on - and takeover of - a targeted system. Pppd is a daemon that is used to manage PPP session establishment and session termination between two nodes on Unix-like operating systems.

The CNAME points to a subdomain on a hosting service like Azure, which allows users to create websites using subdomains of. No verification, no alert to Microsoft that one of their old subdomains has been taken over, and no easy way for enterprise security systems to detect that this apparently legit domain is anything but.

SAN FRANCISCO - Researchers have discovered several high-severity vulnerabilities in a connected vacuum cleaner. The security holes could give remote attackers the capability to launch an array of attacks - from a denial of service attack that renders the vacuum unusable, to viewing private home footage through the vacuum's embedded camera.

Online music platform SoundCloud, which can be thought of as an audio-based YouTube for music creators, has addressed several security bugs in its APIs that could lead to denial-of-service or account takeover via credential-stuffing. According to researcher Paulo Silva of Checkmarx Security Research, three different groups of security vulnerabilities were found in the platform: A authentication issue which could lead to account takeover; a rate-limiting bug that could lead to DoS; and an improper input validation.

Twitter for Android users are urged to update their app to fend off a security bug that allows hackers to access private account data and control accounts to send tweets and direct messages.

One flaw found in WordPress plugins Ultimate Addons for Beaver Builder and Ultimate Addons for Elementor is actively being exploited.

Microsoft recently addressed an OAuth 2.0 vulnerability that could allow an attacker to take over Azure accounts. The issue impacts specific Microsoft OAuth 2.0 applications and allows an attacker...

It’s important for businesses of all sizes to not only view their suppliers’ attack surface as their own but also extend some of their security protections.

Account takeover and credential stuffing attacks are two security threats that often go hand in hand. Both have become alarmingly prominent: a recent report found that one-fifth of account...