Security News

A trio of now-patched security issues in TorchServe, an open-source tool for scaling PyTorch machine-learning models in production, could lead to server takeover and remote code execution, according to security researchers. "The issues in TorchServe - an optional tool for PyTorch - were patched in August rendering the exploit chain described in this blog post moot," a Meta spokesperson told The Register.

Signal has announced an upgrade to its end-to-end encryption protocol to protect users of its popular messaging app from encryption-breaking attacks through quantum computers. "Quantum computing represents a new type of computational system which leverages quantum mechanical properties to solve certain complex problems many orders of magnitude more quickly than modern classical computers. Instead of bits as in a classical computer, quantum computers operate on qubits," explained Ehren Kret, CTO at Signal.

An updated version of a botnet malware called KmsdBot is now targeting Internet of Things devices, simultaneously branching out its capabilities and the attack surface. The malware is designed to scan random IP addresses for open SSH ports and brute-force the system with a password list downloaded from an actor-controlled server.

While 75% of organizations have made significant strides to upgrade their infrastructure in the past year, including the adoption of public cloud hosting and containerization, and 78% have increased their security budgets, only 2% of industry experts are confident in their security strategies, according to OPSWAT. Rapid evolution of web application security landscape. In today's rapidly evolving landscape of web application security, organizations are constantly striving to adapt and fortify their infrastructure, particularly with the rise of hybrid work environments.

Microsoft's Edge browser has recently enhanced its 'Edge Secure Network' feature, which now offers 5GB of data, significantly increasing from the previously offered 1GB. The Edge Secure Network uses Cloudflare's routing to encrypt your internet connection and secure your data against online threats, such as hacking attempts.Importantly, Microsoft ensures the user's Microsoft account identity is not shared with the service provider during a Secure Network connection.

Meta's WhatsApp has rolled out updates to its proxy feature, allowing more flexibility in the kind of content that can be shared in conversations. Support for proxy servers was officially launched by the messaging service earlier this January, thereby helping users circumvent government-imposed censorship and internet shutdowns and obtain indirect access to WhatsApp.

Google will add artificial intelligence to several online safety features and give users more insight into whether their information might have been posted on the dark web, the tech giant announced during the Google I/O conference on May 10. Google offers AI image generation and plans to roll out markups that will label those images as AI-generated in Search.

The developers of the Typhon info-stealer announced on a dark web forum that they have updated the malware to a major version they advertise as 'Typhon Reborn V2'. They boast significant improvements designed to thwart analysis via anti-virtualization mechanisms. The original Typhon was discovered by malware analysts in August 2022.

A suspected Chinese hacking campaign has been targeting unpatched SonicWall Secure Mobile Access appliances to install custom malware that establishes long-term persistence for cyber espionage campaigns.The deployed malware is customized for SonicWall devices and is used to steal user credentials, provide shell access to the attackers, and even persist through firmware upgrades.

Microsoft has addressed a known issue behind unsupported computers being offered Windows 11 22H2 upgrades and unable to complete the installation process. This has happened before, with Windows 11 22H2 being offered to Windows 11 Insiders in the Release Preview channel with ineligible devices.