Security List - 2024 2023 2021 2020 2019 2018
DATE | NAME | Info | CATEG. | WEB |
24.8.24 | Phrack hacker zine publishes new edition after three years | Phrack #71 has been released online and is available to read for free. This issue is the first to be released since 2021, marking a new chapter in the influential online magazine's history. | Security | |
21.8.24 | GitHub Actions artifacts found leaking auth tokens in popular projects | Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD workflows. | Security | |
11.8.24 | Microsoft 365 anti-phishing feature can be bypassed with CSS | Researchers have demonstrated a method to bypass an anti-phishing measure in Microsoft 365 (formerly Office 365), elevating the risk of users opening malicious emails.` | Security | |
9.8.24 | Crowdstrike: Delta Air Lines refused free help to resolve IT outage | The legal spars between Delta Air Lines and CrowdStrike are heating up, with the cybersecurity firm claiming that Delta's extended IT outage was caused by poor disaster recovery plans and the airline refusing to accept free onsite help in restoring Windows devices. | Security | |
9.8.24 | Countdown is on: Last chance for discount registration at Mandiant’s mWISE 2024 | There is only a few days left to get $300 off the standard conference price at mWISE. Learn more from mWise 2024 about how to get the discount and the upcoming cybersecurity sessions. | Security | |
7.8.24 | CrowdStrike Reveals Root Cause of Global System Outages | Cybersecurity company CrowdStrike has published its root cause analysis detailing the Falcon Sensor software update crash that | Security | The Hacker News |
4.8.24 | DigiCert to delay cert revocations for critical infrastructure | DigiCert urges critical infrastructure operators to request a delay if they cannot reissue their certificates, as required by an ongoing certificate mass-revocation process announced on Tuesday. | Security | |
27.7.24 | Google Chrome now asks for passwords to scan protected archives | Google Chrome now warns when downloading risky password-protected files and provides improved alerts with more information about potentially malicious downloaded files. | Security | |
26.7.24 | Google rolls back decision to kill third-party cookies in Chrome | Google has scrapped its plan to kill third-party cookies in Chrome and will instead introduce a new browser experience to allows users to limit how these cookies are used. | Security | |
25.7.24 | CrowdStrike Explains Friday Incident Crashing Millions of Windows Devices | Cybersecurity firm CrowdStrike on Wednesday blamed an issue in its validation system for causing millions of Windows devices to crash | Security | The Hacker News |
23.7.24 | Google Abandons Plan to Phase Out Third-Party Cookies in Chrome | Google on Monday abandoned plans to phase out third-party tracking cookies in its Chrome web browser more than four years | Security | The Hacker News |
22.7.24 | Microsoft releases Windows repair tool to remove CrowdStrike driver | Microsoft has released a custom WinPE recovery tool to find and remove the faulty CrowdStrike update that crashed an estimated 8.5 million Windows devices on Friday. | Security | |
20.7.24 | CrowdStrike update crashes Windows systems, causes outages worldwide | A faulty component in the latest CrowdStrike Falcon update is crashing Windows systems, impacting various organizations and services across the world, including airports, TV stations, and hospitals. | Security | |
20.7.24 | Exchange Online adds Inbound DANE with DNSSEC for security boost | Microsoft is rolling out inbound SMTP DANE with DNSSEC for Exchange Online in public preview, a new capability to boost email integrity and security. | Security | |
19.7.24 | Faulty CrowdStrike Update Crashes Windows Systems, Impacting Businesses Worldwide | Businesses across the world have been hit by widespread disruptions to their Windows workstations stemming from a faulty | Security | |
18.7.24 | June Windows Server updates break Microsoft 365 Defender features | Microsoft has confirmed that Windows Server updates from last month's Patch Tuesday break some Microsoft 365 Defender features that use the network data reporting service. | Security | |
15.7.24 | Banks in Singapore to phase out one-time passwords in 3 months | The Monetary Authority of Singapore (MAS) has announced a new requirement impacting all major retail banks in the country to phase out the use of one-time passwords (OTPs) within the next three months. | Security | |
15.7.24 | Singapore Banks to Phase Out OTPs for Online Logins Within 3 Months | Retail banking institutions in Singapore have three months to phase out the use of one-time passwords (OTPs) for authentication | Security | The Hacker News |
14.7.24 | Google increases bug bounty rewards five times, up to $151K | Google has announced a fivefold increase in payouts for bugs found in its systems and applications reported through its Vulnerability Reward Program, with a new maximum bounty of $151,515 for a single security flaw. | Security | |
5.7.24 | Proton launches free, privacy-focused Google Docs alternative | Proton has launched 'Docs in Proton Drive,' a free and open-source end-to-end encrypted web-based document editing and collaboration tool. | Security | |
5.7.24 | Google now pays $250,000 for KVM zero-day vulnerabilities | Google has launched kvmCTF, a new vulnerability reward program (VRP) first announced in October 2023 to improve the security of the Kernel-based Virtual Machine (KVM) hypervisor that comes with $250,000 bounties for full VM escape exploits. | Security | |
2.7.24 | Google Chrome to let Isolated Web App access sensitive USB devices | Google is working on a new Unrestricted WebUSB feature, which allows trusted isolated web apps to bypass security restrictions in the WebUSB API. | Security | |
30.6.24 | Google to Block Entrust Certificates in Chrome Starting November 2024 | Google has announced that it's going to start blocking websites that use certificates from Entrust starting around November 1, 2024, in its | Security | The Hacker News |
29.6.24 | Polyfill claims it has been 'defamed', returns after domain shut down | The owners of Polyfill.io have relaunched the JavaScript CDN service on a new domain after polyfill.io was shut down as researchers exposed it was delivering malicious code on upwards of 100,000 websites.. The Polyfill service claims that it has been "maliciously defamed" and been subject to "media messages slandering Polyfill." | Security | |
29.6.24 | Cloudflare: We never authorized polyfill.io to use our name | Cloudflare, a lead provider of content delivery network (CDN) services, cloud security, and DDoS protection has warned that it has not authorized the use of its name or logo on the Polyfill.io website, which has recently been caught injecting malware on more than 100,000 websites in a significant supply chain attack. | Security | |
| 16.6.24 | Microsoft: New Outlook security changes coming to personal accounts | Microsoft has announced new cybersecurity enhancements for Outlook personal email accounts as part of its 'Secure Future Initiative,' including the deprecation of basic authentication (username + password) by September 16, 2024. | Security | |
| 16.6.24 | Mozilla Firefox can now secure access to passwords with device credentials | Mozilla Firefox finally allows you to further protect local access to stored credentials in the browser's password manager using your device's login, including a password, fingerprint, pin, or other biometrics | Security | |
| 15.6.24 | AWS adds passkeys support, warns root users must enable MFA | Amazon Web Services (AWS) has introduced FIDO2 passkeys as a new method for multi-factor authentication (MFA) to enhance account security and usability. | Security | |
| 14.6.24 | Google's Privacy Sandbox Accused of User Tracking by Austrian Non-Profit | Google's plans to deprecate third-party tracking cookies in its Chrome web browser with Privacy Sandbox has run into fresh trouble | Security | The Hacker News |
| 9.6.24 | LastPass says 12-hour outage caused by bad Chrome extension update | LastPass says its almost 12-hour outage yesterday was caused by a bad update to its Google Chrome extension. | Security | |
| 8.6.24 | Google Chrome reduced cookie requests to improve performance | Google shared details on a recently introduced Chrome feature that changes how cookies are requested, with early tests showing increased performance across all platforms. | Security | |
| 8.6.24 | Microsoft deprecates Windows NTLM authentication protocol | Microsoft has officially deprecated NTLM authentication on Windows and Windows servers, stating that developers should transition to Kerberos or Negotiation authentication to prevent problems in the future. | Security | |
6.6.24 | Google Maps Timeline Data to be Stored Locally on Your Device for Privacy | Google has announced plans to store Maps Timeline data locally on users' devices instead of their Google account effective December 1, | Security | |
5.6.24 | 4-Step Approach to Mapping and Securing Your Organization's Most Critical Assets | You're probably familiar with the term "critical assets". These are the technology assets within your company's IT infrastructure that are | Security | The Hacker News |
| 3.6.24 | Kaspersky releases free tool that scans Linux for known threats | Kaspersky has released a new virus removal tool named KVRT for the Linux platform, allowing users to scan their systems and remove malware and other known threats for free. | Security | |
3.6.24 | Google Chrome change that weakens ad blockers begins June 3rd | Google is continuing with its plan to phase out Manifest V2 extensions in Chrome starting in early June 2024, weakening the abilities of ad blockers. | Security | |
29.5.24 | Ad blocker users say YouTube videos are now skipping to the end | Many users report that YouTube videos automatically skip to the end or muting video if they are using an ad blocker, making it impossible for them to watch the video. | Security | |
25.5.24 | LastPass is now encrypting URLs in password vaults for better security | LastPass announced it will start encrypting URLs stored in user vaults for enhanced privacy and protection against data breaches and unauthorized access. | Security | |
25.5.24 | Bitbucket artifact files can leak plaintext authentication secrets | Threat actors were found breaching AWS accounts using authentication secrets leaked as plaintext in Atlassian Bitbucket artifact objects. | Security | |
11.5.24 | Zscaler takes "test environment" offline after rumors of a breach | Zscaler says that they discovered an exposed "test environment" that was taken offline for analysis after rumors circulated that a threat actor was selling access to the company's systems. | Security | |
| 6.5.24 | Microsoft rolls out passkey auth for personal Microsoft accounts | Microsoft announced that Windows users can now log into their Microsoft consumer accounts using a passkey, allowing users to authenticate using password-less methods such as Windows Hello, FIDO2 security keys, biometric data (facial scans or fingerprints), or device PINs. | Security | |
| 3.5.24 | Google Announces Passkeys Adopted by Over 400 Million Accounts | Google on Thursday announced that passkeys are being used by over 400 million Google accounts, authenticating users more | Security | The Hacker News |
| 30.4.24 | Navigating the Threat Landscape: Understanding Exposure Management, Pentesting, Red Teaming and RBVM | It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever- | Security | The Hacker News |
| 27.4.24 | Google Meet opens client-side encrypted calls to non Google users | Google is updating the client-side encryption mechanism for Google Meet to allow external participants, including those without Google accounts, to join encrypted calls. | Security | |
| 26.4.24 | Google Postpones Third-Party Cookie Deprecation Amid U.K. Regulatory Scrutiny | Google has once again pushed its plans to deprecate third-party tracking cookies in its Chrome web browser as it works to address | Security | The Hacker News |
| 17.4.24 | UK e-visa rollout starts today for millions: no more physical immigration cards | Starting today, millions living in the UK will receive email invitations to sign up for an e-visa account that will replace their physical immigration documents like Biometric Residence Permits (BRPs). The move is, according to the Home Office, "a key step in creating a modernised and digital border." | Security | |
| 17.4.24 | Google to crack down on third-party YouTube apps that block ads | YouTube announced yesterday that third-party applications that block ads while watching YouTube videos violates its Terms of Service (ToS), and it will soon start taking action against the apps. | Security | |
| 16.4.24 | OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt | Security researchers have uncovered a "credible" takeover attempt targeting the OpenJS Foundation in a manner that evokes | Security | The Hacker News |
| 16.4.24 | AWS, Google, and Azure CLI Tools Could Leak Credentials in Build Logs | New cybersecurity research has found that command-line interface (CLI) tools from Amazon Web Services (AWS) and Google Cloud | Security | The Hacker News |
| 16.4.24 | OpenTable won't add first names, photos to old reviews after backlash | OpenTable has reversed its decision to show members' first names and profile pictures in past anonymous reviews after receiving backlash from members who felt it was a breach of privacy. | Security | BleepingComputer |
| 13.4.24 | Chrome Enterprise gets Premium security but you have to pay for it | Google has announced a new version of its browser for organizations, Chrome Enterprise Premium, which comes with extended security controls for a monthly fee per user. | Security | |
| 13.4.24 | Google Workspace rolls out multi-admin approval feature for risky changes | Google is rolling out a new Workspace feature that requires multiple admins to approve high-risk setting changes to prevent unauthorized or accidental modifications that could reduce security. | Security | |
| 11.4.24 | Implementing container security best practices using Wazuh | Maintaining visibility into container hosts, ensuring best practices, and conducting vulnerability assessments are necessary to ensure effective security. In this article Wazuh explores how its software can help implement best security practices for containerized environments. | Security | |
| 4.4.24 | Google agrees to delete Chrome browsing data of 136 million users | Google has agreed to delete billions of data records collected from 136 million Chrome users in the United States, as part of a lawsuit settlement regarding alleged undisclosed browser data collection while in Incognito mode. | Security | |
| 2.4.24 | Google to Delete Billions of Browsing Records in 'Incognito Mode' Privacy Lawsuit Settlement | Google has agreed to purge billions of data records reflecting users' browsing activities to settle a class action lawsuit that claimed the | Security | The Hacker News |
| 24.3.24 | Opera sees big jump in EU users on iOS, Android after DMA update | Opera has reported a substantial 164% increase in new European Union users on iOS devices after Apple introduced a new feature to comply with the EU's Digital Markets Act (DMA). | Security | |
| 23.3.24 | Flipper Zero makers respond to Canada’s ‘harmful’ ban proposal | The makers of Flipper Zero have responded to the Canadian government's plan to ban the device in the country, arguing that it is wrongfully accused of facilitating car thefts. | Security | |
| 23.3.24 | Misconfigured Firebase instances leaked 19 million plaintext passwords | Three cybersecurity researchers discovered close to 19 million plaintext passwords exposed on the public internet by misconfigured instances of Firebase, a Google platform for hosting databases, cloud computing, and app development. | Security | |
| 16.3.24 | Former telecom manager admits to doing SIM swaps for $1,000 | A former manager at a telecommunications company in New Jersey pleaded guilty to conspiracy charges for accepting money to perform unauthorized SIM swaps that enabled an accomplice to hack customer accounts. | Security | |
| 16.3.24 | McDonald's IT systems outage impacts restaurants worldwide | McDonald's restaurants are suffering global IT outages that prevent employees from taking orders and accepting payments, causing some stores to close for the day. | Security | |
| 16.3.24 | Tech support firms Restoro, Reimage fined $26 million for scare tactics | Tech support companies Restoro and Reimage will pay $26 million to settle charges that they used scare tactics to trick their customers into paying for unnecessary computer repair services. | Security | |
| 15.3.24 | Google Introduces Enhanced Real-Time URL Protection for Chrome Users | Google on Thursday announced an enhanced version of Safe Browsing to provide real-time, privacy-preserving URL protection and safeguard users | Security | The Hacker News |
| 13.3.24 | Tor’s new WebTunnel bridges mimic HTTPS traffic to evade censorship | The Tor Project officially introduced WebTunnel, a new bridge type specifically designed to help bypass censorship targeting the Tor network by hiding connections in plain sight. | Security | |
| 13.3.24 | Google paid $10 million in bug bounty rewards last year | Google awarded $10 million to 632 researchers from 68 countries in 2023 for finding and responsibly reporting security flaws in the company's products and services. | Security | |
| 13.3.24 | Tuta Mail adds new quantum-resistant encryption to protect email | Tuta Mail has announced TutaCrypt, a new post-quantum encryption protocol to secure communications from powerful and anticipated decryption attacks. | Security | |
| 6.3.24 | Passwords are Costing Your Organization Money - How to Minimize Those Costs | Getting rid of passwords completely isn't a realistic option for most orgs, but there are things you can do to make them more secure. Learn more from Specops Software on maximizing security while mitigating costs. | Security | |
| 3.3.24 | News farm impersonates 60+ major outlets: BBC, CNN, CNBC, Guardian... | BleepingComputer has discovered a content farm operating some 60+ domains named after popular media outlets, including the BBC, CNBC, CNN, Forbes, Huffington Post, The Guardian, and Washington Post, among others. These sites build SEO for their online gambling ventures and sell "press release" slots at hefty prices. | Security | |
| 3.3.24 | GitHub enables push protection by default to stop secrets leak | GitHub has enabled push protection by default for all public repositories to prevent accidental exposure of secrets such as access tokens and API keys when pushing new code. | Security | |
| 1.3.24 | GitHub Rolls Out Default Secret Scanning Push Protection for Public Repositories | GitHub on Thursday announced that it's enabling secret scanning push protection by default for all pushes to public repositories. "This means that | Security | The Hacker News |
| 29.2.24 | PayPal files patent for new method to detect stolen cookies | PayPal has filed a patent application for a novel method that can identify when "super-cookie" is stolen, which could improve the cookie-based authentication mechanism and limit account takeover attacks. | Security | |
| 25.2.24 | RCMP investigating cyber attack as its website remains down | The Royal Canadian Mounted Police (RCMP), Canada's national police force has disclosed that it recently faced a cyber attack targeting its networks. The federal body has started its criminal investigation into the matter as it works to determine the scope of the security breach. | Security | |
| 25.2.24 | Apple adds PQ3 quantum-resistant encryption to iMessage | Apple is adding to the iMessage instant messaging service a new post-quantum cryptographic protocol named PQ3, designed to defend encryption from quantum attacks. | Security | |
| 23.2.24 | New Google Chrome feature blocks attacks against home networks | Google is testing a new feature to prevent malicious public websites from pivoting through a user's browser to attack devices and services on internal, private networks. | Security | |
| 23.2.24 | Wyze investigating 'security issue' amid ongoing outage | Wyze Labs is investigating a security issue while experiencing a service outage that has been causing connectivity issues since this morning. | Security | |
| 23.2.24 | Apple Unveils PQ3 Protocol - Post-Quantum Encryption for iMessage | Apple has announced a new post-quantum cryptographic protocol called PQ3 that it said will be integrated into iMessage to secure the messaging | Security | The Hacker News |
| 18.2.24 | DuckDuckGo browser gets end-to-end encrypted sync feature | The DuckDuckGo browser has unveiled a new end-to-end encrypted Sync & Backup feature that lets users privately and securely synchronize their bookmarks, passwords, and Email Protection settings across multiple devices. | Security | |
| 17.2.24 | 5 Steps to Improve Your Security Posture in Microsoft Teams | Microsoft Teams is susceptible to a growing number of cybersecurity threats as its massive user base is an attractive target for cybercriminals. Learn more from Adaptive Shield on how to increase your Microsoft Teams security posture. | Security | |
| 10.2.24 | Canada to ban the Flipper Zero to stop surge in car thefts | The Canadian government plans to ban the Flipper Zero and similar devices after tagging them as tools thieves can use to steal cars. | Security | |
| 10.2.24 | Microsoft: Outlook clients not syncing over Exchange ActiveSync | Microsoft warned Outlook for Microsoft 365 users that clients might have issues connecting to email servers via Exchange ActiveSync after a January update. | Security | |
| 9.2.24 | How to Apply Zero Trust to your Active Directory | With cyberattacks happening everyday, how can we apply zero trust principles towards keeping our Active Directory secure? Learn more from Specops Software on how to apply zero trust principles. | Security | |
| 4.2.24 | Check if you're in Google Chrome's third-party cookie phaseout test | Google has started testing the phasing out of third-party cookies on Chrome, affecting about 1% of its users or approximately 30 million people. Learn how to check if you are part of the initial test. | Security | |
2.2.24 | Microsoft says Outlook apps can’t connect to Outlook.com | Microsoft is investigating an issue that prevents Outlook and other email clients from connecting when using an Outlook.com account. | Security | |
1.2.24 | Role of Wazuh in building a robust cybersecurity architecture | Leveraging open source solutions and tools to build a cybersecurity architecture offers organizations several benefits. Learn more from Wazuh about the benefits of open source solutions. | Security | |
| 1.2.24 | How to secure AD passwords without sacrificing end-user experience | To increase password security, regulatory bodies recommend longer and unique passwords. Despite this, many still stick to using the same easy-to-guess passwords for the sake of convenience. | Security | |
26.1.24 | Perfecting the Defense-in-Depth Strategy with Automation | Medieval castles stood as impregnable fortresses for centuries, thanks to their meticulous design. Fast forward to the digital age, and this medieval wisdom | Security | The Hacker News |
20.1.24 | Haier hits Home Assistant plugin dev with takedown notice | Appliances giant Haier reportedly issued a takedown notice to a software developer for creating Home Assistant integration plugins for the company's home appliances and releasing them on GitHub. | Security | |
20.1.24 | Have I Been Pwned adds 71 million emails from Naz.API stolen account list | Have I Been Pwned has added almost 71 million email addresses associated with stolen accounts in the Naz.API dataset to its data breach notification service. | Security | |
19.1.24 | Latest Adblock update causes massive YouTube performance hit | Adblock and Adblock Plus users report performance issues on YouTube, initially blamed on Google but later determined to be an issue in the popular ad-blocking extension. | Security | |
12.1.24 | Bitwarden adds passkey support to log into web password vaults | The open-source Bitwarden password manager has announced that all users can now log in to their web vaults using a passkey instead of the standard username and password pairs. | Security | |
12.1.24 | Unifying Security Tech Beyond the Stack: Integrating SecOps with Managed Risk and Strategy | Cybersecurity is an infinite journey in a digital landscape that never ceases to change. According to Ponemon Institute 1 , "only 59% of organizations say | Security | The Hacker News |
11.1.24 | Criminal IP and Tenable Partner for Swift Vulnerability Detection | Cyber Threat Intelligence (CTI) search engine Criminal IP has established a technical partnership with Tenable. Learn more from Criminal IP about how this partnership can assist in real-time vulnerability and maliciousness scans. | Security | |
7.1.24 | Unifying Security Tech Beyond the Stack: Integrating SecOps with Managed Risk and Strategy | Cybersecurity is an infinite journey in a digital landscape that never ceases to change. According to Ponemon Institute1, "only 59% of organizations say their | Security | The Hacker News |
4.1.24 | PornHub blocks North Carolina, Montana over new age verification laws | Adult media giant Aylo has blocked access to many of its websites, including PornHub, to visitors from Montana and North Carolina as new age verifications laws go into effect. | Security | |
4.1.24 | Steam drops support for Windows 7 and 8.1 to boost security | Steam is no longer supported on Windows 7, Windows 8, and Windows 8.1 as of January 1, with the company recommending users upgrade to a newer operating system. | Security | |
4.1.24 | The biggest cybersecurity and cyberattack stories of 2023 | 2023 was a big year for cybersecurity, with significant cyberattacks, data breaches, new threat groups emerging, and, of course, zero-day vulnerabilities. | Security | |
3.1.24 | Google Settles $5 Billion Privacy Lawsuit Over Tracking Users in 'Incognito Mode' | Google has agreed to settle a lawsuit filed in June 2020 that alleged that the company misled users by tracking their surfing activity who thought.. | Security |