General Cyber News via Ars Technica Risk Assessment

Office 2021 will be available for non-Microsoft 365 subscribers on October 5

New release won't get new features like the subscription versions of Office.
Publish Date: 9/16/2021
read more -->

Anonymous leaks gigabytes of data from alt-right web host Epik

Clients include 8chan, Parler, and Gab, among others.
Publish Date: 9/15/2021
read more -->

Microsoft accounts can go passwordless, making “password123” a thing of the past

Passwordless accounts rely on MS Authenticator or a security key for login.
Publish Date: 9/15/2021
read more -->

Travis CI flaw exposed secrets of thousands of open source projects

Developers furious at Travis CI's "insanely embarrassing 'security bulletin.'"
Publish Date: 9/14/2021
read more -->

Apple patches “FORCEDENTRY” zero-day exploited by Pegasus spyware

Zero-click flaw has been exploited by NSO since at least February 2021.
Publish Date: 9/14/2021
read more -->

Security researchers at Wiz discover another major Azure vulnerability

A little-known management service handed unauthenticated attackers root access.
Publish Date: 9/14/2021
read more -->

Infosec researchers say Apple’s bug-bounty program needs work

Apple allegedly pays less for bugs than its competitors do—and pays more slowly.
Publish Date: 9/9/2021
read more -->

WhatsApp “end-to-end encrypted” messages aren’t that private after all

Millions of WhatsApp messages are reviewed by both AI and human moderators.
Publish Date: 9/8/2021
read more -->

ProtonMail removed “we do not keep any IP logs” from its privacy policy

Swiss courts compelled it to log and disclose a user's IP and browser fingerprint.
Publish Date: 9/7/2021
read more -->

Microsoft Outlook shows real person’s contact info for IDN phishing emails

IDN homograph attacks were a problem to begin with. Outlook just made 'em worse.
Publish Date: 9/7/2021
read more -->

Why ransomware hackers love a holiday weekend

Looking forward to Labor Day? So are ruthless gangs of cybercriminals.
Publish Date: 9/5/2021
read more -->

A brief overview of IBM’s new 7 nm Telum mainframe CPU

A typical Telum-powered mainframe offers 256 cores at a base clock of 5+GHz.
Publish Date: 9/2/2021
read more -->

NPM package with 3 million weekly downloads had a severe vulnerability

Untrusted JavaScript config file can execute arbitrary code.
Publish Date: 9/2/2021
read more -->

Windows 11 arrives on October 5, Android apps will come later

Phased rollout will see all compatible PCs updated by "mid-2022."
Publish Date: 8/31/2021
read more -->

Coinbase erroneously reported 2FA changes to 125,000 customers

The unexpected 2FA notifications led some customers to panic-sell everything.
Publish Date: 8/30/2021
read more -->

Not enough backup power: AT&T and T-Mobile suffer big outages in Louisiana

AT&T and T-Mobile struggle while Verizon says its "network remains resilient."
Publish Date: 8/30/2021
read more -->

A bad solar storm could cause an “Internet apocalypse”

Undersea cables would be hit especially hard by a coronal mass ejection.
Publish Date: 8/29/2021
read more -->

“Worst cloud vulnerability you can imagine” discovered in Microsoft Azure

30% of Cosmos DB customers were notified—more are likely impacted.
Publish Date: 8/27/2021
read more -->

Need to get root on a Windows box? Plug in a Razer gaming mouse

Razer's automatically downloaded installer exposes a SYSTEM shell to any user.
Publish Date: 8/26/2021
read more -->

Nude hunt: LA phisherman accessed 4,700 iCloud accounts, 620K photos

The attacker seems to have relied on social engineering to hoodwink his victims.
Publish Date: 8/25/2021
read more -->


Copyright Ⓒ 2010 SecuritySpecifiers™