Security News

An American judge has ruled that NSO Group is responsible for the spyware attack on fourteen hundred WhatsApp users in 2019. WhatsApp director Will Cathcart calls the ruling a ‘major victory’ for privacy. Citizen Lab security researcher and spyware expert John Scott-Railton calls it a big win for spyware victims and a big loss for […]

A critical vulnerability in Sophos’ firewalls allows remote code execution or could give an attacker SSH access. The company has released security updates to fix the problem. The first critical vulnerability (CVE-2024-12727) allows an unauthenticated attacker to perform SQL Injection, thereby gaining access to a firewall database. If the firewall has a specific configuration and

Microsoft has announced that it is stopping for the time being the distribution of a security update focused on a spoofing vulnerability in Exchange Server. This is due to customer issues that lead set transport rules to malfunction which is detrimental to mail delivery. The vulnerability (CVE-2024-49040) allows an attacker to weaponize the Exchange servers

In March’s Patch Tuesday, Microsoft released updates to address 61 vulnerabilities, including two critical flaws in Microsoft Hyper-V, its virtualization software that enables the creation of virtual machines (VMs).

Apple recently unveiled a policy allowing developers to distribute iPhone apps directly from their websites, a move that has met with backlash due to its restrictive eligibility criteria. Developers are only considered for this ‘web distribution’ route if they have an app listed in the Apple App Store with over a million downloads and have

In Canada, a 34-year-old man holding dual Russian and Canadian nationality has been handed a four-year prison term and fined 860,000 Canadian dollars for his role in launching cyberattacks using the LockBit ransomware. His arrest occurred in late 2022, moments before he could secure access to his laptop.

Ledger, a provider of cryptocurrency wallets, has reported a significant loss for its users. Criminals distributed a malicious version of the Ledger Connect Kit through a phishing attack on a former employee. This kit is a crucial JavaScript library that links Ledger crypto wallets to third-party applications, also known as wallet-connected websites.

Windows 10 and 11 users will soon notice changes when logging into Microsoft apps. A new prompt will ask if they want to use their Windows account for the login. This update is Microsoft’s response to comply with the Digital Markets Act (DMA).

Proton Mail, a well-known email service provider, has expanded its offerings by launching a desktop application for macOS and Windows users. They also announced plans to introduce a version for Linux users in the early part of next year. Proton’s CEO, Andy Yen, stated that although many users typically access email through a browser on

Global attackers actively exploit a severe vulnerability in Apache Struts 2, a popular open-source framework for developing Java web applications and websites. This alert comes from Australian and French authorities who anticipate widespread abuse. The Apache Foundation responded on December 7 with security updates to address this vulnerability, CVE-2023-50164.