Welcome to another Afternoon Dessert breakout:
Microsoft: Support for Windows 10 21H1 ending in December
Microsoft reminded customers that all editions of Windows 10, version 21H1 would reach the end of servicing (EOS) on December 13, 2022. [...]
Read more....
New npm timing attack could lead to supply chain attacks
Security researchers have discovered an npm timing attack that reveals the names of private packages so threat actors can release malicious clones publicly to trick developers into using them instead. [...]
Read more....
Scribe Platform: End-to-end Software Supply Chain Security
As software supply chain security becomes more and more crucial, security, DevSecOps, and DevOps teams are more challenged than ever to build transparent trust in the software they deliver or use. In fact, in Gartner recently published their 2022 cybersecurity predictions - not only do they anticipate the continued expansion of attack surfaces in the near future, they also list digital supply
Read more....
Google Rolling Out Passkey Passwordless Login Support to Android and Chrome
Google on Wednesday officially rolled out support for passkeys, the next-generation authentication standard, to both Android and Chrome. "Passkeys are a significantly safer replacement for passwords and other phishable authentication factors," the tech giant said. "They cannot be reused, don't leak in server breaches, and protect users from phishing attacks." The feature was first
Read more....
Hackers Using Vishing to Trick Victims into Installing Android Banking Malware
Malicious actors are resorting to voice phishing (vishing) tactics to dupe victims into installing Android malware on their devices, new research from ThreatFabric reveals. The Dutch mobile security company said it identified a network of phishing websites targeting Italian online-banking users that are designed to get hold of their contact details. Telephone-oriented attack delivery (TOAD), as
Read more....
Aruba fixes critical RCE and auth bypass flaws in EdgeConnect
Aruba has released security updates for the EdgeConnect Enterprise Orchestrator, addressing multiple critical severity vulnerabilities that enable remote attackers to compromise the host. [...]
Read more....
Microsoft Defender adds command and control traffic detection
Microsoft has added command-and-control (C2) traffic detection capabilities to its Microsoft Defender for Endpoint (MDE) enterprise endpoint security platform. [...]
Read more....
Mystery iPhone update patches against iOS 16 mail crash-attack
The problem with crashy messaging apps is that *other people* get to choose if and when to send you messages...
Read more....
Move over Patch Tuesday – it’s Ada Lovelace Day!
Hacking on actual computers is one thing, but hacking purposefully on imaginary computers is, these days, something we can only imagine.
Read more....
Patch Tuesday in brief – one 0-day fixed, but no patches for Exchange!
There's a zero-day patch, but it's not for the zero-day you thought.
Read more....
Signal will remove support for SMS text messages on Android
Signal says it will start to phase out SMS and MMS message support from its Android app to streamline the user experience and prioritize security and privacy. [...]
Read more....
Microsoft: Support for Windows 10 21H1 ending in December
Microsoft reminded customers that all editions of Windows 10, version 21H1 would reach the end of servicing (EOS) on December 13, 2022. [...]
Read more....
New npm timing attack could lead to supply chain attacks
Security researchers have discovered an npm timing attack that reveals the names of private packages so threat actors can release malicious clones publicly to trick developers into using them instead. [...]
Read more....
Scribe Platform: End-to-end Software Supply Chain Security
As software supply chain security becomes more and more crucial, security, DevSecOps, and DevOps teams are more challenged than ever to build transparent trust in the software they deliver or use. In fact, in Gartner recently published their 2022 cybersecurity predictions - not only do they anticipate the continued expansion of attack surfaces in the near future, they also list digital supply
Read more....
Google Rolling Out Passkey Passwordless Login Support to Android and Chrome
Google on Wednesday officially rolled out support for passkeys, the next-generation authentication standard, to both Android and Chrome. "Passkeys are a significantly safer replacement for passwords and other phishable authentication factors," the tech giant said. "They cannot be reused, don't leak in server breaches, and protect users from phishing attacks." The feature was first
Read more....
Hackers Using Vishing to Trick Victims into Installing Android Banking Malware
Malicious actors are resorting to voice phishing (vishing) tactics to dupe victims into installing Android malware on their devices, new research from ThreatFabric reveals. The Dutch mobile security company said it identified a network of phishing websites targeting Italian online-banking users that are designed to get hold of their contact details. Telephone-oriented attack delivery (TOAD), as
Read more....
Aruba fixes critical RCE and auth bypass flaws in EdgeConnect
Aruba has released security updates for the EdgeConnect Enterprise Orchestrator, addressing multiple critical severity vulnerabilities that enable remote attackers to compromise the host. [...]
Read more....
Microsoft Defender adds command and control traffic detection
Microsoft has added command-and-control (C2) traffic detection capabilities to its Microsoft Defender for Endpoint (MDE) enterprise endpoint security platform. [...]
Read more....
Mystery iPhone update patches against iOS 16 mail crash-attack
The problem with crashy messaging apps is that *other people* get to choose if and when to send you messages...
Read more....
Move over Patch Tuesday – it’s Ada Lovelace Day!
Hacking on actual computers is one thing, but hacking purposefully on imaginary computers is, these days, something we can only imagine.
Read more....
Patch Tuesday in brief – one 0-day fixed, but no patches for Exchange!
There's a zero-day patch, but it's not for the zero-day you thought.
Read more....
Signal will remove support for SMS text messages on Android
Signal says it will start to phase out SMS and MMS message support from its Android app to streamline the user experience and prioritize security and privacy. [...]
Read more....