software
Over 3.1 million fake “stars” on GitHub projects used to boost rankings
GitHub has a problem with inauthentic “stars” used to artificially inflate the popularity of scam and malware distribution repositories, helping them reach more unsuspecting users. Stars are similar to “Like” buttons on social media sites, allowing GitHub users to favorite a repository. GitHub uses the stars as part of a global ranking system and to show you […]
Volkswagen’s software company exposes data of 800,000 electric cars
Volkswagen’s automotive software company, Cariad, exposed data collected from around 800,000 electric cars. The info could be linked to drivers’ names and reveal precise vehicle locations. Terabytes of Volkswagen customer details in Amazon cloud storage remained unprotected for months, allowing anyone with little technical knowledge to track drivers’ movement or gather personal information. The exposed […]
MITRE shares 2024’s top 25 most dangerous software weaknesses
MITRE has shared this year’s top 25 list of the most common and dangerous software weaknesses behind more than 31,000 vulnerabilities disclosed between June 2023 and June 2024. Software weaknesses refer to flaws, bugs, vulnerabilities, and errors found in software’s code, architecture, implementation, or design. Attackers can exploit them to breach systems where the vulnerable […]
Brave on iOS adds new “Shred” button to wipe site-specific data
Brave Browser 1.71 for iOS introduces a new privacy-focused feature called “Shred,” which allows users to easily delete site-specific mobile browsing data. Many sites use first-party cookies for paywall systems and usage limits, which technically enables user tracking across sessions and makes this data susceptible to sharing with third parties. Brave’s new Shred feature works […]
Signal introduces convenient “call links” for private group chats
The Signal messenger application has announced a set of new features aimed at making private group chats more convenient and easier for people to join. The highlight feature announced is “call links,” which allow users to create and share links with other Signal users without needing to create a group chat. The links can be […]
WhatsApp now encrypts contact databases for privacy-preserving synching
The WhatsApp messenger platform has introduced Identity Proof Linked Storage (IPLS), a new privacy-preserving encrypted storage system designed for contact management. The new system solves two long-standing problems WhatsApp users have been dealing with for years, namely the risk of losing their contact lists if they lose their phone and the inability to sync contacts between different […]
Crypto-stealing malware campaign infects 28,000 people
Over 28,000 people from Russia, Turkey, Ukraine, and other countries in the Eurasian region were impacted by a large-scale cryptocurrency-stealing malware campaign. The malware campaign disguises itself as legitimate software promoted via YouTube videos and fraudulent GitHub repositories where victims download password-protected archives that initiate the infection. According to cybersecurity firm Dr. Web, the campaign […]
New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks
An automated scanner has been released to help security professionals scan environments for devices vulnerable to the Common Unix Printing System (CUPS) RCE flaw tracked as CVE-2024-47176. The flaw, which enables attackers to perform arbitrary remote code execution if certain conditions are met, was disclosed late last month by the person who discovered it, Simone Margaritelli. Although […]
Winamp releases source code, asks for help modernizing the player
The iconic Winamp media player has fulfilled a promise made in May and released its complete source code on GitHub, inviting developers to collaborate on the project. Winamp is a media player launched in 1997 by Nullsoft, which gained massive popularity in the following years, coinciding with the rise of MP3s music files. The player featured a […]
Discord rolls out end-to-end encryption for audio, video calls
Discord has introduced the DAVE protocol, a custom end-to-end encryption (E2EE) protocol designed to protect audio and video calls on the platform from unauthorized interceptions. DAVE was created with the help of cybersecurity experts at Trail of Bits, that also audited the E2EE system’s code and implementation. The new system will cover one-on-one audio and video calls […]