software
MITRE shares 2024’s top 25 most dangerous software weaknesses
MITRE has shared this year’s top 25 list of the most common and dangerous software weaknesses behind more than 31,000 vulnerabilities disclosed between June 2023 and June 2024. Software weaknesses refer to flaws, bugs, vulnerabilities, and errors found in software’s code, architecture, implementation, or design. Attackers can exploit them to breach systems where the vulnerable […]
Brave on iOS adds new “Shred” button to wipe site-specific data
Brave Browser 1.71 for iOS introduces a new privacy-focused feature called “Shred,” which allows users to easily delete site-specific mobile browsing data. Many sites use first-party cookies for paywall systems and usage limits, which technically enables user tracking across sessions and makes this data susceptible to sharing with third parties. Brave’s new Shred feature works […]
Signal introduces convenient “call links” for private group chats
The Signal messenger application has announced a set of new features aimed at making private group chats more convenient and easier for people to join. The highlight feature announced is “call links,” which allow users to create and share links with other Signal users without needing to create a group chat. The links can be […]
WhatsApp now encrypts contact databases for privacy-preserving synching
The WhatsApp messenger platform has introduced Identity Proof Linked Storage (IPLS), a new privacy-preserving encrypted storage system designed for contact management. The new system solves two long-standing problems WhatsApp users have been dealing with for years, namely the risk of losing their contact lists if they lose their phone and the inability to sync contacts between different […]
Crypto-stealing malware campaign infects 28,000 people
Over 28,000 people from Russia, Turkey, Ukraine, and other countries in the Eurasian region were impacted by a large-scale cryptocurrency-stealing malware campaign. The malware campaign disguises itself as legitimate software promoted via YouTube videos and fraudulent GitHub repositories where victims download password-protected archives that initiate the infection. According to cybersecurity firm Dr. Web, the campaign […]
New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks
An automated scanner has been released to help security professionals scan environments for devices vulnerable to the Common Unix Printing System (CUPS) RCE flaw tracked as CVE-2024-47176. The flaw, which enables attackers to perform arbitrary remote code execution if certain conditions are met, was disclosed late last month by the person who discovered it, Simone Margaritelli. Although […]
Winamp releases source code, asks for help modernizing the player
The iconic Winamp media player has fulfilled a promise made in May and released its complete source code on GitHub, inviting developers to collaborate on the project. Winamp is a media player launched in 1997 by Nullsoft, which gained massive popularity in the following years, coinciding with the rise of MP3s music files. The player featured a […]
Discord rolls out end-to-end encryption for audio, video calls
Discord has introduced the DAVE protocol, a custom end-to-end encryption (E2EE) protocol designed to protect audio and video calls on the platform from unauthorized interceptions. DAVE was created with the help of cybersecurity experts at Trail of Bits, that also audited the E2EE system’s code and implementation. The new system will cover one-on-one audio and video calls […]
CISA urges software devs to weed out XSS vulnerabilities
CISA and the FBI urged technology manufacturing companies to review their software and ensure that future releases are free of cross-site scripting vulnerabilities before shipping. The two federal agencies said that XSS vulnerabilities still plague software released today, creating further exploitation opportunities for threat actors even though they’re preventable and should not be present in […]
Notion exits Russia and will terminate accounts in September
Notion has announced it will exit the Russian market and is terminating all workspaces and accounts identified linked to users in the country. In an announcement on its website, Notion says the decision was taken due to U.S.-government imposed restrictions on software service providers, making it practically impossible to continue operating in Russia. “The U.S. […]