84Articles
8Categories
2024-07-26Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 4[−]
26 JulCritical Flaw in Telerik Report Server Poses Remote Code Execution RiskProgress Software is urging users to update their Telerik Report Server instances following the discovery of a critical security flaw that could result in remote code execution. The vulnerability, tracked as CVE-2024-6327 (CVSS score: 9.9), impacts Report Server version 2024 Q2 (…THEHACKERNEWS.COM
26 JulProgress Software Fixed Critical Flaw in Telerik Report ServerThe vulnerability, tracked as CVE-2024-6327, allows attackers to execute code on unpatched servers through deserialization of untrusted data. The issue affects Report Server 2024 Q2 (10.1.24.514) and earlier versions.SECURITYAFFAIRS.COM
26 JulNational Vulnerability Backlog Could Surge to 30,000 by 2025New Analysis Reveals Growing Crisis for the National Vulnerability Database A growing backlog at the National Institute of Standards and Technology National Vulnerability Database could surge to above 30,000 unanalyzed security flaws by the end of the year if the agency fails to …DATABREACHTODAY.CO.UK
26 JulSecure Boot no more? Leaked key, faulty practices put 900 PC/server models in jeopardySecurity researchers warn that some PC and server manufacturers are using insecure cryptographic keys as the root of trust for Secure Boot, an important security feature in modern computers that prevents malware from injecting itself early into the boot process. One of those keys…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 15[−]
26 JulDNSSEC explained: Why you might want to implement it on your domainWhat is DNSSEC? The Domain Name System Security Extensions (DNSSEC) is a set of specifications that extend the Domain Name System (DNS) protocol by adding cryptographic authentication for responses received from authoritative DNS servers. Its goal is to defend against attack tech…CSOONLINE.COM
26 JulMimecast Acquires Veteran Data Security Firm Code42Mimecast has acquired veteran data security firm Code42, adding 175 employees to its team. Code42, founded in 2001, focuses on expanding its data protection platform, Incydr, with recent enhancements for source code exfiltration detection.CRN.COM
26 JulTransatlantic Cable podcast episode 357 | Kaspersky official blogEpisode 357 has Telegram zero-day vulnerability, more CrowdStrike woes, Disney hacktivism and Elon’s Humanoid robots are coming for us all.KASPERSKY.COM
26 JulPKfail Vulnerability Allows Secure Boot Bypass on Hundreds of Computer ModelsA vulnerability dubbed PKfail can allow attackers to run malicious code during the boot process, which can be used to deliver UEFI bootkits. The post PKfail Vulnerability Allows Secure Boot Bypass on Hundreds of Computer Models appeared first on SecurityWeek .SECURITYWEEK.COM
26 JulWhat CISOs can do to bridge their cyber talent gapEmpirical evidence shows that global cyber threats have increased twofold in the past few years. The IMF study, “ Rising Cyber Threats Pose Serious Concerns for Financial Stability ” (the title itself is ominous), outlined $12 billion dollars of losses from 20,000 malicious cyber…CSOONLINE.COM
26 Jul KEVCritical ServiceNow RCE Flaws Actively Exploited to Steal CredentialsServiceNow RCE vulnerabilities are being actively exploited to steal credentials. Threat actors are using publicly available exploits to target government agencies and private firms for data theft.BLEEPINGCOMPUTER.COM
26 JulThreat Actors Exploit Fresh ServiceNow Vulnerabilities in AttacksThreat actors have started exploiting critical-severity vulnerabilities in ServiceNow shortly after public disclosure. The post Threat Actors Exploit Fresh ServiceNow Vulnerabilities in Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
26 JulPhishing Campaigns Continue To Exploit CrowdStrike OutageAs expected, threat actors are taking advantage of the global IT outage caused by a faulty CrowdStrike update last Friday, SC Media reports.KNOWBE4.COM
26 JulSeleniumGreed Cryptomining Campaign Exploiting Publicly Exposed Grid ServicesResearchers at Wiz have identified an ongoing campaign targeting exposed Selenium Grid services for illicit cryptocurrency mining. The campaign, known as SeleniumGreed, is exploiting older versions of Selenium to run a modified XMRig miner.WIZ.IO
26 JulProgress Patches Critical Telerik Report Server VulnerabilityProgress Software calls attention to a critical remote code execution flaw in the Telerik Report Server product. The post Progress Patches Critical Telerik Report Server Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
26 JulNew Phishing Scam Leverages Chat To Add Credibility And Ensure SuccessA new phishing scam is leveraging trusted aspects of ecommerce to make their scams look legitimate.KNOWBE4.COM
26 JulIs This The Most Secure Messaging App?submitted by positive_intentions to cybersecurity 3 points | 1 comments https://github.com/positive-intentions/chat probably not… but id like to share some details about how my app works so you can tell me what im missing. id like to have wording in my app to say something like “…SH.ITJUST.WORKS
26 JulCounting the cost of CrowdStrike: the bug that bit billionsAs eye-popping estimates emerge for the cost to enterprises of dealing with aftermath of last week’s CrowdStrike-induced outages, it’s crucial to break down the sources of these expenses and understand how much of the financial burden will be absorbed by cyber insurance. Parametr…CIO.COM
26 JulCrypto exchange Gemini discloses third-party data breachCryptocurrency exchange Gemini is warning it suffered a data breach incident caused by a cyberattack at its Automated Clearing House (ACH) service provider, whose name was not disclosed. [...]BLEEPINGCOMPUTER.COM
26 JulTelegram for Android hit by a zero-day exploit – Week in security with Tony AnscombeAttackers abusing the "EvilVideo" vulnerability could share malicious Android payloads via Telegram channels, groups, and chats, all while making them appear as legitimate multimedia filesWELIVESECURITY.COM
📋 SECURITY BULLETINS 3[−]
26 JulA safe process for updating cybersecurity products | Kaspersky official blogHow Kaspersky has organized the software update process for its cybersecurity solutionsKASPERSKY.COM
26 JulJuly Windows Server updates break Remote Desktop connectionsMicrosoft has confirmed that July's security updates break remote desktop connections in organizations where Windows servers are configured to use the legacy RPC over HTTP protocol in the Remote Desktop Gateway. [...]BLEEPINGCOMPUTER.COM
26 JulShane Buckley on How Gigamon Responded to CrowdStrike OutageObservability and Defense-in-Depth Strategies in Focus After Faulty Software Update Shane Buckley, CEO of Gigamon, discusses the recent CrowdStrike outage, plus insights on how Gigamon managed to restore critical systems rapidly. He highlights the importance of observability and …DATABREACHTODAY.CO.UK
📢 SECURITY ADVISORIES 2[−]
26 JulApple Commits to US Initiative for Trustworthy AIWhite House Touts Agency Achievements for Development and Safe Use of Technology Apple is the latest tech giant to sign onto a list of voluntary commitments for artificial intelligence development pushed by the Biden administration. The White House has a strategy of extracting pr…DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 19[−]
26 JulOngoing Cyberattack Targets Exposed Selenium Grid Services for Crypto MiningCybersecurity researchers are sounding the alarm over an ongoing campaign that's leveraging internet-exposed Selenium Grid services for illicit cryptocurrency mining. Cloud security Wiz is tracking the activity under the name SeleniumGreed. The campaign, which is targeting older …THEHACKERNEWS.COM
26 JulPlay & LockBit Ransomware Join Hands to Launch Cyber AttacksPlay Ransomware and LockBit Ransomware have reportedly allied to enhance their capabilities in launching cyber attacks. This collaboration, which involves a significant financial transaction and training exchange, has raised alarms among cybersecurity experts and organizations wo…GBHACKERS.COM
26 JulNorth Korean state hacker infiltrates US security firm; Cybersecurity Today for Friday, July 26, 2024North Korean State Actor Infiltrates US Security Firm | Cybersecurity Today In this episode of Cybersecurity Today, host Jim Love covers two major incidents. The first is an American firm, KnowBe4, inadvertently hiring a North Korean state actor posing as a software engineer, lea…CYBERSECURITYTODAY.LIBSYN.COM
26 JulU.S. DoJ Indicts North Korean Hacker for Ransomware Attacks on HospitalsThe U.S. Department of Justice (DoJ) on Thursday unsealed an indictment against a North Korean military intelligence operative for allegedly carrying out ransomware attacks against healthcare facilities in the country and funneling the payments to orchestrate additional intrusion…THEHACKERNEWS.COM
26 JulSocGholish: Fake Update Puts Visitors at RiskThe recent developments in SocGholish infection tactics target WordPress-based websites. The attack sequence involves initial access through compromised websites with vulnerable WordPress plugins.GDATASOFTWARE.COM
26 JulNorth Korean Hackers Targeted KnowBe4 with Fake IT WorkerKnowBe4, a cybersecurity training company, was tricked into hiring a fake IT worker from North Korea, highlighting the threat of insider activities. Despite this, no data breach occurred.INFOSECURITY-MAGAZINE.COM
26 JulNorth Korean hacker used hospital ransomware attacks to fund espionagesubmitted by kid to cybersecurity 1 points | 0 comments https://cyberscoop.com/north-korea-hacking-indictment-fbi-apt-45/CYBERSCOOP.COM
26 JulUS Indicts Alleged North Korean State Hacker for Ransomware Attacks on HospitalsThe US has indicted a North Korean state hacker for ransomware attacks on hospitals and healthcare companies. The hacker, Rim Jong Hyok, is a member of the Andariel Unit within North Korea's intelligence agency.THERECORD.MEDIA
26 JulRussian Super-Threat Group Fin7 Comes Back from the DeadDeclared “dead” by the U.S. Attorney’s Office in 2023, the Russian cyber crime group Fin7 is impersonating some of the top global brands.KNOWBE4.COM
26 JulSecure Boot is completely broken on 200+ models from 5 big device makerssubmitted by mac to security 1 points | 0 comments https://arstechnica.com/security/2024/07/secure-boot-is-completely-compromised-on-200-models-from-5-big-device-makers/ARSTECHNICA.COM
26 JulRansomware and BEC Make Up 60% of Cyber IncidentsAccording to Cisco Talos, ransomware and BEC attacks made up 60% of all incidents in Q2 2024, with technology being the most targeted sector at 24%. Other highly targeted sectors included retail, healthcare, pharmaceuticals, and education.INFOSECURITY-MAGAZINE.COM
26 JulRussian ransomware gangs account for 69% of all ransom proceedsRussian-speaking threat actors accounted for at least 69% of all crypto proceeds linked to ransomware throughout the previous year, exceeding $500,000,000. [...]BLEEPINGCOMPUTER.COM
26 JulHow Cyber Insurance Coverage is EvolvingWhile purchasing cyber insurance won't completely prevent data breaches, it does improve the cyber posture as it requires strict underwriting processes. However, only a quarter of companies currently have standalone cyber insurance policies.CYBERSECURITYDIVE.COM
26 JulSoftware Maker MCG Health Settles Data Breach Suit for $8.8MMCG Health has agreed to a settlement of $8.8 million for a data breach lawsuit following a hacking incident in 2020. The lawsuit alleges that it took MCG Health two years to discover and report the data theft affecting around 1.1 million people.BANKINFOSECURITY.COM
26 JulNew Ransomware Targets VMware ESXi Virtual MachinesIn this clip from Security Weekly News, Doug White discusses the latest threat from Play ransomware, which now deploys a dedicated Linux locker targeting VMware ESXi virtual machines. Discover how this new variant evades detection and the potential impact on organizations. Don't …YOUTUBE.COM
26 JulCompromising the Secure Boot ProcessThis isn’t good : On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than 200 device models sold by Acer, Dell, Gigabyte, Intel, and Supermicro. The cause: a cryptographic key underpinning Secure Boot on those mod…SCHNEIER.COM
26 JulThe Most Urgent Security Risks for GenAI Users are all Data-RelatedGenAI users face significant security risks related to data, with regulated data making up a large share of sensitive information shared with GenAI applications, posing a threat of costly data breaches.HELPNETSECURITY.COM
26 JulFBCS data breach impact now reaches 4.2 million peopleDebt collection agency Financial Business and Consumer Solutions (FBCS) has again increased the number of people impacted by a February data breach, now saying it affects 4.2 million people in the US. [...]BLEEPINGCOMPUTER.COM
26 JulAscension Files Placeholder Breach Report for May HackMeanwhile, Wait Continues for Change Healthcare's Breach Report in Massive Attack U.S. hospital chain Ascension has filed a placeholder breach report to federal regulators saying its May 8 ransomware attack affected at least 500 individuals. Meanwhile, the waiting game continues …DATABREACHTODAY.CO.UK
🕵️ THREAT INTELLIGENCE 21[−]
26 JulISC Stormcast For Friday, July 26th, 2024 https://isc.sans.edu/podcastdetail/9070, (Fri, Jul 26th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
26 JulCrowdStrike Warns of New Phishing Scam Targeting German CustomersCrowdStrike is alerting about an unfamiliar threat actor attempting to capitalize on the Falcon Sensor update fiasco to distribute dubious installers targeting German customers as part of a highly targeted campaign. The cybersecurity company said it identified what it described a…THEHACKERNEWS.COM
26 Jul97% of Devices Disrupted by CrowdStrike Restored as Insurer Estimates Billions in LossesCrowdStrike says 97% of Windows systems impacted by its bad update are back online, just as an insurer predicts billions in losses for major companies. The post 97% of Devices Disrupted by CrowdStrike Restored as Insurer Estimates Billions in Losses appeared first on SecurityWeek…SECURITYWEEK.COM
26 JulOpenAI Launches SearchGPT PrototypeSan Francisco, CA – OpenAI has announced the launch of SearchGPT, a groundbreaking prototype designed to revolutionize how users search for information online. This innovative tool combines the advanced capabilities of OpenAI’s AI models with real-time web data to provide u…GBHACKERS.COM
26 JulIn Other News: FBI Cyber Action Team, Pentagon IT Firm Leak, Nigerian Gets 12 Years in PrisonNoteworthy stories that might have slipped under the radar: FBI article on agency’s Cyber Action Team, data of Pentagon IT provider Leidos leaked, Nigerian cybercriminal sentenced to 12 years in prison. The post In Other News: FBI Cyber Action Team, Pentagon IT Firm Leak, Nigeria…SECURITYWEEK.COM
26 JulUS Offers $10 Million Reward for Information on North Korean HackerThe US is offering a reward of up to $10 million for information on Rim Jong Hyok, a member of the North Korean hacking group APT45. The post US Offers $10 Million Reward for Information on North Korean Hacker appeared first on SecurityWeek .SECURITYWEEK.COM
26 JulYour KnowBe4 Fresh Content Updates from July 2024Check out the 26 new pieces of training content added in July, alongside the always fresh content update highlights, events and new features.KNOWBE4.COM
26 JulOff-Topic Fridaysubmitted by shellsharks to cybersecurity 2 points | 0 comments Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)INFOSEC.PUB
26 JulMalicious Inauthentic CrowdStrike Falcon Crash Reporter Installer Distributed to German EntityAn unidentified threat actor is taking advantage of the recent Falcon Sensor update issues to distribute fake installers via a fraudulent website impersonating a German entity.CROWDSTRIKE.COM
26 JulIAM for MSPs Provider Evo Security Raises $6 MillionTechOperators leads a $6 million Series A funding round for Evo Security, a provider of IAM solutions for MSPs. The post IAM for MSPs Provider Evo Security Raises $6 Million appeared first on SecurityWeek .SECURITYWEEK.COM
26 JulCrowdStrike Outage: 97% of Disrupted Endpoints Restored250,000 of the 8.5 Million Affected Windows Hosts Still Need to Be Recovered CrowdStrike said nearly all of the Windows hosts disrupted by its faulty July 19 update are now fixed. The company said the flaw involved a relatively new threat detection feature that uses configuration…DATABREACHTODAY.CO.UK
26 JulBelarus-linked hackers target Ukrainian orgs with PicassoLoader malwaresubmitted by kid to cybersecurity 2 points | 0 comments https://therecord.media/belarus-ukraine-picasso-malware-ghostwriterTHERECORD.MEDIA
26 JulAI Ruining the Internet, Crowdstrike Post Mortem, Wiz Walks - ESW #369This week, on Enterprise Security Weekly, we've got: 1. Identity Security gets more funding 2. Wiz walks away 3. BlackHat Announces Startup Spotlight Finalists 4. Crowdstrike post mortem 5. Simple Security Tricks are the Best Security Tricks 6. Splitting the CISO role 7. Web scra…YOUTUBE.COM
26 JulCan the latest wave of AI innovation deliver for security operations teams? - ESW #369Edward Wu thinks so! Understandably so, as his startup, Dropzone.ai is making a big bet on generative AI to change the face (and pace) of security operations. We'll talk about what has changed here, and I have *so* many questions: - after many generations of AI/ML technology in s…YOUTUBE.COM
26 JulGenerative AI (as used by defenders AND attackers) will Drive SOC Evolution - Greg Notch - ESW #369The emergence of generative AI has caused us to rethink things on two fronts: 1. how we consume threat detection data, as defenders 2. how we need to shift our thinking and approaches to prepare for attackers' newfound GenAI capabilities But wait - is GenAI even useful for defend…YOUTUBE.COM
26 JulTwitter, the DOJ, DarkSeoul, Fake Employees, PlugX, Stargazer Ghost, Aaran Leyland... - SWN #401Twitter Opt-In, the DOJ, DarkSeoul, Fake Employees, PlugX, Stargazer Ghost, Aaran Leyland, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-401YOUTUBE.COM
26 JulISMG Editors: The CrowdStrike Outage - One Week LaterThe Recovery Progress, Impact on Commercial and Public Sectors, and Lessons Learned In the latest weekly update, ISMG editors discussed the massive CrowdStrike IT outage that crashed 8.5 million Windows systems and severely affected the healthcare, finance and transportation sect…DATABREACHTODAY.CO.UK
26 JulTackling Fraud in AI Deepfakes With Layered ControlsAnthony Hope of NAB on the Latest Approaches to Handling AML and Financial Crimes Banks need to make changes to fraud programs to tackle mule accounts in the age of AI. Organizations need to move away from having one control to handle all suspicious accounts, said Anthony Hope, g…DATABREACHTODAY.CO.UK
26 JulFriday Squid Blogging: Sunscreen from Squid PigmentsThey’re better for the environment. Blog moderation policy.SCHNEIER.COM
26 JulFrench Government Investigates Suspected Chinese EspionageNational Police Probe Botnet Campaign That Infected 3,000 Machines The French government has launched an investigation into a suspected Chinese espionage campaign that infected thousands of networks in France. The botnet campaign pushed out the PlugX remote access Trojan that has…DATABREACHTODAY.CO.UK
26 JulPKfail Is a Newly Discovered Pathway for Firmware MalwareUEFI Developer Leaked a Secure Boot Asymmetric Key Hundreds of laptop and server models from mainstream manufacturers are at risk of hacking that bypasses protections meant to ensure only trusted software can load during computer bootup, warn researchers from California supply ch…DATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 6[−]
26 JulEmail Gateway Security Gaps Enable New Malware TacticsEmail security gaps in gateway defenses have allowed phishing hackers to sneak malware past static scanning functions. Hackers hid malicious attachments by using a decoy file extension in a compressed archive.HEALTHCAREINFOSECURITY.COM
26 JulPatchwork Group Found Using Brute Ratel C4 and an Enhanced Version of PGoShell BackdoorPatchwork hackers targeted Bhutan using the advanced Brute Ratel C4 tool, along with an updated backdoor called PGoShell. This marks the first time Patchwork has been observed using the red teaming software.MEDIUM.COM
26 JulGoogle Chrome Now Asks for Passwords To Scan Protected ArchivesThe new warning messages help users understand the danger posed by each downloaded file from the Internet. Google has implemented a two-tier download warning system using AI-powered malware verdicts from its Safe Browsing service.BLEEPINGCOMPUTER.COM
26 JulThis AI-Powered Cybercrime Service Bundles Phishing Kits with Malicious Android AppsA Spanish-speaking cybercrime group named GXC Team has been observed bundling phishing kits with malicious Android applications, taking malware-as-a-service (MaaS) offerings to the next level. Singaporean cybersecurity company Group-IB, which has been tracking the e-crime actor s…THEHACKERNEWS.COM
26 JulBelarus-linked Hackers Target Ukrainian Organizations with PicassoLoader MalwareGhostWriter, also known as UAC-0057, used PicassoLoader and Cobalt Strike Beacon to infect victims, including local government offices and groups associated with USAID’s Hoverla project.THERECORD.MEDIA
26 JulChainguard Raises $140M to Drive AI Support, Global GrowthChainguard, a supply chain security startup, recently raised $140 million in a Series C funding round led by Redpoint Ventures, Lightspeed Venture Partners, and JVP. It aims to expand globally and strengthen its presence in the U.S. public sector.BANKINFOSECURITY.COM
📡 INFOSEC NEWS 14[−]
26 JulCrowdStrike Disruption Direct Losses to Reach $5.4B for Fortune 500, Study FindsA recent study by Parametrix has found that the global IT outage linked to CrowdStrike will result in at least $5.4 billion in direct financial losses for Fortune 500 companies, excluding Microsoft.CYBERSECURITYDIVE.COM
26 JulOffensive AI: The Sine Qua Non of Cybersecurity"Peace is the virtue of civilization. War is its crime. Yet it is often in the furnace of war that the sharpest tools of peace are forged." - Victor Hugo. In 1971, an unsettling message started appearing on several computers that comprised ARPANET, the precursor to what we now kn…THEHACKERNEWS.COM
26 JulZeroTier raises $13.5M to help avert CrowdStrike-like network problemsWith the CrowdStrike update continuing to cause havoc across the planet, a startup has raised $13.5 million to at least improve some level of security for the kinds of devices that have been affected. California-based ZeroTier raised the Series A in a funding round led by Battery…TECHCRUNCH.COM
26 JulThread Name-Calling: Using Thread Name for OffenseProcess Injection is a vital technique used by attackers to evade detection and escalate privileges. Thread Name-Calling has emerged as a new injection technique that abuses Windows APIs for thread descriptions to bypass endpoint protection products.RESEARCH.CHECKPOINT.COM
26 JulSenator: Top Banks Only Reimburse 38% of Unauthorized ClaimsUS Senator Richard Blumenthal revealed that Bank of America, JPMorgan Chase, and Wells Fargo only reimbursed 38% of customers for unauthorized payments, resulting in $100 million in fraud losses.BANKINFOSECURITY.COM
26 JulISC Releases Security Advisories for BIND 9The Internet Systems Consortium (ISC) has released patches to fix multiple security vulnerabilities in the BIND 9 DNS software suite that could lead to denial-of-service attacks.CISA.GOV
26 JulExelaStealer Delivered "From Russia With Love", (Fri, Jul 26th)Some simple PowerShell scripts might deliver nasty content if executed by the target. I found a very simple one (with a low VT score of 8/65): ISC.SANS.EDU
26 JulHow CISOs Enable ITDR Approach Through the Principle of Least PrivilegeLeast privilege begins by addressing dormant user accounts and then scrutinizing access privileges, using Context-based access control (CBAC), Attribute-based access control (ABAC), and Role-based access control (RBAC) to determine user access.HELPNETSECURITY.COM
26 JulDownload the unified endpoint management (UEM) platform enterprise buyer’s guideFrom the editors of our sister publication Computerworld, this enterprise buyer’s guide helps IT staff understand what the various unified endpoint management (UEM) platforms can do for their organizations and how to choose the right solution.US.RESOURCES.CSOONLINE.COM
26 JulAcronis warns of Cyber Infrastructure default password abused in attacks​Acronis warned customers to patch a critical Cyber Infrastructure security flaw that lets attackers bypass authentication on vulnerable servers using default credentials. [...]BLEEPINGCOMPUTER.COM
26 JulNational Defense University Cyber Professor Tapped as ONCD Deputy DirectorThe Office of the National Cyber Director (ONCD) announced Wednesday that former Navy SEAL and National Defense University cyberspace professor Harry Wingo has been selected as its deputy director.THERECORD.MEDIA
26 JulGoogle fixes Chrome Password Manager bug that hides credentialsGoogle has fixed a bug in Chrome's Password Manager that caused user credentials to disappear temporarily for more than 18 hours. [...]BLEEPINGCOMPUTER.COM
26 JulApple reports iCloud Private Relay global outages for some usersiCloud Private Relay has not been working for some Apple users across major markets, including the U.S., Europe, India and Japan. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
26 JulCrooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party ServicesGoogle says it recently fixed an authentication weakness that allowed crooks to circumvent email verification needed to create a Google Workspace account, and leverage that to impersonate a domain holder to third-party services that allow logins through Google's "Sign in with Goo…KREBSONSECURITY.COM