Beware Of A Notepad++ Clone Or Not?
The makes of Notepad++ are sending out a warning today to avoid what they call a parasite website, which looks very similar to theirs. The new site, notepad.plus carries branding similar to…
Read More
Tag: Security
Some Relief For Linux Admins Living In Terror Of The XZ Backdoor
Thanks to a curious and technically skilled engineer by the name of Andres Freud, Linux admins are living in a bit of a nightmare world. He discovered a backdoor in the XZ…
Read More
AI Assistants, Apart From Google Gemini, Are Spilling Your Secrets
AI assistants have been in the news lately, and not in a way that the designers hoped. If the Morris 2 self replicating AI worm wasn't enough to make you question…
Read More
Meet The First Generative AI Worm
A group of researchers at Cornell Tech have created the first generative AI worm, dubbed Morris II, which can steal information from AI email assistants as well as convincing them to start…
Read More
Ubiquiti EdgeRouters Hacks May Be Ubiquitous
The FBI sought after and received court approval to silently push out an update to Ubiquiti SOHO routers last week, which you may or may not be aware of. They added firewall…
Read More
Capturing The Pitter-pat Of Fingerprints On Touchscreens
Internet headlines are a never ending source of amusement, with the latest scare about capturing your fingerprints being no exception. While many of the stories would have you believe that attackers can…
Read More
BitLocker Gets Pi All Over It’s Face As A Pico Cracks The Encryption Key
As far a security nightmares go, being able to crack BitLocker encryption with a Raspberry Pi Pico in less than a minute is pretty high up there. Thankfully there are some caveats…
Read More
Of Fortinet, The Evil Toothbrush Botnet And Duplicate CVEs
You have probably heard tell of the three million toothbrush botnet by now, as the headline is too ridiculous to easily forget. There's just one small problem, the attack described...
Read More
Mozilla Monitor Plus, Protecting US Users From Data Breaches … For A Price
Your first question might be why these data brokers, who sell people's personal information gathered via breaches and users being a little too generous with their personal information when signing up for…
Read More
Sorry Linux Users, glibc 2.37 And 2.36 Have A Serious Vulnerability
Hey Linux admins, time to update your GNU C Library to 2.38 as glibc 2.37 and glibc 2.36 have a rather nasty vulnerability. There is a difficult but not impossible to exploit…
Read More
PixieFail, The Brand New UEFI Infection To Worry About
PixieFail is a set of new UEFI vulnerabilities which affects devices running ARM, Insyde, AMI, Phoenix Technologies, or Microsoft's implementation of PXE, otherwise known as netboot. The UEFI need to...
Read More
Network Connected Wrenches Are A Thing, And Of Course They’re Insecure
On first read you might be shaking your head at the thought of picking up a wrench which has network connectivity seems ridiculous, but the Bosch Nutrunner wrenches in question are used…
Read More
The Terror That Is Terrapin To Ruin Your New Year
In the distant past of December 2023 we learned about Terrapin, an SSH vulnerability which tore holes in what was one of our last secure communications protocols. Now that everyone has returned…
Read More
Oh Great, A Terrapin Broke SSH
Terrapin is the name given to a new exploit, one which can break the security of SSH network traffic in certain conditions. The first condition is that an attacker must already have…
Read More
AutoSpill, A Lot Of News For A Small Problem
There has been a fair amount of coverage of AutoSpill on Android devices, after all a bug which affects the major password managers including Google Smart Lock, Dashlane, 1Password, LastPass,...
Read More
Microcode Patches Incoming For Intel And AMD
Today reveals another set of security concerns about the microcode on certain AMD and Intel CPUs. The flaws are not easy to leverage but theoretically could be used, and so patching is…
Read More
1000’s Of Lazy Admins Helping To Feed Citrix Bleed
Yes, there is always that user or app that works on critical applications that has no clue what their password is because they depend on persistent Citrix sessions. Sure, they can kick…
Read More
Cisco Starts Rolling Out IOS XE Patches
Yesterday Cisco made a patch available to customers which should resolve both of the vulnerabilities which were revealed last week. The number of infected edge devices is still unclear, with Cisco suggesting…
Read More
