Collaborate Disseminate
BSidesLjubljana 0x7E7, a non-profit conference organized by the information security community, will take place on June 16, 2023, at the C111 Computer Museum. The deadline for the call for papers (CFP), initially set for April 30, has been extended for… Continue reading BSidesLjubljana 0x7E7 CFP is still open!
Users can now create passkeys for their Google account, the company has announced on Wednesday. Passkeys will enable users to sign in to their Google account on all major platforms and browsers with their fingerprint, face recognition, or a local PIN. … Continue reading You can now use passkeys to login into your Google account
T-Mobile has revealed a second data breach that occurred in 2023, which reportedly exposed customer data and account PINs, leaving many T-Mobile users vulnerable to potential fraud and identity theft. What happened? The attack started on February 24 an… Continue reading T-Mobile suffers second data breach this year
There has been a noted increase in malvertising via Google Ads this year, aimed at tricking users into downloading malware; among these malicious payloads is LOBSHOT, an infostealer that can also establish and keep long-term remote control of target co… Continue reading Infostealer with hVNC capability pushed via Google Ads
Researchers are warning about an infostealer mimicking a ChatGPT Windows desktop client that’s capable of copying saved credentials from the Google Chrome login data folder. ChatGPT has not released an official desktop client, but this bogus vers… Continue reading Fake ChatGPT desktop client steals Chrome login data
GitHub has announced that its private vulnerability reporting feature for open source repositories is now available to all project owners. General availability The private vulnerability reporting feature provides a direct collaboration channel that all… Continue reading GitHub introduces private vulnerability reporting for open source repositories
Google has updated Google Authenticator, its mobile authenticator app for delivering time-based one-time authentication codes, and now allows users to sync (effectively: back up) their codes to their Google account. A long-awaited option Before this up… Continue reading Google Authenticator updated, finally allows syncing of 2FA codes
VMware has fixed one critical (CVE-2023-20869) and three important flaws (CVE-2023-20870, CVE-2023-20871, CVE-2023-20872) in its VMware Workstation and Fusion virtual user session software. The former allows users to run multiple x86-based operating sy… Continue reading VMware fixes critical flaws in virtualization software (CVE-2023-20869, CVE-2023-20870)
Google has made available a new tool for Google Workspace admins and security teams to make an assessment of the risk different Chrome extensions may present to their users: Spin.AI App Risk Assessment. The tool is available through the Chrome Browser … Continue reading Google adds new risk assessment tool for Chrome extensions
VMware has fixed two vulnerabilities (CVE-2023-20864, CVE-2023-20865) in VMware Aria Operations for Logs (formerly vRealize Log Insight), a widely used cloud solution for log analysis and management. About the vulnerabilities (CVE-2023-20864, CVE-2023-… Continue reading VMware plugs security holes in VMware Aria Operations for Logs (CVE-2023-20864, CVE-2023-20865)