This Week in Security – WindowsTechs.com

This Week in Security: ClamAV, The AMD Leak, and The Unencrypted Power Grid

Posted on January 24, 2025 by Jonathan Bennett

Cisco’s ClamAV has a heap-based buffer overflow in its OLE2 file scanning. That’s a big deal, because ClamAV is used to scan file attachments on incoming emails. All it takes …read more Continue reading This Week in Security: ClamAV, The AMD Leak, and The Unencrypted Power Grid→

This Week in Security: Rsync, SSO, and Pentesting Mushrooms

Posted on January 17, 2025 by Jonathan Bennett

Up first, go check your machines for the rsync version, and your servers for an exposed rsync instance. While there are some security fixes for clients in release 3.4.0, the …read more Continue reading This Week in Security: Rsync, SSO, and Pentesting Mushrooms→

This Week in Security: Backdoored Backdoors, Leaking Cameras, and The Safety Label

Posted on January 10, 2025 by Jonathan Bennett

The mad lads at watchTowr are back with their unique blend of zany humor and impressive security research. And this time, it’s the curious case of backdoors within popular backdoors, …read more Continue reading This Week in Security: Backdoored Backdoors, Leaking Cameras, and The Safety Label→

This Week in Security: IOCONTROL, (Location) Leaking Cars, and Passkeys

Posted on January 3, 2025 by Jonathan Bennett

Claroty’s TEAM82 has a report on a new malware strain, what they’re calling IOCONTROL. It’s a Linux malware strain aimed squarely at embedded devices. One of the first targets of …read more Continue reading This Week in Security: IOCONTROL, (Location) Leaking Cars, and Passkeys→

This Week in Security: License Plates, TP-Link, and Attacking Devs

Posted on December 27, 2024 by Jonathan Bennett

We’re covering two weeks of news today, which is handy, because the week between Christmas and New Years is always a bit slow. And up first is the inevitable problem …read more Continue reading This Week in Security: License Plates, TP-Link, and Attacking Devs→

This Week in Security: Recall, BadRAM, and OpenWRT

Posted on December 13, 2024 by Jonathan Bennett

Microsoft’s Recall feature is back. You may remember our coverage of the new AI feature back in June, but for the uninitiated, it was a creepy security trainwreck. The idea …read more Continue reading This Week in Security: Recall, BadRAM, and OpenWRT→

This Week in Security: National Backdoors, Web3 Backdoors, and Nearest Neighbor WiFi

Posted on December 6, 2024 by Jonathan Bennett

Maybe those backdoors weren’t such a great idea. Several US Telecom networks have been compromised by a foreign actor, likely China’s Salt Typhoon, and it looks like one of the …read more Continue reading This Week in Security: National Backdoors, Web3 Backdoors, and Nearest Neighbor WiFi→

This Week in Security: Footguns, Bing Worms, and Gogs

Posted on November 22, 2024 by Jonathan Bennett

The world of security research is no stranger to the phenomenon of not-a-vulnerability. That’s where a security researcher finds something interesting, reports it to the project, and it turns out …read more Continue reading This Week in Security: Footguns, Bing Worms, and Gogs→

This Week in Security: Linux VMs, Real AI CVEs, and Backscatter TOR DoS

Posted on November 8, 2024 by Jonathan Bennett

Steve Ballmer famously called Linux “viral”, with some not-entirely coherent complaints about the OS. In a hilarious instance of life imitating art, Windows machines are now getting attacked through malicious …read more Continue reading This Week in Security: Linux VMs, Real AI CVEs, and Backscatter TOR DoS→

This Week in Security: Playing Tag, Hacking Cameras, and More

Posted on November 1, 2024 by Jonathan Bennett

Wired has a fascinating story this week, about the length Sophos has gone to for the last 5 years, to track down a group of malicious but clever security researchers …read more Continue reading This Week in Security: Playing Tag, Hacking Cameras, and More→