Let’s Encrypt root certificate may cause problems for older devices Let’s Encrypt is a non-profit and one of the largest issuers of HTTPS certificates, the backbone of encrypting traffic. However security researcher Scott Helme noticed that the IdentTrust DST Root…
Google expands app permissions reset The company introduced the “permissions auto-reset” feature in Android 11 last year. This causes apps that haven’t been used in a while to lose access to various device permissions for sensors, SMS messages, and contact…
Travis CI security vulnerability is bad news for open source Travis CI is a continuous integration software-testing solution used by over 900,000 open-source projects and 600,000 users. Earlier this month, security researcher Felix Lange discovered a vulnerability that included secure…
SSID Stripping is a new take on spoofing Researchers at AirEye disclosed the newly discovered vulnerability, which impacts devices running Windows, macOS, Ubuntu, Android and iOS. The researchers showed how malicious actors could alter SSIDs to make them appear to…
Brad Smith recounts early days of the SolarWinds attack In an excerpt from an upcoming book, Microsoft President Brad Smith reveals details about how the company acted during the initial discovery of the SolarWinds supply chain attack. Smith first became…
ProtonMail shares user IP address with law enforcement The privacy-focused email provider received a “legally binding order from the Swiss Federal Department of Justice” it was “obligated to comply with,” leading the organization to handover the IP address and information…
BrakTooth bites major SoC vendors The ASSET Research Group at the Singapore University of Technology and Design disclosed a series of vulnerabilities dubbed BrakTooth that impact commercial Bluetooth Classic stacks across a range of commodity hardware, from OEMs like Intel,…
Manual Windows 11 installs might not get updates Microsoft confirmed it won’t block users installing Windows 11 on older PCs manually using ISO files. The requirements to get the OS to run using a manual install are pretty straightforward, a…
Most government agencies use facial recognition According to a new report from the US Government Accountability Office, 19 of the 24 US government agencies surveyed use some form of facial recognition. The Department of Defense and Department of Homeland Security…
Apple started scanning for CSAM in 2019 Earlier this month, Apple announced it would start client-side scanning of devices for hashes derived from child sexual abuse materials or CSAM. These scans would only occur when uploading content to iCloud. This…
