Using the Security Copilot tool, Microsoft discovered 20 critical vulnerabilities in widely deployed open-source bootloaders.
The post Microsoft Using AI to Uncover Critical Bootloader Vulnerabilities appeared first on SecurityWeek.
New Windows 11 trick lets you bypass Microsoft Account requirement
A previously unknown trick lets you easily bypass using a Microsoft Account in Windows 11, just as Microsoft tries to make it harder to use local accounts. […]
Undocumented Remote Access Backdoor Found in Unitree Go1 Robot Dog
The undocumented tunnel allows remote control all robot dogs on the tunnel network and use the vision cameras to see through their eyes.
The post Undocumented Remote Access Backdoor Found in Unitree Go1 Robot Dog appeared first on SecurityWeek.
North Korean IT worker army expands operations in Europe
North Korea’s IT workers have expanded operations beyond the United States and are now increasingly targeting organizations across Europe. […]
We Smell a (DC)Rat: Revealing a Sophisticated Malware Delivery Chain
A RAR file, a fake summons, and a Nietzsche quote—all part of a multi-stage malware chain delivering DCRat & Rhadamanthys. Acronis TRU breaks down how attackers use VBS, batch, and PowerShell scripts to slip past defenses. […]
Over 1,500 PostgreSQL Servers Compromised in Fileless Cryptocurrency Mining Campaign
Exposed PostgreSQL instances are the target of an ongoing campaign designed to gain unauthorized access and deploy cryptocurrency miners.
Cloud security firm Wiz said the activity is a variant of an intrusion set that was first flagged by Aqua Security in August 2024 that involved the use of a malware strain dubbed PG_MEM. The campaign has been attributed to a threat actor Wiz tracks as
Cloud security firm Wiz said the activity is a variant of an intrusion set that was first flagged by Aqua Security in August 2024 that involved the use of a malware strain dubbed PG_MEM. The campaign has been attributed to a threat actor Wiz tracks as
Apple fined €150 million over App Tracking Transparency issues
Autorité de la concurrence, France’s antitrust watchdog, has fined Apple €150 million ($162 million) for using the App Tracking Transparency privacy framework to abuse its dominant market position in mobile app advertising on its devices. […]
Enterprise Gmail Users Can Now Send End-to-End Encrypted Emails to Any Platform
On the 21st birthday of Gmail, Google has announced a major update that allows enterprise users to send end-to-end encrypted (E2EE) to any user in any email inbox in a few clicks.
The feature is rolling out starting today in beta, allowing users to send E2EE emails to Gmail users within an organization, with plans to send E2EE emails to any Gmail inbox in the coming weeks and to any email inbox
The feature is rolling out starting today in beta, allowing users to send E2EE emails to Gmail users within an organization, with plans to send E2EE emails to any Gmail inbox in the coming weeks and to any email inbox
Hackers Looking for Vulnerable Palo Alto Networks GlobalProtect Portals
GreyNoise warns of a coordinated effort probing the internet for potentially vulnerable Palo Alto Networks GlobalProtect instances.
The post Hackers Looking for Vulnerable Palo Alto Networks GlobalProtect Portals appeared first on SecurityWeek.
Google rolls out easy end-to-end encryption for Gmail business users
Google has started rolling out a new end-to-end encryption (E2EE) model for Gmail enterprise users, making it easier to send encrypted emails to any recipient. […]