Security News This Week: Netflix’s Password-Sharing Crackdown Has Hit the US
TikTok user data is exposed to Chinese ByteDance employees, a screen recording app goes rogue in Google Play, and privacy groups want Slack to expand encryption.
TikTok user data is exposed to Chinese ByteDance employees, a screen recording app goes rogue in Google Play, and privacy groups want Slack to expand encryption.
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:
Apple fixes WebKit 0-days under attack (CVE-2023-28204, CVE-2023-32373, CVE-2023-32409)
Apple has released security updates for iOS and iPadOS, macOS, tvOS and watchOS, delivering fixes for many vulnerabilities but, most importantly, for CVE-2023-32409, a WebKit 0-day that “may have been actively exploited.”
Google Cloud CISO on why the Google Cybersecurity Certificate matters
In this Help Net Security interview, Phil Venables, CISO at Google Cloud, sheds light on how this initiative will create greater opportunities for individuals worldwide and contribute to meeting the increasing demand for cybersecurity professionals.
SquareX’s vision: A future where internet security is a non-issue
SquareX, the brainchild of cybersecurity trailblazer Vivek Ramachandran, is on a mission to revolutionize the cybersecurity landscape with a unique browser-based solution, designed to fortify online safety for consumers.
Enhancing open source security: Insights from the OpenSSF on addressing key challenges
In this Help Net Security interview, we meet a prominent industry leader. Brian Behlendorf, CTO at the Open Source Security Foundation (OpenSSF), shares insights on the influence of his experiences with the White House CTO office, World Economic Forum, and Linux Foundation on leading the OpenSSF and addressing open-source security challenges.
KeePass flaw allows retrieval of master password, PoC is public (CVE-2023-32784)
A vulnerability (CVE-2023-32784) in the open-source password manager KeePass can be exploited to retrieve the master password from the software’s memory, says the researcher who unearthed the flaw.
Advantech’s industrial serial device servers open to attack
Three vulnerabilities in Advantech’s EKI series of serial device servers could be exploited to execute arbitrary commands on the OS level.
DarkBERT could help automate dark web mining for cyber threat intelligence
Researchers have developed DarkBERT, a language model pretrained on dark web data, to help cybersecurity pros extract cyber threat intelligence (CTI) from the Internet’s virtual underbelly.
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:
RSA Conference 2023
RSA Conference 2023 took place at the Moscone Center in San Francisco. Check out our microsite for related news, photos, product releases, and more.
Overcoming industry obstacles for decentralized digital identities
In this Help Net Security interview, Eve Maler, CTO at ForgeRock, talks about how digital identities continue to play a critical role in how we access online services securely. Maler also highlights the challenges encountered by various industries in implementing decentralized digital identities.
PaperCut vulnerabilities leveraged by Clop, LockBit ransomware affiliates
Clop and LockBit ransomware affiliates are behind the recent attacks exploiting vulnerabilities in PaperCut application servers, according to Microsoft and Trend Micro researchers.
Common insecure configuration opens Apache Superset servers to compromise
An insecure default configuration issue (CVE-2023-27524) makes most internet-facing Apache Superset servers vulnerable to attackers, Horizon3.ai researchers have discovered.
3CX breach linked to previous supply chain compromise
Pieces of the 3CX supply chain compromise puzzle are starting to fall into place, though we’re still far away from seeing the complete picture.
GitHub introduces private vulnerability reporting for open source repositories
GitHub has announced that its private vulnerability reporting feature for open source repositories is now available to all project owners.
Google Authenticator updated, finally allows syncing of 2FA codes
Google has updated Google Authenticator, its mobile authenticator app for delivering time-based one-time authentication codes, and now allows users to sync (effectively: back up) their codes to their Google account.
VMware fixes critical flaws in virtualization software (CVE-2023-20869, CVE-2023-20870)
VMware has fixed one critical (CVE-2023-20869) and three important flaws (CVE-2023-20870, CVE-2023-20871, CVE-2023-20872) in its VMware Workstation and Fusion virtual user session software.
Google adds new risk assessment tool for Chrome extensions
Google has made available a new tool for…
This six-bedroom home located at 14150 Courtney Meadow Place in Leesburg is on the market for $1,390,000.
Built in 2017 in Waterford Manor, this home has many “cool custom features” that give charm to the home, according to listing agent Suzanne Ager of Middleburg Real Estate/Atoka Properties who co-lists the property with Alanna Nichols.
“It’s a magical place,” Ager said. “The backyard is so serene and it is set up to enjoy the sounds of nature and the surrounding landscape.”
The exterior features a covered deck on the upper level and down below, there is an outdoor kitchen, hot tub, sauna, fire pit sitting area and an extensive fully fenced backyard set on 4.72 acres.
There is also a tree fort, zipline and a “fabulous” sledding hill, she said.
Other exterior features include a detached three-car garage which has an unfinished upstairs space and custom landscaping and lighting around the property.
Walking through the front door, there is a bright and open foyer with a living room on one side and dining room with an interesting feature – a wood wine wall display.
There is a butler’s pantry leading from the dining room to the gourmet kitchen with upgraded cabinets and stainless-steel appliances, two wall ovens, gas cooktop, built-in microwave, trash compactor and more. Adjacent to the kitchen is a breakfast nook as well as a family room with wood beams and a stone fireplace.
On the other side of the family room is a vaulted sunroom which provides another comfortable space to relax, she said.
“It has so many great spaces and the homes feels so cozy and private,” Ager said. “It also has a great flow for entertaining.”
Also on the main level are an office, a large walk-in pantry and mudroom connected to two separate garages.
Upstairs, there are four bedrooms. The primary suite has access to a private covered balcony overlooking the backyard, two walk-in closets and a spacious bathroom.
“It’s a nice place to sit and have a cup of coffee and watch the sunrise,” Ager said.
The other three bedrooms are large and one has an ensuite bathroom while the other two share a hall bathroom. The laundry room is also located upstairs.
The…