Security - Posted On:2023-09-05 19:15:00 Source: arstechnica

Airspace and maritime navigation warnings released to pilots and mariners suggest the US military might launch a hypersonic missile this week on a test flight from Cape Canaveral, Florida.

This test could be one of the final milestones before the US Army fields the nation's first ground-based hypersonic weapon, which is more maneuverable and more difficult for an enemy to track and destroy than a conventional ballistic missile. Russia has used hypersonic in combat against Ukraine, and US defense officials have labeled China as the world's leader in emerging hypersonic missile technology.

That has left the US military playing catch-up, and the Army is on the cusp of having its first ground-based hypersonic missiles ready for active duty. If informed speculation is correct, the test launch from Cape Canaveral Space Force Station this week—performed in partnership between the Army and the Navy—could be a full-scale test of the new solid-fueled hypersonic missile to propel a hypersonic glide vehicle to high speeds over the Atlantic Ocean.

Read More

Security - Posted On:2023-08-25 21:00:00 Source: arstechnica

For three days, system administrators have been troubleshooting errors that have prevented Windows users from running applications such as QuickBooks and Avatax. We now know the cause: an unannounced move or glitch by Microsoft that removed a once-widely used digital certificate in Windows.

The removed credential is known as a root certificate, meaning it anchors the trust of hundreds or thousands of intermediate and individual certificates downstream. The root certificate—with the serial number 18dad19e267de8bb4a2158cdcc6b3b4a and the SHA1 fingerprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5—was no longer trusted in Windows. Because that root was tied to certificates that certify their authenticity and trust, people trying to use or install the app received the error.

Just minutes before this post was scheduled to go live, researchers learned that the certificate had been restored in Windows. It’s unclear how or why that occurred. The certificate immediately below this paragraph shows the certificate's status on Thursday. The one below that shows the status as of Friday.

Read More

Security - Posted On:2023-07-13 16:45:01 Source: arstechnica

For most IT professionals, the move to the cloud has been a godsend. Instead of protecting your data yourself, let the security experts at Google or Microsoft protect it instead. But when a single stolen key can let hackers access cloud data from dozens of organizations, that trade-off starts to sound far more risky.

Late Tuesday evening, Microsoft revealed that a China-based hacker group, dubbed Storm-0558, had done exactly that. The group, which is focused on espionage against Western European governments, had accessed the cloud-based Outlook email systems of 25 organizations, including multiple government agencies.

Those targets encompass US government agencies including the State Department, according to CNN, though US officials are still working to determine the full scope and fallout of the breaches. An advisory from the US Cybersecurity and Infrastructure Security Agency says the breach, which was detected in mid-June by a US government agency, stole unclassified email data “from a small number of accounts.”

Read More

Security - Posted On:2021-03-08 16:30:00 Source: bleepingcomputer

Microsoft is working on boosting Exchange Online phishing protection capabilities by adding support for external email message tags to its cloud-based email service. [...]

Read More

Security - Posted On:2021-03-08 16:30:00 Source: bleepingcomputer

A new ransomware known as Sarbloh encrypts your files while at the same time delivering a message supporting the protests of Indian farmers. [...]

Read More

Security - Posted On:2021-03-08 15:15:00 Source: bleepingcomputer

Intrusion activity related to the Supernova malware planted on compromised SolarWinds Orion installations exposed on the public internet points to an espionage threat actor based in China. [...]

Read More

Security - Posted On:2021-03-08 13:30:00 Source: bleepingcomputer

Google Chrome will block the browser's access to TCP port 554 to protect against attacks using the NAT Slipstreaming 2.0 vulnerability. [...]

Read More

Security - Posted On:2021-03-08 11:15:02 Source: bleepingcomputer

The European Banking Authority (EBA) took down all email systems after their Microsoft Exchange Servers were hacked as part of the ongoing attacks targeting organizations worldwide. [...]

Read More

Security - Posted On:2021-03-08 10:29:57 Source: bleepingcomputer

US bank and mortgage lender Flagstar has disclosed a data breach after the Clop ransomware gang hacked their Accellion file transfer server in January. [...]

Read More

Security - Posted On:2021-03-08 09:59:57 Source: bleepingcomputer

The US Cybersecurity and Infrastructure Security Agency (CISA) is taking over the administration of the.gov top-level domain (TLD) as its new policy and management authority. [...]

Read More

Security - Posted On:2021-03-08 08:59:57 Source: bleepingcomputer

Unpatched network-attached storage (NAS) devices are targeted in ongoing attacks where the attackers try to take them over and install cryptominer malware to mine for cryptocurrency. [...]

Read More

Security - Posted On:2021-03-07 16:45:00 Source: bleepingcomputer

Google has added a new feature to Google Chrome Canary that makes it easier for users to test new hidden features under development. [...]

Read More

Security - Posted On:2021-03-07 16:30:00 Source: bleepingcomputer

Microsoft has pushed out a new update for their Microsoft Safety Scanner (MSERT) tool to detect web shells deployed in the recent Exchange Server attacks. [...]

Read More

Security - Posted On:2021-03-07 13:45:01 Source: bleepingcomputer

Microsoft has added XLM macro protection for Microsoft 365 customers by expanding the runtime defense provided by Office 365's integration with Antimalware Scan Interface (AMSI) to include Excel 4.0 (XLM) macro scanning. [...]

Read More

Security - Posted On:2021-03-07 13:45:01 Source: bleepingcomputer

Google has added a new feature to Google Chrome Canary that makes it easier for users to test new hidden features under development. [...]

Read More

Security - Posted On:2021-03-06 15:45:00 Source: bleepingcomputer

With Windows, you've got an almost limitless number of free, open-source and paid apps to customize the appearance of desktop. In this article, we're going to share a list of open-source and free tools to change the desktop wallpaper animation when you move your cursor, add support for widgets, and more. [...]

Read More

Security - Posted On:2021-03-06 14:15:00 Source: bleepingcomputer

Microsoft has released a PowerShell script that admins can use to check whether the recently disclosed ProxyLogon vulnerabilities have hacked a Microsoft Exchange server. [...]

Read More

Security - Posted On:2021-03-06 13:00:00 Source: bleepingcomputer

The REvil ransomware operation announced this week that they are using DDoS attacks and voice calls to journalists and victim's business partners to generate ransom payments. [...]

Read More

Security - Posted On:2021-03-06 11:30:01 Source: bleepingcomputer

This week Samsung has started rolling out Android's March 2021 security updates to mobile devices to patch critical security vulnerabilities in the runtime, operating system, and related components. Users are advised to update their Android devices immediately to safeguard against these bugs. [...]

Read More

Security - Posted On:2021-03-06 11:30:01 Source: bleepingcomputer

Microsoft has announced a new deployment service for drivers and firmware that will make it easier for IT admins to select the right drivers for devices on their enterprise network. [...]

Read More