Tech News
Here’s what we know about a mysterious launch from Florida this week
Security - Posted On:2023-09-05 19:15:00 Source: arstechnica

Airspace and maritime navigation warnings released to pilots and mariners suggest the US military might launch a hypersonic missile this week on a test flight from Cape Canaveral, Florida.
This test could be one of the final milestones before the US Army fields the nation's first ground-based hypersonic weapon, which is more maneuverable and more difficult for an enemy to track and destroy than a conventional ballistic missile. Russia has used hypersonic in combat against Ukraine, and US defense officials have labeled China as the world's leader in emerging hypersonic missile technology.
That has left the US military playing catch-up, and the Army is on the cusp of having its first ground-based hypersonic missiles ready for active duty. If informed speculation is correct, the test launch from Cape Canaveral Space Force Station this week—performed in partnership between the Army and the Navy—could be a full-scale test of the new solid-fueled hypersonic missile to propel a hypersonic glide vehicle to high speeds over the Atlantic Ocean.
Renegade certificate removed from Windows. Then it returns. Microsoft stays silent.
Security - Posted On:2023-08-25 21:00:00 Source: arstechnica

For three days, system administrators have been troubleshooting errors that have prevented Windows users from running applications such as QuickBooks and Avatax. We now know the cause: an unannounced move or glitch by Microsoft that removed a once-widely used digital certificate in Windows.
The removed credential is known as a root certificate, meaning it anchors the trust of hundreds or thousands of intermediate and individual certificates downstream. The root certificate—with the serial number 18dad19e267de8bb4a2158cdcc6b3b4a and the SHA1 fingerprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5—was no longer trusted in Windows. Because that root was tied to certificates that certify their authenticity and trust, people trying to use or install the app received the error.
Just minutes before this post was scheduled to go live, researchers learned that the certificate had been restored in Windows. It’s unclear how or why that occurred. The certificate immediately below this paragraph shows the certificate's status on Thursday. The one below that shows the status as of Friday.
How a cloud flaw gave Chinese spies a key to Microsoft’s kingdom
Security - Posted On:2023-07-13 16:45:01 Source: arstechnica

For most IT professionals, the move to the cloud has been a godsend. Instead of protecting your data yourself, let the security experts at Google or Microsoft protect it instead. But when a single stolen key can let hackers access cloud data from dozens of organizations, that trade-off starts to sound far more risky.
Late Tuesday evening, Microsoft revealed that a China-based hacker group, dubbed Storm-0558, had done exactly that. The group, which is focused on espionage against Western European governments, had accessed the cloud-based Outlook email systems of 25 organizations, including multiple government agencies.
Those targets encompass US government agencies including the State Department, according to CNN, though US officials are still working to determine the full scope and fallout of the breaches. An advisory from the US Cybersecurity and Infrastructure Security Agency says the breach, which was detected in mid-June by a US government agency, stole unclassified email data “from a small number of accounts.”
Microsoft 365 adds 'External' email tags for increased security
Security - Posted On:2021-03-08 16:30:00 Source: bleepingcomputer
Microsoft is working on boosting Exchange Online phishing protection capabilities by adding support for external email message tags to its cloud-based email service. [...]
New Sarbloh ransomware supports Indian farmers' protest
Security - Posted On:2021-03-08 16:30:00 Source: bleepingcomputer
A new ransomware known as Sarbloh encrypts your files while at the same time delivering a message supporting the protests of Indian farmers. [...]
Hackers hiding Supernova malware in SolarWinds Orion linked to China
Security - Posted On:2021-03-08 15:15:00 Source: bleepingcomputer
Intrusion activity related to the Supernova malware planted on compromised SolarWinds Orion installations exposed on the public internet points to an espionage threat actor based in China. [...]
Google Chrome to block port 554 to stop NAT Slipstreaming attacks
Security - Posted On:2021-03-08 13:30:00 Source: bleepingcomputer
Google Chrome will block the browser's access to TCP port 554 to protect against attacks using the NAT Slipstreaming 2.0 vulnerability. [...]
European Banking Authority discloses Exchange server hack
Security - Posted On:2021-03-08 11:15:02 Source: bleepingcomputer
The European Banking Authority (EBA) took down all email systems after their Microsoft Exchange Servers were hacked as part of the ongoing attacks targeting organizations worldwide. [...]
Flagstar Bank hit by data breach exposing customer, employee data
Security - Posted On:2021-03-08 10:29:57 Source: bleepingcomputer
US bank and mortgage lender Flagstar has disclosed a data breach after the Clop ransomware gang hacked their Accellion file transfer server in January. [...]
CISA takes over .GOV top-level domain (TLD) administration
Security - Posted On:2021-03-08 09:59:57 Source: bleepingcomputer
The US Cybersecurity and Infrastructure Security Agency (CISA) is taking over the administration of the.gov top-level domain (TLD) as its new policy and management authority. [...]
Unpatched QNAP devices are being hacked to mine cryptocurrency
Security - Posted On:2021-03-08 08:59:57 Source: bleepingcomputer
Unpatched network-attached storage (NAS) devices are targeted in ongoing attacks where the attackers try to take them over and install cryptominer malware to mine for cryptocurrency. [...]
How to use Google's 'Chrome Labs' to test new browser features
Security - Posted On:2021-03-07 16:45:00 Source: bleepingcomputer
Google has added a new feature to Google Chrome Canary that makes it easier for users to test new hidden features under development. [...]
Microsoft's MSERT tool now finds web shells from Exchange Server attacks
Security - Posted On:2021-03-07 16:30:00 Source: bleepingcomputer
Microsoft has pushed out a new update for their Microsoft Safety Scanner (MSERT) tool to detect web shells deployed in the recent Exchange Server attacks. [...]
Microsoft Office 365 gets protection against malicious XLM macros
Security - Posted On:2021-03-07 13:45:01 Source: bleepingcomputer
Microsoft has added XLM macro protection for Microsoft 365 customers by expanding the runtime defense provided by Office 365's integration with Antimalware Scan Interface (AMSI) to include Excel 4.0 (XLM) macro scanning. [...]
Google's Chrome Labs makes it easier to test new browser features
Security - Posted On:2021-03-07 13:45:01 Source: bleepingcomputer
Google has added a new feature to Google Chrome Canary that makes it easier for users to test new hidden features under development. [...]
How to customize your Windows 10 desktop with these free tools
Security - Posted On:2021-03-06 15:45:00 Source: bleepingcomputer
With Windows, you've got an almost limitless number of free, open-source and paid apps to customize the appearance of desktop. In this article, we're going to share a list of open-source and free tools to change the desktop wallpaper animation when you move your cursor, add support for widgets, and more. [...]
This new Microsoft tool checks Exchange Servers for ProxyLogon hacks
Security - Posted On:2021-03-06 14:15:00 Source: bleepingcomputer
Microsoft has released a PowerShell script that admins can use to check whether the recently disclosed ProxyLogon vulnerabilities have hacked a Microsoft Exchange server. [...]
Ransomware gang plans to call victim's business partners about attacks
Security - Posted On:2021-03-06 13:00:00 Source: bleepingcomputer
The REvil ransomware operation announced this week that they are using DDoS attacks and voice calls to journalists and victim's business partners to generate ransom payments. [...]
Samsung fixes critical Android bugs in March 2021 updates
Security - Posted On:2021-03-06 11:30:01 Source: bleepingcomputer
This week Samsung has started rolling out Android's March 2021 security updates to mobile devices to patch critical security vulnerabilities in the runtime, operating system, and related components. Users are advised to update their Android devices immediately to safeguard against these bugs. [...]
Microsoft is giving Windows admins full control over driver updates
Security - Posted On:2021-03-06 11:30:01 Source: bleepingcomputer
Microsoft has announced a new deployment service for drivers and firmware that will make it easier for IT admins to select the right drivers for devices on their enterprise network. [...]