email security

Application Security

Issued by: Security Week

ProtonMail, a privacy and security-focused email provider based in Switzerland, has been strongly criticized for providing the IP address of a customer to Swiss authorities, ultimately leading to the arrest of a climate activist in France. But simply blaming ProtonMail misses the important lessons of this case. Background French authorities were aware that a group…

Vulnerabilities

Issued by: Security Week

On Friday, security researcher RyotaK published information on three vulnerabilities in PyPI, one of which could potentially lead to the compromise of the entire PyPI ecosystem. Python Package Index (PyPI) is the official third-party software repository for the Python programming language, with some package managers using it as the default source for packages and dependencies….

Application Security

Issued by: Security Week

The search advertising giant released a Chrome security refresh overnight with a warning that malicious hackers are actively exploiting a critical type confusion vulnerability to launch malware attacks. “Google is aware of reports that an exploit for CVE-2021-30563 exists in the wild,” the company said in a cryptic line added to its advisory. The vulnerability…

Application Security

Issued by: Security Week

The open-source browser refresh is currently rolling out with support for Fetch Metadata Request Headers, which means that web applications can better protect users against cross-site request forgery (CSRF), cross-site leaks (XS-Leaks), and speculative cross-site execution side channel attacks (such as Spectre). With the newly introduced feature, web application servers can distinguish between same-origin and…

Vulnerabilities

Issued by: Security Week

The issue has been a public embarrassment for Microsoft over the last two weeks as security researchers used social media to highlight major problems with Redmond’s mitigation guidance and the effectiveness of its out-of-band update. “We’re aware of claims and are investigating, but at this time we are not aware of any bypasses,” Microsoft said…

Vulnerabilities

Issued by: Security Week

Microsoft’s confirmation of a new, unpatched Windows Print Spooler bug comes days after researchers noticed that published proof-of-concept code for a different vulnerability was reliably exploiting fully patched Windows machines. Microsoft’s own misdiagnosis of a Print Spooler flaw that was just patched in June this year also added to the confusion. In a pre-patch advisory…

Network Security

Issued by: Security Week

The project, called D3FEND, is available through the non-profit Mitre Corporation as a catalog of defensive cybersecurity techniques and their relationships to offensive/adversary techniques. The primary goal of the initial D3FEND release is to help standardize the vocabulary used to describe defensive cybersecurity technology functionality. Mitre described D3FEND as an “early stage experimental research project”…