Author: securnerd

We're your premier source for the latest in AI, cybersecurity, science, and technology. Dedicated to providing clear, thorough, and accurate information, our team brings you insights into the innovations that shape tomorrow. Let's navigate the future together."

The European Union’s Irish Data Protection Commission (DPC) has imposed a staggering fine of €345 million (equivalent to $368 million) on TikTok, citing violations of the General Data Protection Regulation (GDPR) concerning the treatment of data from underage users. The inquiry, launched in September 2021, delved into the methods TikTok employed to handle the personal information of young users aged 13 to 17 from July to December 2020. Key findings from the investigation revealed: By default, videos uploaded by underage users were public, making them viewable to anyone, with or without a TikTok account, thus raising safety concerns. TikTok’s failure…

Read More

Microsoft’s investigative team has identified several memory corruption vulnerabilities within the ncurses programming library. These vulnerabilities pose a potential risk to Linux and macOS systems, allowing hackers the opportunity to execute harmful code. The research team, composed of Jonathan Bar Or, Emanuele Cozzi, and Michael Pearse from Microsoft Threat Intelligence, detailed in their latest report how threat actors could use environment variable manipulation to take advantage of these flaws. The objective? To increase privileges and execute commands in the context of the affected application or initiate other malevolent tasks. Designated as CVE-2023-29491 and having a CVSS score of 7.8, these…

Read More

France’s official radiofrequency agency, Agence Nationale des Fréquences (ANFR), is challenging Apple over its iPhone 12’s radiofrequency energy emissions. They claim these emissions surpass acceptable limits for human absorption. Across a variety of mobile manufacturers, ANFR evaluated 141 devices for alignment with specified absorption rate (SAR) standards. SAR offers a quantitative method to assess the rate of radiofrequency energy uptake by the body, particularly from sources like mobile phones. Global Standards on SAR Levels Globally, there are established parameters ensuring that electronic devices, predominantly mobile phones, do not compromise human health with elevated radiation levels. For instance, the U.S. Federal…

Read More

A prominent cybersecurity firm has successfully intercepted and prevented a significant distributed denial-of-service (DDoS) attack aimed at a major U.S. banking institution. While the bank in question remains undisclosed, Akamai Technologies, the firm that intervened, confirmed it’s one of their most esteemed clients in the banking sector. DDoS attacks typically crash websites by overloading them with excessive traffic, rendering them inaccessible for a period. This recent onslaught, which took place on Tuesday, saw traffic spiking to a staggering 633.7 gigabits per second. To put this in perspective, data from the cloud services provider Gcore suggests that DDoS attacks this year…

Read More

With its newest update, Microsoft Paint is set to change the game for Windows 11 Insider members by introducing a convenient ‘Remove Background’ function. This updated feature, which is now accessible to Insiders in both the Dev and Canary channels, simplifies photo editing tasks with just a single click. On opening the revised Paint version, the ‘Remove Background’ icon is prominently featured under the ‘Image’ section of the toolbar. Activating this function will automatically detect the main subject, leaving it intact while clearing out the surrounding backdrop. A sample demonstration showcasing this capability uses the signature Windows wallpaper for illustrative…

Read More

University of Wisconsin-Madison’s researchers have brought to light a potential vulnerability through a Chrome extension prototype, demonstrating its ability to harvest plaintext passwords from website source codes. Deep dive into web browser text inputs revealed a concerning gap in Chrome’s permission model, showing it goes against the best practice of adopting minimal privilege and comprehensive mediation. Even more alarmingly, popular portals like Google and Cloudflare, among many others, were found to embed passwords in plain text within their HTML source codes. This creates an avenue for Chrome extensions to easily access these passwords. Where the Issue Lies Extensions are given…

Read More

The cybersecurity landscape is constantly shifting, with adversaries developing a multitude of tools to bypass barriers and access vital information. Shockingly, it isn’t always intricate malware or zero-day vulnerabilities that pose the greatest risk, but rather the simple compromise of usernames and passwords. This write-up delves into the looming threat of compromised credentials, the intricacies of safeguarding Active Directory (AD) landscapes, and a spotlight on Silverfort Unified Identity Protection, a pivotal solution for combating these cyberthreats. Credentials, the Trojan Horse in the Cyber World Amongst various cyber vulnerabilities, stolen or weak usernames and passwords remain one of the most powerful…

Read More

Even as the world buzzes about AI’s potential, statistics tell a perplexing tale. Investment in startups, especially those leaning on AI, appears stagnant. What’s causing this apparent paradox? Insight from venture capital (VC) experts suggests caution and meticulousness dominate the present investment climate. For a startup to attract funding in the current scenario, the presence of buzzwords such as AI, ML, or LLM in its business blueprint is almost a given. In fact, this year, AI-centric ventures bagged nearly 20% of the global venture capital, as revealed by Crunchbase. However, in a twist of irony, despite AI’s heightened prominence, overall…

Read More

Recent investigations have highlighted a potential method that cyber attackers might employ to skilfully dodge malware detection, focusing on exploiting the Windows Container Isolation Framework. This revelation was unveiled by Daniel Avinoam, a security researcher from Deep Instinct, during the DEF CON security summit earlier this month. Central to Microsoft’s container design, inclusive of its Windows Sandbox, is the employment of a dynamically created image. This image acts to distinguish the file system of each container from its host while also circumventing the redundancy of system files. Described as an “OS image that retains pristine file versions that can be…

Read More

Kali Linux 2023.3 Unleashed: Enhanced NetHunter App, Fresh Tools, and More Power for Penetration Testers! In a significant move for the cybersecurity community, Offensive Security has unleashed Kali Linux 2023.3, the latest iteration of its renowned platform tailored for penetration testing and digital forensics endeavors. Bolstering the toolkit arsenal While keeping a vigilant eye on updating existing tools, each new Kali Linux version often introduces an array of potent additions. This release is no exception, bringing forth a lineup of nine novel tools that promise to elevate the capabilities of security professionals: Calico – Revolutionizing cloud-native networking and network security…

Read More