In a troubling revelation, Facebook has acknowledged that it provided various technology companies and app developers with continued access to user data, despite its public assertions in 2015 that such access had been curtailed. This admission offers a rare glimpse into how the social media giant manages personal information within…
Microsoft Phases Out Vulnerable RC4 Encryption Standard Amid Rising Security Concerns In a significant move towards bolstering cybersecurity, Microsoft has announced the discontinuation of the outdated and insecure RC4 encryption cipher, which has been a default feature in Windows for over 26 years. This decision comes in the wake of…
In a significant update released for January 2024, Microsoft has patched a total of 48 security vulnerabilities across its software ecosystem. This month’s Patch Tuesday includes two flaws classified as Critical and 46 as Important. Notably, there are no indications that any of these vulnerabilities are being actively exploited or…
New Timing Vulnerability Discovered in TLS: Raccoon Attack A recent study has revealed a significant timing vulnerability affecting the Transport Layer Security (TLS) protocol, potentially allowing attackers to compromise encryption and access sensitive communications under specific scenarios. Researchers have labeled this exploit the “Raccoon Attack,” targeting server-side operations in TLS…
Snapchat Source Code Leaked on GitHub: Cybersecurity Implications Unfold Recently, the source code for Snapchat, a widely-used social media application, was unlawfully released online. This breach occurred when a hacker leaked the code on GitHub, a Microsoft-owned code repository. The GitHub account, registered under the name Khaled Alshehri with the…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially included a critical vulnerability affecting Microsoft SharePoint Server in its Known Exploited Vulnerabilities (KEV) catalog, highlighting evidence of active exploitation within various environments. This vulnerability, identified as CVE-2023-29357, has garnered a significant CVSS score of 9.8, indicating its severity and…
Microsoft has disclosed its ongoing efforts to phase out the RC4 cryptographic algorithm, a challenge that has persisted for over a decade. According to Steve Syfuhs, who leads the Windows Authentication team at Microsoft, eliminating an algorithm that has been a part of operating systems for the last 25 years…
In a significant move today, the United States government filed charges against five individuals linked to a state-sponsored Chinese hacking group known as APT41, as well as two Malaysian hackers. This group is believed to have compromised over one hundred businesses globally, showcasing a sophisticated range of cyber-espionage and financially…
GitHub has confirmed the rotation of specific cryptographic keys following the identification of a significant security vulnerability. This issue poses the risk of unauthorized access to sensitive credentials within production containers. The subsidiary of Microsoft announced that it first learned of the problem on December 26, 2023, and took immediate…
