Critical WebP vulnerability affects Chrome, Firefox and more
Last week, Citizen Lab disclosed a vulnerability that they are calling BLASTPASS which they found after investigating an iOS device used by an individual working at a civil society organization based in Washington, DC. The vulnerability was exploited to deliver the NSO Group’s Pegasus commercial spyware. The 0-click vulnerability can affect iPhones running the latest […]
Flaws in PowerShell Gallery leave users and cloud environments vulnerable
The PowerShell Gallery is the central repository for PowerShell content, offering modules, scripts, and DSC resources. Users can share and collaborate on PowerShell resources, making it a hub for the community. It integrates with the PowerShell module management tool, allowing users to directly install, update, and manage modules and scripts. The platform promotes best practices […]
France’s floored proposal to block websites using browser-based methods
The French government has proposed a dystopian security measure to block websites inside the browser and hopes to compel browser providers like Mozilla and Google to implement a solution to enable this capability. Article 6 of the proposed SREN Bill would compel browser providers to block websites based on a government-provided list, aiming to combat […]
Introduction of Passkeys
Last year Apple, Google and Microsoft announced a joint effort to kill the password. Ron Amadeo for Ars Technica: The first Thursday of May is apparently “World Password Day,” and to celebrate Apple, Google, and Microsoft are launching a “joint effort” to kill the password. The major OS vendors want to “expand support for a […]
The criminalization of encryption and security tools in France
On the morning of the 8 December 2020, nine French citizens were arrested on association with terrorism charges. The nine French citizens had joined the Kurdish People’s Defense Units (YPG) to fight against ISIS. When they returned in 2018, they were designated as far-left extremists by the General Directorate for Internal Security. The arrests have […]
Remote Code Execution bug found in CS:GO
Discovering vulnerabilities in the software we used on a day to day basis is important as it forms the foundation for proactive defense against these vulnerabilities. Identifying these vulnerabilities in software, hardware, or network systems and then reporting them responsibly fosters continuous improvement in security and development practices. Finding vulnerabilities is a massive time investment […]
New Dutch Intelligence law aims to remove safeguards for hacking non-targets
The Netherlands Government has proposed a law to enable law enforcement and intelligence agencies to not only intercept communications of a specific hacking group but also the victims of that group. For instance, if a hacking group targeted your computer and there’s a warrant against that group, Dutch services can automatically monitor your communications without […]
Reddit’s new API pricing leads to the closure of several 3rd party apps
Reddit announced that 3rd party apps will now have to pay to use its API, seemly to increase revenue as well as limit the scraping of its data from various AI startups that are training models. The pricing is $0.24 per 1000 API calls and with many 3rd party apps doing millions of requests per […]
Reflecting on the 10th Anniversary of the Snowden revelations
The Snowden revelations, which started 10 years ago today, exposed a vast, far-reaching, and complex system of surveillance capabilities built and operated by intelligence agencies, primarily the National Security Agency (NSA) and its partners known as the Five Eyes. These revelations had a profound impact on public understanding of government surveillance, privacy rights, and the balance between national security and civil liberties.
Security.txt becomes mandatory for all Dutch Government Websites
When bug-bounty hunters and other security researchers need to disclose a vulnerability to an organization, they often can’t find an email address to conduct an organization through. The concept of security.txt originated from the need to streamline communication between security researchers and organizations. An idea was submitted to the Internet Engineering Task Force (IETF) to […]