Massive Fake Website Campaign Spreading Malware detected

Security researchers have detected a big malware campaign that is using fake websites to impersonate popular products and brands to spread malware. So-called typosquatting attacks register domain names that resemble the domain names of legitimate products. Many times, only a single character is different, added or removed from the domain name. While observant Internet users […]

Microsoft adds RSS feed support to its Security Update Guide service

Microsoft's Security Update Guide site is a core service when it comes to information about security information and updates that Microsoft releases. Up until now, users could sign-up using an account to receive notifications about new vulnerabilities added to Microsoft's database. Microsoft disabled the legacy Security Notification Service in September 2022 in favor of a […]

Microsoft rebrands most of “Office” to Microsoft 365

When you think about Microsoft products, it is probably Windows, Office and Xbox that come to your mind first. While the company has plenty of other products, most are minor when compared to the three heavyweights. Microsoft announced changes to the company's Office brand this week. According to Microsoft, most of Office is going to […]

OneDrive DLL Sideloading vulnerability exploited in the wild

Security services provider BitDefender published information about a DLL sideloading vulnerability of OneDrive that is exploited in the wild. According to the information, malicious actors exploit the vulnerability to mine cryptocurrency on successfully exploited machines. DLL hijacking is a common occurrence on Windows. Windows uses a priority system to determine from which location a DLL […]

Maigret: create user dossiers based on username searches on thousands of sites

Maigret is an open source cross-platform tool to create profiles on users using just username searches. The program is free to use and does not require any APIs or configuration. The command line tool checks if specified usernames exist on online platforms and creates reports based on the findings. The sites that Maigret checks are […]

LastPass provides details on August 2022 hack

LastPass informed customers about a security breach on the company's official blog in August 2022. This week, the company published additional information about the hack after its investigation. Back in August 2022, LastPass informed customers that it noticed unusual activity in the development environment. It noticed relatively quickly that a third-party managed to obtain access […]

Microsoft Teams is storing authentication tokens in cleartext

A security vulnerability has been discovered in Microsoft Teams. A report that was published by security firm Vectra, reveals that Microsoft Teams is storing authentication tokens in cleartext. Microsoft Teams security issue The vulnerability is present in the desktop versions of Teams for Windows, macOS and Linux. Threat actors who have local (physical) or remote […]

Bitwarden password manager adds Fastmail email forwarding support

Bitwarden is a popular choice when it comes to password managers. A late entry to the niche, it is open source, free for personal use and does not restrict functionality artificially for free accounts. Customers may subscribe to gain access to additional features though. The password manager supports a rich feature set, including support for […]

HP Support Assistant has a DLL Hijacking Vulnerability

HP Support Assistant is a software program that is included on HP computers and notebooks. The program is also available as a standalone download; customers who use HP peripherals, such as printers or scanners, may install it to manage these devices on non-HP PCs. HP published a HP Support Assistant security advisory on its website […]