Let me remind you that the SolarWinds hack has become one of the largest attacks on the supply chain in history. In December 2020, it became known that unknown attackers had attacked the company and infected its Orion platform with malware. Of the 300,000 SolarWinds customers, only 33,000 were using Orion, and at the beginning of the year, it was reported that an infected version of the platform was installed on approximately 18,000 customers, according to official figures.
As a result of [...]
The search engine has received the name Brave Search and is already available at search.brave.com, and can also be selected as a search engine in the Brave browser settings.
While the project is still in beta testing, the developers assure that by the end of this year Brave Search will be finalized and become a full-fledged option for default search in the company’s browser, and will also be available for other browsers.
Brave Search was first announced in March 2021 after Brave Software acquired the [...]
The new feature is called Norton Crypto and will be available to early users of Norton 360 this week.
If Norton Crypto is enabled, the antivirus will use the device’s graphics card to mine Ethereum, and the mined cryptocurrency will then be transferred to the Norton cloud wallet.
The company claims that this feature will allow users to mine Ethereum without sacrificing their security, because mining software often triggers the operation [...]
The experts explain that security headers are an important part of the internet today. Technically, they are HTTP responses sent by the server to a client application, such as a browser.
Every time a user accesses the site, the browser makes a request to the server, from which the site is then loaded. While the sites themselves are rendered using HTML, JavaScript, and CSS, administrators can add additional settings to the HTTP connection headers so that the user’s browser handles the [...]
Two-factor authentication, or two-step verification, is a popular security feature that adds extra security to the authentication process. As the second stage of authentication, while logging into an account, confirmation of the code sent via SMS to the associated mobile device or authentication application can be used.
Google customers can set up two-step verification to protect their accounts. Many users have already set up two-factor authentication in various services.
Google announced that it will soon introduce mandatory 2-Step Verification for Google accounts. The [...]
The statement said that based on new information that emerged during the investigation of the attack (in particular, the DNS traffic logs), it became clear that the incident affected not 18,000 clients, as previously thought, but only about 100.
Let me remind you that the SolarWinds hack has become one of the largest attacks on the supply chain in history. In December 2020, it became known that unknown attackers had attacked the company and infected its Orion platform with malware. Of [...]
On affected devices, Microsoft Defender places thousands of files in the directory: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store
For example, on a test system running Windows 10, version 20H2, there were more than 10,800 objects in this folder. Other users report that in just 24 hours, Microsoft Defender created over 950,000 files, taking up over 30 gigabytes of disk space. Most files are small: 1 or 2 kilobytes.
The error can affect certain operations, such as sync or backup jobs. [...]
The Microsoft Active Protections Program (MAPP) is a program for software vendors and partners that gives them early access to data on vulnerabilities and other threats before it is published. The MAPP, which has 81 member organizations, aims to ensure that companies can develop strategies and deploy appropriate updates before vulnerabilities become known to the public.
In particular, program participants are [...]
The issues affect SonicWall Email Security (SonicWall ES), an email security solution that companies use in the cloud or on-premises to scan email traffic.
The following identifiers were assigned to the vulnerabilities: CVE-2021-20021 (CVSS 9.4, bypass authentication, create an administrator account), CVE-2021-20023 (CVSS 6.7, read local files) and CVE-2021-20022 (CVSS 6, 7, modifying local files, or loading backdoor web shells).
FireEye is tracking the aforementioned hack [...]
Experts discovered the attacks earlier this year, and the developers of Pulse Secure VPN have already confirmed the claims of the researchers. According to FireEye, the hacks started way back in August 2020, when the first hack group, which the company tracks as UNC2630, targeted US defense contractors and European organizations.
At that time, hackers used a combination of old bugs in Pulse Secure VPN, as well as a new 0-day vulnerability (CVE-2021-22893) to seize control over Pulse [...]