Cybersecurity

A recent investigation by the University of Toronto's Citizen Lab has uncovered potential security weaknesses in WeChat's custom encryption protocol. These weaknesses arise because the developers of WeChat, which boasts over a billion monthly active users, have modified the Transport Layer Security (TLS) 1.3 protocol, creating a version called MMTLS.

Threat actors have been exploiting a vulnerability in the Roundcube Webmail client to target government organizations in the Commonwealth of Independent States (CIS) region, the successor of the former Soviet Union.

So my company is investigating whether it's worth it to use ThreatDown (the corporate version of Malwarebytes) for endpoint-protection.

However, recently (October 9th) a critical vulnerability in Firefox was reported by Mozilla: CVE-2024-9680.

The "strange" thing is that there was no mention of this vulnerability in ThreatDown when I checked after the weekend (October 14th):

(screenshot shows issues that ThreatDown did find, sorted from worst to least bad.

Even though the version of Firefox did contain the vulnerability:

And Locize did run several scans on this endpoint in the mean time:

We contacted ThreatDown about this and the next day the vulnerability suddenly shows up in ThreatDown:

To me it feels like we had to notify ThreatDown about the vulnerability, instead of them notifying us, which is the exact opposite of what we are paying them for, right?

Is this a strange conclusion? What is your experience with them? Any other comments/ideas/things we are missing?

Microsoft researchers toyed with app permissions to uncover CVE-2024-44133, using it to access sensitive user data. Adware merchants may have as well.

he latest generations of Intel processors, including Xeon chips, and AMD's older microarchitectures on Linux are vulnerable to new speculative execution attacks that bypass existing ‘Spectre’ mitigations.

Hackers breached ESET's exclusive partner in Israel to send phishing emails to Israeli businesses that pushed data wipers disguised as antivirus software for destructive attacks.

I'm not in the security field so sorry if I seem like a newbie. Not sure where else to ask.

I setup my own email domain thing with the help of some kind Lemmy folk. I'm on Namecheap, it was a little tricky for me to set up but it seems to have been working out great.

But yesterday, and again today I got this notice from DMARC that Mail . ru is doing stuff with my account.

advice I was able to google suggest I needed to change a setting from "none" to "reject".

can anyone tell me if I've done this right? also has any damage been done by me not having this set sooner?

Missing logs could make it more difficult to identify unauthorized access to the customers' networks during that two-week window.

So they were from Sudan...