At least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Squarespace bought all assets of Google Domains a year ago, but many customers still haven’t set up their new accounts. Experts say malicious hackers learned they could commandeer any migrated Squarespace accounts that hadn’t yet been registered, merely by supplying an email address tied to an existing domain.

A smartphone’s unique Bluetooth fingerprint could be used to track the device’s user–until now. A team of researchers have developed a simple firmware update that can completely hide the Bluetooth fingerprint, eliminating the vulnerability.

Check Point Research (CPR) has identified a critical zero-day spoofing attack exploiting Microsoft Internet Explorer on modern Windows 10/11 systems, despite the browser's retirement.

Morphisec, who discovered the flaw and published an advisory about it on July 9, has urged Microsoft to reclassify the vulnerability as "Critical" to reflect the higher estimated risk and ensure adequate mitigation efforts.

The security firm agreed with Microsoft that this RCE is more complex than CVE-2024-30103, making immediate exploitation less likely. However, combining it with another vulnerability could simplify attacks.

Based on past attacks, It wouldn’t be surprising to see active targeting this time too.

Google Pixel phones, especially with GrapheneOS, are worlds more secure than other technologies.

Every user account is decrypted with a key generated by the secure element, and the pin is just used to unlock that key.

But the secure element is rarely used in other applications.

Here is how to unlock your KeepassDX Storage with it:

1. Create a password storage with a very secure and long password. Length is especially important, prefer to use tons of nonsense words, over hard to remember symbols
2. In KeepassDX Settings, under "unlock settings" enable "use system unlock"
3. Enter the password for the password storage.
4. Instead of pressing Enter, press on the button in the bottom left to register the password in the Android Keystore.

From now on you can unlock your password storage using all the security that your device offers.

The only weakness is the password, so make it as long as possible.

To copy-paste passwords relatively securely, you can use Florisboard's internal clipboard. Enable "sync from system clipboard", and disable "sync to system clipboard".

If you copy things using the button on Florisboard, it will only be saved in Florisboards internal app storage, not your system clipboard, which is accessible to all input devices (keyboard apps) and foreground apps.

To delete things from the system clipboard (which only holds one entry) you can use apps like this one

I recommend Obtainium to get the latest versions of these apps.

Here is a list of available app configs