Security Affairs

MAY 9, 2021

A flaw in some DNS resolvers, tracked as TsuNAME, can allow attackers to launch DDoS attacks against authoritative DNS servers. Researchers at SIDN Labs (the R&D team of the registry for.nl domains), InternetNZ (the registry for.nz domains), and the Information Science Institute at the University of Southern California has discovered a vulnerability, named TsuNAME, in some DNS resolvers.

Paper 126

Paper Access Security IT 126

Troy Hunt

MAY 9, 2021

A fairly hectic week this one, in a large part due to chasing down really flakey network issues that are causing devices (namely Shelly relays) to be inaccessible. I suspect it's ARP related and as of now, it's still not fully resolved. You know how much s**t breaks in a connected house when devices become inaccessible? Lots. But hey, at least I've finally automated my aircon!

Encryption 120

Encryption IT 120

Security Affairs

MAY 9, 2021

U.S. CISA has published an analysis of the FiveHands ransomware, the same malware that was analyzed a few days ago by researchers from FireEye’s Mandiant experts. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published an analysis of the FiveHands ransomware that was recently detailed by FireEye’s Mandiant. At the end of April, researchers from FireEye’s Mandiant revealed that a sophisticated cybercrime gang tracked as UNC2447 has exploited a zero-day issue ( CVE-2021-2001

Ransomware 115

Ransomware Encryption Cybersecurity Risk 115

The Guardian Data Protection

MAY 9, 2021

You might be surprised how much Google’s email service – and others – know about you. Here’s how to set some boundaries Most people are aware of the cookies that track them across the web, and the privacy-invading practices of Google search, but did you know Google’s email service, Gmail, collects large amounts of data too? This was recently put into stark focus for iPhone users when Gmail published its app “privacy label” – a self-declared breakdown of the data it collects and shares with adver

Privacy 99

Privacy IT 99

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

WIRED Threat Level

MAY 9, 2021

The tech giant wants to push its billions of users—and the rest of the industry—to enable multifactor authentication by default.

Authentication 104

Authentication IT Security 104

WIRED Threat Level

MAY 9, 2021

There's a battle raging over how advertisers can target us on the web—or whether they should be able to target us at all.

Privacy 97

Privacy IT Security 97

Security Affairs

MAY 9, 2021

‘Spam protection, AntiSpam, FireWall by CleanTalk’ anti-spam WordPress plugin could expose user sensitive data to an unauthenticated attacker. A Time-Based Blind SQL Injection in ‘ Spam protection, AntiSpam, FireWall by CleanTalk ’ WordPress plugin, tracked as CVE-2021-24295, could be exploited by an unauthenticated attacker to access user data. The flaw could be exploited by an attack to access user emails, passwords, credit card data, and other sensitive information.

CMS 90

CMS Passwords Access IT 90