Linux kernel developers are reviewing a proposal for an emergency risk mitigation mechanism (“Killswitch”) that would allow administrators to disable vulnerable kernel functions at runtime. The proposal, submitted by Linux kernel developer/maintainer Sasha Levin, arrives in the wake of the public disclosure of two privilege escalation vulnerabilities affecting the Linux kernel. What prompted the proposal…
Tag: mechanism
Global Security News
Google adds ‘Advanced Flow’ for safe APK sideloading on Android
Google has announced a new mechanism in Android called Advanced Flow that will allow sideloading APKs from unverified developers for power users in a more secure way. […]
AI, Global Security News
Microsoft: Hackers abuse OAuth error flows to spread malware
Hackers are abusing the legitimate OAuth redirection mechanism to bypass phishing protections in email and browsers to take users to malicious pages. […]
AI, Global Security News, Government & Policy, malware
Threat actors weaponize OAuth redirection logic to deliver malware
An ongoing phishing campaign is abusing the OAuth authentication redirection mechanism to avoid triggering conventional email and browser defenses, Microsoft researchers have revealed. The attackers are targeting government and public-sector organizations, and redirecting unsuspecting users from trusted login pages to their own infrastructure, to serve malware or capture login credentials. The attack, from the victim’s…
AI, Apps, china, Exploits, Global Security News, Network Security, Risk Management
Notepad++ author says fixes make update mechanism ‘effectively unexploitable’
The recently compromised update mechanism for the popular open source text editor Notepad ++ has been hardened so it’s now ‘effectively unexploitable’, says the application’s author. Don Ho made the claim this week after the release of version 8.9.2 of Notepad++, which includes a double-lock verification that any download of the tool from this point…
AI, Global Security News
Notepad++ secures update channel in wake of supply chain compromise
Notepad++, the popular text and source code editor for Windows whose update mechanism was hijacked last year, The post Notepad++ secures update channel in wake of supply chain compromise appeared first on Help Net Security.
AI, Exploits, Global Security News
Notepad++ boosts update security with ‘double-lock’ mechanism
Notepad++ has adopted a “double-lock” design for its update mechanism to address recently exploited security gaps that resulted in a supply-chain compromise. […]