From ehackingnews.com
Lazada, a Singapore firm owned by e-commerce company Alibaba, suffered a hacking attack that cost more than one million accounts. On Friday, the e-commerce company said it lost user accounts containing personal information like credit card credentials and addresses. In what is considered one of the most significant data breach incidents, Singapore suffered a data breach of 5.7 million accounts.
From bleepingcomputer.com
Open Shell, originally known as Classic Shell, is open-source software that allows you to replace the standard Start Menu on Windows 10 and Windows 8. Open Shell originally came out as Classic Shell in 2009 and it has been around for a while.
With Open Shell, you can change the appearance of the Start Menu and replace with the likes of Windows 7.
From securityboulevard.com
Many thanks to DEF CON and Conference Speakers for publishing their outstanding presentations; of which, originally appeared at the organization’s DEFCON 28 SAFE MODE Conference, and on the DEF CON YouTube channel. Enjoy!
From securityaffairs.co
Cross-Site Scripting (XSS) is the most common vulnerability type and received the highest amount of rewards on the HackerOne vulnerability reporting platform.
XSS vulnerabilities accounted for 18% of all flaws reported by bug hunters, these issues received a total of $4.2 million in bounties paid by companies (+26% from last year).
The Cross Site Vulnerabilites received an average of just $501 per issue.
XSS vulnerabilities can be exploited by threat actors for multiple malicious activities, including account takeover and data theft.
From zdnet.com
Google has announced plans to run its own certificate root program/store for Chrome, in a major architectural shift for the company’s web browser program.
A “root program” or a “root store” is a list of root certificates that operating systems and applications use to verify the identity of a software program during its installation routine.
From arstechnica.com
The hard part of connecting a gooey, thinking brain to a cold, one-ing and zero-ing computer is getting information through your thick skull—or mine, or anyone’s. The whole point of a skull, after all, is keeping a brain safely separate from [waves hands at everything].
So if that brain isn’t yours, the only way to tell what’s going on inside it is inference. People make very educated guesses based on what that brain tells a body to do—like, if the body makes some noises that you can understand (that’s speech) or moves around in a recognizable way. That’s a problem for people trying to understand how the brain works, and an even bigger problem for people who because of injury or illness can’t move or speak. Sophisticated imaging technologies like functional magnetic resonance can give you some clues. But it’d be great to have something more direct. For decades, technologists have been trying to get brains to interface with computer keyboards or robot arms, to get meat to commune with silicon.
From searchwindowsserver.techtarget.com
Online threats keep evolving, making it difficult for Office 365 administrators to tighten up security on the tenant.
To help with this effort, Microsoft provides several ways to identify security gaps in the existing Office 365 setup and configuration. One tool is the Office 365 Recommended Configuration Analyzer that provides valuable recommendations on how to best configure Microsoft Defender for Office 365, formerly called Office 365 Advanced Threat Protection, and Exchange Online Protection.