Blog

A security researcher has claimed a new vulnerability in the latest version of macOS — just hours before the software is due to be released. Patrick Wardle, chief researcher officer at Digita Security, tweeted a video Monday of an apparent privacy feature bypass that’s designed to prevent apps from improperly accessing a user’s personal data. […] Source: Security researcher claims macOS Mojave privacy bug on launch day

Microsoft automatically installs six bloatware apps on every Windows 10 PC, even after a clean install. This needs to stop. Source: Hey, Microsoft, stop installing third-party apps on clean Windows 10 installs!

A security researcher discovered private data lurking on 60 Trello boards belonging to the United Nations. Sensitive information was also found in public Google documents. Source: United Nations Accidentally Exposed Passwords and Sensitive Information to the Whole Internet

C# has received some recent attention in the security community, and the Microsoft.Workflow.Compiler.exe security issue recently identified by Matt Graber at SpecterOps prompted us to take a closer look at the potential for using this technique in real-world attacks. Firstly, we will look at how PowerShell fits into the ‘fileless’ attack ecosystem and talk about why attackers may find C# more attractive than PowerShell. Finally, we will look at why the newly found issue in

The California Farm Bureau has given away the right of farmers to fix their equipment without going through a dealer. Source: John Deere Just Swindled Farmers Out of Their Right to Repair