Microsoft is again pushing a Defender Antivirus update (first issued in April and pulled in May) that fixes a known issue triggering Windows Security warnings that Local Security Authority (LSA) Protection is off. […] Read More
BleepingComputer
The all in one place for non-profit security aid.
Microsoft is again pushing a Defender Antivirus update (first issued in April and pulled in May) that fixes a known issue triggering Windows Security warnings that Local Security Authority (LSA) Protection is off. […] Read More
BleepingComputer
Signal to shield user phone numbers by default
[[{“value”:”
Chat app Signal will shield user’s phone numbers by default from now on. And, it will no longer be necessary to exchange phone numbers when people want to connect through the app.
In November, we reported that Signal was testing usernames to eliminate the need to share your phone number. Signal has now announced that these options are live, and will be rolled out to everyone in the coming weeks.
So, what exactly has changed?
Your phone number will no longer be visible to everyone you chat with by default. People who already have your number saved in their phone’s contacts will still see it.
In case you don’t want to hand out your phone number to connect with someone on Signal, you can now create a unique username that you can use instead.
If you don’t want people to be able to find you by searching for your phone number on Signal, you can now enable a new, optional privacy setting.
Note that the unique username is not your profile name which is displayed in chats, it’s not a permanent handle, and not even visible to the people you’re connected with in Signal.
The optional privacy setting will only allow people that have your exact unique username to start a conversation, even if they have your phone number.
During the transition, it is important to realize that both you and the people you are chatting with on Signal will need to be using the updated version of the app to take advantage of them.
The changes are optional. You are not required to create a username and you have full control over whether you want to enable people to find you by your phone number or not.
If you’d still like everyone to see your phone number when messaging them, you can change the default by going to Settings > Privacy > Phone Number > Who can see my number. You can either choose to have your phone number visible to Everyone you message on Signal or Nobody. If you select Nobody, the only people who will see your phone number in Signal are people who already have it saved to their phone’s contacts.
To create a username, go to Settings > Profile. A username on Signal (unlike a profile name) must be unique and must have two or more numbers at the end of it. This choice was made with the intention to help keep usernames egalitarian and minimize spoofing. Usernames can be changed as often as you like, and you can delete your username entirely if you prefer to no longer have one.
You will still have to have a phone number in order to create a Signal account as they act as a unique identification and anti-spam measure.
We don’t just report on privacy—we offer you the option to use it.
Privacy risks should never spread beyond a headline. Keep your online privacy yours by using Malwarebytes Privacy VPN.
“}]] Read More
Malwarebytes
Ukraine at D+571: Collection, sabotage, and influence.
Ukraine retakes key villages as Russia seeks to reconstitute an operational reserve. Read More
The CyberWire
Critical VMware Vulnerabilities Let Attackers Execute Code & Trigger DOS
VMware, a leading virtualization and cloud computing software provider, has issued patches for several critical and important vulnerabilities affecting its ESXi, Workstation, Cloud Foundation, and Fusion products.
If exploited, these vulnerabilities could allow attackers to execute malicious code on host systems from within a virtual machine, posing significant security risks to millions of organizations worldwide.
One of the critical vulnerabilities identified is an out-of-bounds read/write issue affecting the storage controllers on VMware ESXi, Workstation, and Fusion.
Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers
VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.1.
A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a virtual machine in conjunction with other issues.
Another significant vulnerability is an authenticated remote code execution issue in the VMware vCenter Server. This vulnerability has been rated with a maximum CVSSv3 base score of 7.2, placing it in the Important severity range.
A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system.
Additionally, VMware vCenter Server has a partial file read vulnerability, which has been evaluated to be in the Moderate severity range with a maximum CVSSv3 base score of 4.9.
This vulnerability allows a malicious actor with administrative privileges on the vCenter appliance shell to read arbitrary files containing sensitive data partially.
Broadcom strongly recommends that all users apply the necessary patches to mitigate these vulnerabilities. The company has provided detailed guidance on its security advisory page, including links to the patches and additional documentation for affected products.
Organizations are advised to review their security posture and ensure that all VMware products are updated to the latest versions to protect against potential exploitation.
In environments where immediate patching is not feasible, VMware suggests implementing workarounds, such as removing USB controllers from virtual machines, although these may impact functionality and are not considered long-term solutions.
The discovery of these vulnerabilities underscores the importance of maintaining up-to-date security measures and promptly applying patches to mitigate risks.
Broadcom’s proactive approach in addressing these issues highlights its commitment to ensuring the security and integrity of its products and the environments they operate in.
ANYRUN malware sandbox’s 8th Birthday Special Offer: Grab 6 Months of Free Service
The post Critical VMware Vulnerabilities Let Attackers Execute Code & Trigger DOS appeared first on Cyber Security News.