Information Technology

Jack Wallen/ZDNETGoogle has released a critical security update for the Chrome web browser. The zero-day flaw, CVE-2024-4671, is a “use-after-free” vulnerability in Chrome’s Visuals component.You might be asking, “what is Chrome’s Visuals component?” In short, it’s the part responsible for rendering and displaying content in the browser. Everyone uses a browser to open content, so everyone’s vulnerable.Specifically, the vulnerability enables an attacker to exploit out-of-bounds memory access. In English, that means if you go to a website with a malicious webpage, it can foul up your computer. It doesn’t matter if your machine’s running Linux, macOS, or Windows. This security hole is an equal-opportunity troublemaker.Also: 5 ways to declutter your Chrome browser – and take back control of your tab lifeDiscovered by an anonymous researcher and reported directly to Google, CVE-2024-4671 has a Common Vulnerability Scoring System (CVSS) rating of 8.8, which means it’s a serious vulnerability.It could be worse — ratings above 9.0 are critical, aka Fix It Right Now — but this is bad enough. An attacker can use this flaw to read data from your computer, cause crashes, and even take over a PC. In short, it’s bad news.What really makes this one a stinker is that it’s being exploited now. The advisory notes that Google is aware that an exploit for CVE-2024-4671 exists in the wild. More

KrulUA/Getty Images With widening attack surfaces and technology infrastructures that are no longer necessarily physical, Singapore says its cybersecurity legislation must keep up with the changing threat landscape and be adequately administered to keep its critical infrastructures resilient. The Cybersecurity (Amendment) Bill was passed on Tuesday following two readings in parliament to address “shifts in […] More

picture alliance/Getty Images Reddit has introduced a new public content policy that lays out a framework for how partners and third parties can access user-posted content on its site. This policy will apply alongside the site’s existing privacy policy, which covers how Reddit handles private user data, and its current content policy, which covers what […] More

JuSun/Getty Images Security researchers have revealed a method for rendering any virtual private network (VPN) useless. And they suspect that their exploit may have been in the wild for years — and malicious actors may already know about it. Researchers at the Leviathan Security Group have uncovered a method for exposing a user’s traffic when […] More

Boris SV/Getty Images As more companies use generative artificial intelligence (AI) in their workflows, how they oversee training data is becoming increasingly important.  On Tuesday, data security provider BigID announced new capabilities geared towards Microsoft Copilot that tailor training data, strengthen AI security, and streamline compliance efforts. The features help organizations “scan for, classify, label, curate, […] More

Maria Diaz/ZDNETZDNET’s key takeawaysThe Blink Mini 2 More

Yaroslav Kushta/Getty Images Nowadays, developers can turn to generative artificial intelligence (GenAI) to code faster and more efficiently. Nevertheless, they should do so with caution and no less attention than before. While the use of AI in software development may not be new — it’s been around since at least 2019 — GenAI brings significant […] More

Kerry Wan/ZDNETIt’s World Password Day, but Google wants you to know that the days of the password are numbered.Passkeys consist of two cryptographic keys, a public key that’s registered with the online service or app, and a private key that’s stored on a device, such as a smartphone or a computer. That might sound complicated, but passkeys have been designed to be easy to use. In fact, to log in with a passkey, you use your face, a fingerprint, or a PIN in much the same way that you unlock your smartphone. In a blog post, Google VP of Security Engineering Heather Adkins announced today that since Google launched passkeys on World Password Day 2022, over 400 million Google Accounts have been secured with passkeys. Furthermore, these users have collectively logged over 1 billion authentications, demonstrating growing adoption and usage of this relatively new security feature.   Also: What are passkeys? Experience the life-changing magic of going passwordlessIn fact, the use of passkeys for Google Accounts has now surpassed traditional forms of two-step verification (2SV), including SMS-based one-time passwords (OTPs) and app-based OTPs (like those used in Authenticator apps). According to Google, passkey users experience login times that are 50% faster than those using passwords, enhancing both the security and efficiency of their authentication processes.Google has further announced plans to integrate passkeys into its Advanced Protection Program (APP), which offers enhanced security measures for high-risk Google Account users such as activists, politicians, and journalists. Users enrolled in this program will soon have the option to switch to using passkeys exclusively or to use them in conjunction with traditional passwords or hardware security keys.This integration represents a significant step in bolstering security while maintaining user convenience for those at heightened risk of targeted attacks.Also: The best password managers you can buy: Expert testedSo, what’s stopping everyone from adopting passkeys?For years, the emphasis has been on creating complex passwords as the best line of defense for securing digital accounts. Now, people are confused and wondering what’s changed. It’s hard to get across that the landscape of digital security is constantly evolving, and with it, the strategies for securing access to online information.While passkeys offer a new, more streamlined, more secure approach to security, significantly reducing the risk of phishing and eliminating the need to remember and manage multiple passwords, it’s hard to communicate that to the average user. More