The Apache Software Foundation (ASF) has released new versions of its Tomcat application server to address an important security vulnerability that could allow a remote attacker to execute malicious code and take control of an affected server.

Developed by ASF, Apache Tomcat is an open source web server and servlet system, which uses several Java EE specifications such as Java Servlet, JavaServer Pages (JSP), Expression Language, and WebSocket to provide a "pure Java" HTTP web server environment for Java concept to run in.

The remote code execution vulnerability (CVE-2019-0232) resides in the Common Gateway Interface (CGI) Servlet when running on Windows with enableCmdLineArguments enabled and occurs due to a bug in the way the Java Runtime Environment (JRE) passes command line arguments to Windows.
Breaking — It has been close to just one year since the launch of next-generation Wi-Fi security standard WPA3 and researchers have unveiled several serious vulnerabilities in the wireless security protocol that could allow attackers to recover the password of the Wi-Fi network.

WPA, or Wi-Fi Protected Access, is a standard designed to authenticate wireless devices using the Advanced Encryption Standard (AES) protocol and is intended to prevent hackers from eavesdropping on your wireless data.

The Wi-Fi Protected Access III (WPA3) protocol was launched in an attempt to address technical shortcomings of the WPA2 protocol from the ground, which has long been considered to be insecure and found vulnerable to KRACK (Key Reinstallation Attack).
Users of Google’s cloud-based suite of productivity apps may find when logging in that their usual two-factor authentication options (2FA, or 2-step verification, as Google calls it) have disappeared.

If G Suite users have previously been logging in with SMS or voice call verifications, they could now be asked to authenticate using another method such as Google’s Prompt system or a security token based on the FIDO/2.0 standards.

Hopefully, this won’t come as a surprise to users because their G Suite admins will have mentioned this change in their 2FA options to users in advance.
Mozilla has made it easy for you to share large files securely and privately with whomever you want, eliminating the need to depend upon less secure free third-party services or file upload tools that burn a hole in your pocket.

Mozilla has finally launched its free, end-to-end encrypted file-transfer service, called Firefox Send, to the public, allowing users to securely share large files like video, audio or photo files that can be too big to fit into an email attachment.

Firefox Send was initially rolled out by Mozilla to test users way back in August 2017 as part of the company's now-defunct "Test Pilot" experimental program.
Smart devices definitely make our lives easier, faster, and more efficient, but unfortunately, an insecure smart device can also ruin your day, or sometime could even turn into the worst nightmare of your life.

If you are an electric scooter rider, you should be concerned about yourself.

In a report shared with The Hacker News in advance, researchers from mobile security firm Zimperium said to have discovered an easy-to-execute but serious vulnerability in M365 Folding Electric Scooter by Xiaomi that could potentially putting riders life at risk.

Xiaomi e-Scooter has a significant market share and is also being used by different brands with some modifications.
Google has launched a new encryption algorithm that has been built specifically to run on mobile phones and smart IoT devices that don't have the specialized hardware to use current encryption methods to encrypt locally stored data efficiently.

Encryption has already become an integral part of our everyday digital activities.

However, it has long been known that encryption is expensive, as it causes performance issues, especially for low-end devices that don't have hardware support for making the encryption and decryption process faster.
A team at a robot cybersecurity startup has released a free, open-source tool for information security professionals to help them easily 'footprint' and detect unprotected robots, not only connected to the Internet, but also to the industrial environments where they operate.

Dubbed "Aztarna," the framework has been developed by Alias Robotics, a Spanish cybersecurity firm focused on robots and is capable of detecting vulnerable industrial routers and robots powered by ROS (Robot Operating System), SROS (Secure ROS) and other robot technologies.

Written in Python 3, Aztarna is basically a port scanning tool with a built-in database of fingerprints for industrial routers (including Westermo, Moxa, Sierra Wireless, and eWON), and robotic technologies and components, as well as patterns that power the tool to test those devices against various known vulnerabilities and security misconfigurations.