A team of experts from Eclypsium presented a new variation of the Spectre attack, which allows attackers to recover the data hosted within the CPU system management mode. Information security researchersRead More →
In an unusual case someone managed to develop a malware attack that, with one click, exploits separate zero-day vulnerabilities in two different pieces of software. Even more exceptional is thatRead More →
SQL (Structured Query Language) is a popular programming language for managing data kept in relational databases. However, the databases can be breached when an attacker adds SQL statements that attemptRead More →
In May, security experts found vulnerability in the LocationSmart website that allowed, without authentication, to obtain the real-time location of cell phones in the United States. The vulnerability has beenRead More →
The professionals explain that DNSBin is a tool used to test the filtering of data through DNS and helps to test vulnerabilities such as RCE or XXE when the environmentRead More →
A joint work of Chinese and American information security professionals found a new method to attack smart personal assistants like Amazon Alexa and Google Home, whom they called “squatting voice”.Read More →
Red Hat recently announced a severe vulnerability in its DHCP client, CVE-2018-1111 could be exploited by malicious actors to execute arbitrary commands with administrator privileges on specific systems. A memberRead More →
Recently, Lenovo released security patches for the CVE-2017-3775 high-severity vulnerability in the Secure Boot function on System x servers. Information security researchers commented that standard operator settings disable signature verification, asRead More →
A team of information security experts released a warning about a group of vulnerabilities that affect users of PGP and S / MIME. EFF kept in communication with the research group andRead More →
In late April, two security companies (Qihoo360 and Kaspersky) independently discovered a zero-day for Internet Explorer (CVE-2018-8174), which was used in targeted attacks for espionage purposes. This marks two years since aRead More →
