TorMoil threatens Mac and Linux versions of Tor browser; Windows and Tails not affected. Mac and Linux versions of the Tor anonymity browser just received a temporary fix for aRead More →
The annual mobile Pwn2Own zero-day competition has been renewed for the sixth time. So, we get to see new hacks for devices from leading brands like Apple, Samsung, etc. Earlier thisRead More →
WordPress developers fixed a serious SQL injection vulnerability on Tuesday with the release of version 4.8.3.. Apply it as soon as possible. WordPress developers fixed a serious SQL injection vulnerability that was reported byRead More →
Bitcoin mining websites became the new fashion of 2017 and there is no dust on that but when it comes to compromise websites to host such fashion it becomes aRead More →
The makers of the popular parental control system called Circle with Disney patched 23 vulnerabilities over the weekend. The bugs ran the gamut from memory corruption and denial of service,Read More →
Oracle Identity Manager (OIM) allows companies to manage the entire user life-cycle overall company resources both within and behind a firewall. Within Oracle Identity Management it gives a mechanism forRead More →
A flaw in the Google Issue Tracker, also known as the “Buganizer,” might have exposed details about unpatched flaws listed in the database. A vulnerability in the Google Issue Tracker,Read More →
Many industrial networking devices from various vendors are still vulnerable to the recently disclosed KRACK attack (Key Reinstallation Attack). Many industrial networking devices are vulnerable to the recently disclosed KRACK attack (Key ReinstallationRead More →
On a recent engagement, our testers were faced with a single page web application which was used to generate PDF documents. This web application contained a multi-step form that ultimatelyRead More →
Microsoft fixed a vulnerability that could allow hackers to steal Windows login credentials without any user interaction. Microsoft fixed a serious vulnerability that could allow attackers to steal Windows NTLMRead More →
The second season of award-winning TV thriller Mr. Robotpremiered with a scene that sent shivers down the cybersecurity world’s spine. In uncomfortably realistic detail, hackers virtually broke into a smart home,Read More →
UPDATE Researchers are warning of two critical vulnerabilities in global satellite telecommunications company Inmarsat’s SATCOM systems. The vulnerabilities impact thousands of customers running the newest version of its AmosConnect platform, typicallyRead More →
Despite the obligatory logo and clever name, this week’s assault on crypto, the so-called DUHK attack (Don’t Use Hardcoded Keys), isn’t likely to be part of many threat models. Though the attackRead More →
The CSE CybSec Z-Lab Malware Lab spotted a new botnet, dubbed Wonder botnet, while it was investigating malicious code in the dark web. While investigating the malicious code in the darkRead More →
The United States Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have issued a warning that malicious hackers are actively targeting government departments, and firms workingRead More →
Google has announced a bug bounty program called ‘Google Play Security Reward Program’ to detect flaws in Android apps. Security experts have the chance to win $1,000 by finding vulnerabilities in theRead More →
I’ve seen Twitter traffic today about malspam from the Necurs Botnet pushing Locky ransomware using Word documents as their attachments. These Word documents use the DDE attack technique, something I already wroteRead More →
Row-hammer is hardware bug that can cause bit-flips in physical RAM. Mark Seaborn and Thomas Dullien were the first to exploit the DRAM row-hammer bug to gain kernel privileges. Kaveh Razavi et al. pushed the exploitation ofRead More →
While we are supposedly in the era of the paperless office, intentional leaks via printed documents remain very common and can be just as damaging as their digital counterparts. WhileRead More →
Database contained details required to carry out highly advanced software attacks. Hackers broke into Microsoft’s secret, internal bug-tracking database and stole information related to vulnerabilities that were exploited in laterRead More →
