Thanks a Miele-on for making everything dangerous, Internet of things security slackers. Don’t say you weren’t warned: Miele went full Internet-of-Things with a dishwasher, gave it a web server andRead More →
Security experts say they are skeptical that a group of hackers called Turkish Crime Family actually possess a cache of hundreds of millions of Apple iCloud account credentials. A moreRead More →
Burglars can use a recently disclosed security flaw affecting several Google Nest cams to make vulnerable cameras go offline for approximately 60 to 90 seconds. The flaw can be exploitedRead More →
Security researcher Dylan Ayrey detailed last week a new web-based attack named XSSJacking that combines three other techniques — Clickjacking, Pastejacking, and Self-XSS — to steal data from careless users.Read More →
Just over one year ago (November 2015), I released WMIOps, a PowerShell script that enables a user to carry out different actions via Windows Management Instrumentation (WMI) on the localRead More →
Recently I started playing with the awesome PowerUpSQL tool by guys at NetSPI. I was interested in the ability to attack an Active Directory (AD) environment using access to aRead More →
It’s only a couple of weeks since WikiLeaks unleashed the first batch of its Vault 7 CIA documents, revealing the agency’s spying and hacking capabilities. Now the organization has releasedRead More →
A remote code execution flaw in the SAP Windows client opens the door for ransomware attacks targeting enterprises that rely on various SAP products to manage and keep track ofRead More →
Last week, KrebsOnSecurity received an email from eBay. The company wanted me to switch from using a hardware key fob when logging into eBay to receiving a one-time code sentRead More →
LastPass says it patched one of two separate bugs that affected its Chrome and Firefox browser extensions, which if exploited, would have allowed a third-party to extract passwords from usersRead More →
Metasploit RFTransceiver extension implements the Hardware Bridge API that will allow organizations to test wireless devices operating outside 802.11 spec. Recently we reported the news of the availability of a newRead More →
A new technique named DoubleAgent, discovered by security researchers from Cybellum, allows an attacker to hijack security products and make them take malicious actions. The DoubleAgent attack was uncovered afterRead More →
“I just want my money,” one of the hackers said. A hacker or group of hackers is apparently trying to extort Apple over alleged access to a large cache ofRead More →
With news of another so-called Fappening (nude photos of celebrities distributed without permission) doing the rounds, it was inevitable that scammers would look to take advantage. We’ve already seen message boardRead More →
The vulnerability (CVE-2017-2641) allows an attacker to execute PHP code at the vulnerable Moodle server. This vulnerability actually consists of many small vulnerabilities, as described further in the blog post. MoodleRead More →
Law enforcement agencies across the world are targeting the dark web. Whether that’s through undercover buys of illegal weapons, or deploying malware to catch suspected pedophiles, cops have spent theRead More →
Over 300 Cisco products are affected by a zero-day vulnerability Cisco discovered last week, and for which no patch is available at the time of writing. Cisco engineers discovered theRead More →
Increasingly, cyberattackers have been leveraging “non-malware” attack methods to target vulnerable organizations. Recently, the Carbon Black Threat Research Team was alerted about such an attack by a partner’s incident responseRead More →
A security researcher has detailed a way to log into any account on the same computer, even without knowing its password. The trick works on all Windows versions, doesn’t requireRead More →
In another classic example of why you shouldn’t leaving your work laptop in the car, national security may have been compromised. An Oregon sportswear company is suing its former ITRead More →
