GiftGhostBot is trying to defraud costumers. A new bot targeting card payment processes on websites was spotted in the wild. Called GiftGhostBot, the bot is trying to defraud consumers ofRead More →
Security researcher Dylan Ayrey detailed last week a new web-based attack named XSSJacking that combines three other techniques — Clickjacking, Pastejacking, and Self-XSS — to steal data from careless users.Read More →
Just over one year ago (November 2015), I released WMIOps, a PowerShell script that enables a user to carry out different actions via Windows Management Instrumentation (WMI) on the localRead More →
Recently I started playing with the awesome PowerUpSQL tool by guys at NetSPI. I was interested in the ability to attack an Active Directory (AD) environment using access to aRead More →
The iOS ecosystem is usually described as a closed ecosystem, under the strict control of Apple. However, there are still ways to get around this tight control. Remember the Haima app? ThatRead More →
Only 2.5 per cent of userbase affected. Add Android Forums to the growing list of web properties that have suffered a security breach. One in 40 members of the forumRead More →
It’s only a couple of weeks since WikiLeaks unleashed the first batch of its Vault 7 CIA documents, revealing the agency’s spying and hacking capabilities. Now the organization has releasedRead More →
A remote code execution flaw in the SAP Windows client opens the door for ransomware attacks targeting enterprises that rely on various SAP products to manage and keep track ofRead More →
Last week, KrebsOnSecurity received an email from eBay. The company wanted me to switch from using a hardware key fob when logging into eBay to receiving a one-time code sentRead More →
After last month security researchers discovered the first-ever Word document spreading macro malware on macOS, last week, researchers from Fortinet spotted a Word document that contained macro scripts that distributedRead More →
