Bug in Cobalt Strike pentesting tool used to identify malicious servers
An extraneous space in the HTTP responses of webservers run by a variety of malicious actors allowed Fox-IT researchers to identify them pretty easily for the past year and a …
Zeljka Zorz
Phishing, software supply chain attacks greatest threats for businesses
Attackers continue to use phishing as a preferred attack method, but have been forced to adapt their approach as anti-phishing tools and techniques are becoming more …
Cisco SOHO wireless VPN firewalls and routers open to attack
Cisco has released security fixes for several models of wireless VPN firewalls and routers, plugging a remote code execution flaw (CVE-2019-1663) that can be triggered via a …
Modern browser APIs can be abused for hijacking device resources
Powerful capabilities of modern browser APIs could be misused by attackers to take control of a site visitor’s browser, add it to their botnet, and use it for a variety of …
PDF viewers, online validation services vulnerable to digital signature spoofing attacks
Academics from Ruhr University Bochum have proven that the majority of popular PDF viewer apps and online digital signature validation services can be tricked into validating …
Latest WinRAR, Drupal flaws under active exploitation
CVE-2018-20250, a WinRAR vulnerability that allows attackers to extract a malicious executable to one of the Windows Startup folder to be executed every time the system is …
OSSPatcher: Automated mobile application patching for bugs in open source libraries
Researchers from the Georgia Tech and Peking University are working on OSSPatcher, a system for automatic patching of vulnerable open source libraries included in mobile …
New privacy-breaking attacks against phones on 4G and 5G cellular networks
Three new attacks can be used to track the location and intercept calls of phone users connected to 4G and 5G cellular networks, researchers from Purdue University and The …
ICANN calls for wholesale DNSSEC deployment
In light of the recent DNS hijacking attacks, the Internet Corporation for Assigned Names and Numbers (ICANN) is urging domain owners and DNS services to implement DNSSEC …
Should you trust that Chrome extension? Use CRXcavator to decide
Duo Security has released CRXcavator, a tool that can help end users and enterprises make an informed decision about installing a specific Chrome extension. About CRXcavator …
