Zeljka Zorz
Persistent XSS flaw in SharePoint 2013 revealed, patched
Among the vulnerabilities patched earlier this month by Microsoft is an important one that endangers users of Microsoft SharePoint 2013, a web application platform in the …
Android 5 bug allows attackers to easily unlock password-protected devices
If you own a mobile device running any Android 5 version but the very last (v5.1.1) and you use a password to lock your device, you will want to update your OS or switch to a …
Privacy International helps individuals find out if they were spied on by the GCHQ
Continuing with its “Did GCHQ Illegally Spy On You?” campaign, Privacy International has set up a website with instructions for individuals and organizations on how to …
Malicious router implants open permanent entry points into target networks
“FireEye researchers have discovered 14 Cisco routers in India, Mexico, Philippines and Ukraine that have been implanted with malware that allows attackers to gain and …
Tor security improves as .onion becomes a special-use domain name
The .onion domain has been officially designated by the Internet Assigned Numbers Authority (IANA) as a special-use domain name. The move, initiated by the Internet …
Researchers find backdoor bug in NASA rovers’ real-time OS
A critical, remotely exploitable vulnerability in VxWorks, the world’s most popular real-time operating system (RTOS), can be exploited by attackers to gain backdoor …
Next Generation Red Teaming
Author: Henry DalzielPages: 46Publisher: SyngressISBN: 0128041714 Introduction Do you know the difference between penetration testing and red teaming? This book will explain …
New malware can make ATMs not give users’ card back
“A new type of malware that can be used to compromise ATMs independently of who their manufacturer is, and can make the machine steal card data but also the cards …
Apple complicates app sideloading in iOS 9 for increased security
Making things easier for users is generally a good idea, but sometimes complicating a process could lead to increased security, and should be the preferred option.A blog post …
FireEye legally censors crucial parts of a researcher’s talk at 44CON
Felix Wilhelm, a researcher with German security firm ERNW, was scheduled to give a talk at 44CON on Thursday about the critical vulnerabilities he and his colleagues found in …
US Energy Department’s systems breached 159 times in four years
The US Department of Energy (DOE) has had its computer systems successfully breached by cyber attackers 159 times in four years, USA Today reports.The US DOE is responsible, …
Attack code for critical Android Stagefright flaw published
After having graciously waited for quite a while to publish the exploit for the Android Stagefright vulnerability (CVE-2015-1538) so that Google, mobile carriers and device …