New class of attacks affects all Android versions
Researchers have demonstrated how a malicious app with two specific permission can stealthily compromise users’ Android devices. “The possible attacks include …
Lure10: Exploiting Wi-Fi Sense to MITM wireless Windows devices
Karma has long been a staple man-in-the-middle attack used in authorised wireless security assessments and unsanctioned ones, but as many modern operating systems now provide …
DoubleAgent attack uses built-in Windows tool to hijack applications
Security researchers from computer and network security outfit Cybellum have revealed a new zero-day code injection and persistence technique that can be used by attackers to …
Apache servers under attack through easily exploitable Struts 2 flaw
A critical vulnerability in Apache Struts 2 is being actively and heavily exploited, even though the patch for it has been released on Monday. System administrators are …
New attack sounds death knell for widely used SHA-1 crypto hash function
SHA-1 is definitely, provenly dead, as a group of researchers from CWI Institute in Amsterdam and Google have demonstrated the first practical technique for generating a …
Attack types companies expect to encounter in 2017
What are the key attack types expected to cause the biggest security problems in 2017 and how successful will businesses be at defending against them? Tripwire and Dimensional …
Researchers bypass ASLR protection with simple JavaScript code
A group of researchers from the Systems and Network Security Group at VU Amsterdam have discovered a way to bypass address space layout randomization (ASLR) protections of …
Banks around the world targeted in watering hole attacks
The January attacks against Polish financial institutions through the booby-trapped site of the Polish Financial Supervision Authority are just one piece of a larger puzzle, …
Simple Gmail spoofing leaves users open to targeted attacks
Gmail shows no warning as it delivers legitimate-looking spoofed emails seemingly coming from an existing Gmail.com address, even though they come from a non-Gmail server. …
Banks around the world hit with fileless malware
Kaspersky Lab researchers have brought to light a series of attacks leveraged against 140+ banks and other businesses around the world. But what makes these attacks unusual is …
Uncloaking Tor Browser users with DRM-protected files
Digital Rights Management (DRM)-protected media files can be used to reveal Tor Browser users’ actual IP address and therefore possibly reveal their identity, …
Did Tesco Bank attackers guess victims’ payment card details?
A group of researchers from Newcastle University have discovered a practical and easy way for attackers to quickly guess individuals’ Visa payment card info needed to …
Featured news
Resources
Don't miss
- What the Fortibleed campaign means for organizations running FortiGate firewalls
- A $1,400 experiment in AI security auditing outperformed OpenAI’s Codex Security
- Residential proxy SDKs are hiding in LG and Samsung smart TV apps
- 23 ClawHub plugins squatting official scopes expose AI registry security gaps
- Who pays when you gate cyber-capable AI models?