ProxyShell vulnerabilities actively exploited to deliver web shells and ransomware
Three so-called “ProxyShell” vulnerabilities are being actively exploited by various attackers to compromise Microsoft Exchange servers around the world, the …
Vulnerabilities in Dell computers allow RCE at the BIOS/UEFI level
An estimated 30 million Dell computers are affected by several vulnerabilities that may enable an attacker to remotely execute code in the pre-boot (BIOS/UEFI) environment, …
Review: Kill Chain: The Cyber War on America’s Elections
Kill Chain is an HBO documentary made and produced by Simon Arizzone, Russell Michaels and Sarah Teale. Kill Chain: Inside the documentary Arizzone and Michaels already worked …
Nmap 7.80 released: A mature Npcap Windows packet capturing driver, 11 new NSE scripts
Nmap is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network …
Qualys bringing new prescription for security to Black Hat and DEF CON 2019
At this year’s Black Hat, Qualys is bringing a new prescription for security — the company is providing its Global IT Asset Discovery and Inventory application to businesses …
Hack The Sea: Bridging the gap between hackers and the maritime sector
There’s a not a lot of researchers probing the security of computer systems underpinning the maritime industry. The limitations that keep that number low are obvious: …
Hacking healthcare: A call for infosec researchers to probe biomedical devices
It is a brave new connected world out there and there is no shortage of cybersecurity risks associated with everything we do. We can’t even be sure that the technologies …
Hack the Marine Corps bug bounty program kicks off
The U.S. Department of Defense (DoD) and HackerOne launched the Department’s sixth bug bounty program, Hack the Marine Corps. The bug bounty challenge will focus on Marine …
Vulnerabilities in smart card drivers open systems to attackers
Security researcher Eric Sesterhenn of X41 D-SEC GmbH has unearthed a number of vulnerabilities in several smart card drivers, some of which can allow attackers to log into …
Criminals can compromise company networks by sending malicious faxes
Check Point has revealed details about the two critical remote code execution vulnerabilities (CVE-2018-5924, CVE-2018-5925) it discovered in the communication protocols used …
Kryptowire introduces the mobile phone firmware vulnerability feed
Kryptowire discovered vulnerabilities in mobile device firmware and pre-installed mobile apps that pose a risk for the mobile phone supply chain because they can expose …
Infosec and the future: Dr. Giovanni Vigna on lessons learned over 25 years
When I asked Dr. Giovanni Vigna what are some of the most important lessons he has learned during the 25+ years he spent working in computer security, his answer was simple: …