Camera-based, single-step two-factor authentication resilient to pictionary, shoulder surfing attacks
A group of researchers from Florida International University and Bloomberg LP have created Pixie, a camera-based two-factor authentication system that could end up being a …
Google Chrome remote code execution flaw detailed, PoC released
Vulnerability broker Beyond Security has released details about and Proof of Concept code for a remote code execution bug affecting Google Chrome. “The [type confusion] …
Cisco patches leaked 0-day in 300+ of its switches
Cisco has plugged a critical security hole in over 300 of its switches, and is urging users to apply the patches as soon as possible because an exploit for it has been …
WordPress admins, take note: RCE and password reset vulnerabilities revealed
Independent security researcher Dawid Golunski has released a proof-of-concept exploit code for an unauthenticated remote code execution vulnerability in WordPress 4.6 …
Actively exploited zero-day in IIS 6.0 affects 60,000+ servers
Microsoft Internet Information Services (IIS) 6.0 sports a zero-day vulnerability (CVE-2017-7269) that was exploited in the wild last summer and is likely also being exploited …
Hijacking Windows user sessions with built-in command line tools
Did you know that by using built-in command line tools, any user with system rights and permissions (usually a local administrator) can hijack the session of any logged-in …
Unpatched flaw opens Ubiquiti Networks devices to compromise
A critical vulnerability in many of Ubiquiti Networks’ networking devices can be exploited by attackers to take over control of the device and, if that device acts as a …
185,000+ vulnerable Wi-Fi cameras just waiting to be hijacked
A generic wireless camera manufactured by a Chinese company and sold around the world under different names and brands can be easily hijacked and/or roped into a botnet. The …
Western Digital My Cloud NAS devices wide open to attackers
Western Digital My Cloud NAS devices have again been found wanting in the security department, as two set of researchers have revealed a number of serious flaws in the …
Google releases details, PoC exploit code for IE, Edge flaw
As we’re impatiently waiting for Microsoft to patch vulnerabilities that were scheduled to be fixed in February, Google has released details about a serious …
New attack sounds death knell for widely used SHA-1 crypto hash function
SHA-1 is definitely, provenly dead, as a group of researchers from CWI Institute in Amsterdam and Google have demonstrated the first practical technique for generating a …
Detecting PLC malware in industrial control systems
How can attackers load programmable logic controllers (PLC) with destructive malware, and how can the operators of industrial control systems (ICS) detect it? According to a …