research
BMC vulnerabilities in Supermicro servers allow remote takeover, data exfiltration attacks
A slew of vulnerabilities affecting the baseboard management controllers (BMCs) of Supermicro servers could be exploited by remote attackers to gain access to corporate …
What can be done about the rising click interception threat?
Ad networks’ increasingly successful efforts to detect bot-based ad click fraud has forced attackers to focus more on intercepting and redirecting legitimate users’ …
Should you block newly registered domains? Researchers say yes
7 out of 10 newly registered domains (NRDs) are either malicious, suspicious or not safe for work, say Palo Alto Networks researchers, and advise organizations to block access …
Identifying vulnerable IoT devices by the companion app they use
For better or worse, connected “smart” devices are springing up like mushrooms. There is no doubt that they can be very helpful but, unfortunately, most have a …
Researchers reveal the latest lateral phishing tactics
Emails coming from legitimate, compromised accounts are difficult to spot, both for existing email protection systems and the recipients themselves. Lateral phishing tactics …
Researchers discover 40+ insecure drivers for Windows
Spurred by several past instances of attackers abusing device drivers to install a kernel rootkit or malicious firmware implants, Eclypsium researchers have decided to probe …
AWDL flaws open Apple users to tracking, MitM, malware planting
Vulnerabilities in Apple Wireless Direct Link (AWDL), the wireless protocol that underpins Apple’s AirPlay and AirDrop services, could allow attackers to track users in …
While cybercriminals abuse Twitter, threat researchers use it to boost threat intelligence efforts
Cybercriminals are abusing Twitter via tech support scams, command-and-control (C&C) operations and data exfiltration, according to Trend Micro. Misuse of social networks …
Thwart the pressing threat of RDP password attacks
How long does it takes for Internet-facing, RDP-enabled computers to come under attack? In some cases, a few minutes. In most, less than 24 hours. The problem with RDP …
Do you have what it takes to be a hardware hacker?
If you ask Yago Hansen, a hacker specialized in Wi-Fi and RF security, curiosity and a willingness to learn and improve your skills are the two things that you absolutely must …
Inside the NIST team working to make cybersecurity more user-friendly
Cybersecurity is usually not a user’s primary duty, yet they suffer an increasing burden to respond to security warnings, maintain many complex passwords, and make security …
Emergency Presidential Alerts can be spoofed, researchers warn
Spurred by the panic-inducing fake alarm about an inbound ballistic missile received by Hawaii residents in January 2018, a group of researchers from University of Colorado …