Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

Please turn on your JavaScript for this page to function normally.
files
Preventing exfiltration of sensitive docs by flooding systems with hard-to-detect fakes

A group of researchers from Queen’s University (Canada) have proposed a new approach for keeping important documents safe: creating so many believable fakes that …

cryptocurrency
How lucrative is web-based cryptojacking?

1 out of 500 of the one million most visited websites according to Alexa contains a web-based cryptominer that starts mining as soon as the website has been opened in the …

user
Listening-Watch: Strong, low-effort, wearable 2FA scheme

Passwords are still the preferred online authentication method because they are easy to use, but they are increasingly not enough to keep our accounts secure. To mitigate the …

users
The single sign-on account hijacking threat and what can we do about it?

Single sign-on (SSO) lets users avoid creating and managing accounts across different services, but what happens when that main, identity-providing account gets compromised? …

element
How often are users’ DNS queries intercepted?

A group of Chinese researchers wanted to find out just how widespread DNS interception is and has presented the result of their large-scale study to the audience at the Usenix …

eye
Researchers reveal new online user tracking techniques

Researchers have identified a number of online user tracking techniques that can’t be blocked by browsers’ built-in anti-tracking defenses and existing …

connected house
Smart homes can be easily hacked via unsecured MQTT servers

The Internet of Things is full of security holes, and the latest one has been pointed out by Avast researcher Martin Hron: unsecured MQTT servers. What is MQTT? The Message …

biohazard
Telecom services: Patient zero for email-based attacks?

Organizations offering telecommunication services are seeing more advanced malware threats than organizations in other industries, Lastline researchers have found. They have …

Google security
Google offers rewards for techniques that bypass their abuse, fraud, and spam systems

Google is expanding its vulnerability reward program again: the company wants to be notified about techniques that allow third parties to successfully bypass their abuse, …

open lock
Networking vendors patch ​against new cryptographic attack

Vulnerable IPSec IKE implementations used in Cisco, Huawei, ZyXel and Clavister networking devices can allow attackers to retrieve session keys and decrypt connections, …

North Korea
Connecting the dots to North Korea as a threat adversary

Reports of malware campaigns invariably focus on two critical conclusions: attribution and who was the intended target of the attack. It is challenging to draw swift …

smart card
Vulnerabilities in smart card drivers open systems to attackers

Security researcher Eric Sesterhenn of X41 D-SEC GmbH has unearthed a number of vulnerabilities in several smart card drivers, some of which can allow attackers to log into …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released when there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools