research
Fileless attack framework was used in many recent attacks
In the last month or so, a number of security companies spotted attackers targeting a variety of organizations around the world with spear-phishing emails delivering …
Double Robotics Telepresence Robot can be hacked
Rapid7 researchers have discovered a number of vulnerabilities in the Double Robotics Telepresence Robot, the company’s iPad-based telepresence device that looks a bit …
Android devices delivered to employees with pre-installed malware
A test of Android devices used in two unnamed companies revealed that 38 of them were infected with malware before being delivered to the employees. These were smartphones by …
185,000+ vulnerable Wi-Fi cameras just waiting to be hijacked
A generic wireless camera manufactured by a Chinese company and sold around the world under different names and brands can be easily hijacked and/or roped into a botnet. The …
Encrypted messaging app Confide suffers from many security issues
Confide, the encrypted instant messaging application with a self-destructing messaging system that has become popular with White House staffers, is not so secure after all. …
Western Digital My Cloud NAS devices wide open to attackers
Western Digital My Cloud NAS devices have again been found wanting in the security department, as two set of researchers have revealed a number of serious flaws in the …
Multiple security flaws found in mainstream robotic technologies
IOActive exposed numerous vulnerabilities found in multiple home, business, and industrial robots available on the market today. The array of vulnerabilities identified in the …
Results of the rogue Access Point experiment at RSA Conference 2017
The security of open Wi-Fi hotspots has been a subject of great concern for years. But, would you believe that we were overwhelmingly successful using Wi-Fi attacks dating …
New attack sounds death knell for widely used SHA-1 crypto hash function
SHA-1 is definitely, provenly dead, as a group of researchers from CWI Institute in Amsterdam and Google have demonstrated the first practical technique for generating a …
Removing admin rights mitigates most critical Microsoft vulnerabilities
Avecto has analyzed the security bulletins Microsoft released in the past year, and came to an important conclusion: an overwhelming majority of all the critical Microsoft …
Detecting PLC malware in industrial control systems
How can attackers load programmable logic controllers (PLC) with destructive malware, and how can the operators of industrial control systems (ICS) detect it? According to a …
25% of web apps still vulnerable to eight of the OWASP Top Ten
69 percent of web applications are plagued by vulnerabilities that could lead to sensitive data exposure, and 55 percent by cross-site request forgery flaws, the results of a …
Featured news
Sponsored
Don't miss
- Meta introduces default end-to-end encryption for Messenger and Facebook
- New RCE vulnerability in Apache Struts 2 fixed, upgrade ASAP (CVE-2023-50164)
- December 2023 Patch Tuesday forecast: ‘Tis the season for vigilance
- Aim for a modern data security approach
- Short-term AWS access tokens allow attackers to linger for a longer while