research
Yelp makes its bug bounty program public
After two years of keeping their bug bounty program private and relatively secret, Yelp is opening it up and has invited bug hunters to probe its sites, apps, and …
How a security researcher is tackling IoT security testing
“A common misconception people in the industry have regarding my work as a security researcher is that I am sharing information that puts businesses at risk. And also, …
Brainjacking: Hacking brain implants
Did you know that Dick Cheney, former US Vice President who held that office from 2001 to 2009, had the wireless telemetry on his implantable cardioverter-defibrillator …
Researchers design a chip that checks for sabotage
With the outsourcing of microchip design and fabrication a worldwide, $350 billion business, bad actors along the supply chain have many opportunities to install malicious …
Researchers pinpoint best times for delivering security messages
When is the best time to deliver a security message? A group of researchers from Brigham Young University has been tracking users’ neural activity while they are using a …
Compromising Linux virtual machines via FFS Rowhammer attack
A group of Dutch researchers have demonstrated a variant of the Rowhammer attack that can be used to successfully compromise Linux virtual machines on cloud servers. The Flip …
New method for detecting hardware Trojans
Modern computer chips are made up of hundreds of millions – often billions – of transistors. Such complexity enables the smartphone in your back pocket to perform all manner …
Hundreds of millions of cars can be easily unlocked by attackers
Security researchers have come up with a way to unlock cars manufactured by vendors around the world, and are set to present their findings on Friday at the Usenix security …
Over 300 new cyber threats pop up on underground markets each week
Approximately 305 new cyber threats are added each week on cybercrime markets and forums, mostly located on the dark web. The threats include information on newly developed …
There’s a way to use encrypted data without knowing what it holds
Microsoft researchers have devised a way for third parties to make use the vast amount of encrypted data stored in the cloud by companies and individuals, without them …
Malware hidden in digitally signed executables can bypass AV protection
Researchers have shown that it’s possible to hide malicious code in digitally signed executables without invalidating the certificate, and execute this code – all …
Remote Butler attack: APT groups’ dream come true
Microsoft security researchers have come up with an extension of the “Evil Maid” attack that allows attackers to bypass local Windows authentication to defeat full …
Featured news
Sponsored
Don't miss
- Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327)
- Docker fixes critical auth bypass flaw, again (CVE-2024-41110)
- Learning from CrowdStrike’s quality assurance failures
- BIND 9.20 released: Enhanced DNSSEC support, application infrastructure improvements
- How CISOs enable ITDR approach through the principle of least privilege