Bug in Rockwell’s PLCs allows attackers to modify firmware
There is an undocumented SNMP community string in Rockwell Automation’s MicroLogix 1400 programmable logic controllers that can be exploited by attackers to remotely …
Subverting protection into DDoS attacks
On average, DNSSEC reflection can transform an 80-byte query into a 2,313-byte response, an amplification factor of nearly 30 times, which can easily cause a network service …
Shark Ransomware-as-a-Service: A real threat, a scam, or both?
A new Ransomware-as-a-Service project has sprung up, and the “service providers” are allowing others to use it for free, but take a 20 percent cut out of every …
Proxy authentication flaw can be exploited to crack HTTPS protection
Mistakes made in the implementation of proxy authentication in a variety of operating systems and applications have resulted in security vulnerabilities that allow MitM …
Attackers can hijack unencrypted web traffic of 80% of Android users
The recently revealed security bug (CVE-2016-5696) in the TCP implementation in the Linux kernel that could allow attackers to hijack unencrypted web traffic without an MitM …
Google Duo: Simple, encrypted, video calling app
Google Duo is a simple 1-to-1 video calling app available for Android and iOS. In order to use Google Duo all you need is your phone number, no separate account is necessary. …
myLG: Open source command line network diagnostic tool
myLG (my Looking Glass) is an open source utility that combines the functions of different network probes into one network diagnostic tool. It comes as a single binary with no …
eBook: Defending against crypto ransomware
Unlike traditional malware, crypto ransomware doesn’t steal information. Instead, it encrypts a victim’s documents, spreadsheets, pictures, videos and other files, and then …
New method for detecting hardware Trojans
Modern computer chips are made up of hundreds of millions – often billions – of transistors. Such complexity enables the smartphone in your back pocket to perform all manner …
Build serverless, secure apps in the cloud
Swirlds released the SDK for the hashgraph distributed consensus platform, which is free for download (the registration fields are optional). This software development …
Week in review: Spoofing boarding pass QR codes, blocking USB-based threats
Here’s an overview of some of last week’s most interesting news, reviews and articles: Malware hidden in digitally signed executables can bypass AV protection …
Beware of browser hijacker that comes bundled with legitimate software
Lavians, a “small software vendor team,” is packaging its offerings with a variant of browser-hijacking malware Bing.vc. The company sells and offers for free …
Featured news
Resources
Don't miss
- Federal Reserve System CISO on aligning cyber risk management with transparency, trust
- How cybercriminals are weaponizing AI and what CISOs should do about it
- How analyzing 700,000 security incidents helped our understanding of Living Off the Land tactics
- CitrixBleed 2 might be actively exploited (CVE-2025-5777)
- RIFT: New open-source tool from Microsoft helps analyze Rust malware