Threats & Malware, Vulnerabilities
August 9, 2019
Via: Help Net SecurityThree years ago at the Black Hat conference, Apple announced its first bug bounty program, which was invite-only and limited to iOS. At this year’s edition of the con, Ivan Krstić, Apple’s head of security engineering and architecture, announced changes […]
Network security, Vulnerabilities
September 14, 2018
Via: Security AffairsA team of security researchers demonstrated that the firmware running on nearly all modern computers is vulnerable to cold boot attacks. A team of experts from cybersecurity firm F-Secure has discovered security flaws affecting firmware in modern computers that could […]
August 9, 2018
Via: Dark ReadingBLACK HAT USA – Las Vegas – A team of ICS experts who spent the past year studying and re-creating the so-called TRITON/TRISIS malware that targeted a Schneider Electric safety instrumented system (SIS) at an oil and gas petrochemical plant […]
Application security, Network security
July 17, 2018
Via: Security AffairsResearchers have developed a tool that poses as GPS satellites to deceive nearby GPS receivers. The kit could be used to deceive receivers used by navigation systems and suggest drivers the wrong direction. “we explore the feasibility of a stealthy […]
Mobile security, Wireless security
July 2, 2018
Via: Security WeekNewly devised attacks on the Long Term Evolution (LTE) high-speed wireless standard break the confidentiality and privacy of communication, team of researchers claim. In a newly published paper (PDF), researchers from Ruhr-University Bochum and New York University Abu Dhabi present […]
October 24, 2017
Via: Threat PostSofacy, the Russian-speaking APT group connected to interference in the 2016 U.S. presidential election, has been targeting researchers, admins and others interested in cybersecurity. Cisco’s security research arm Talos published a report on Sunday describing a campaign linked to Sofacy, […]
August 4, 2017
Via: Russel EdwardsBrowsing anonymity may seem appealing for various reasons. Regardless of whether they have something worth hiding/protecting or not, those who know better appreciate the value of online privacy protection. But is VPN-supported anonymity all it is rumored to be, or […]
July 20, 2017
Via: Russel EdwardsMany cyber-security professionals are waiting for the next stage of Artificial Intelligence-based algorithms. Ready to fight with what we may call automated malicious attacks, AI is yet in its testing phase, showing up in demos and uncoordinated software. It’s like […]
March 14, 2017
Via: Security WeekResearchers at Rapid7 discovered several vulnerabilities in Double telepresence robots from Double Robotics. The vendor has addressed the more serious issues with server-side fixes. Double is a robot that allows people to have a physical presence at their workplace or […]
February 23, 2017
Via: CIOThe seemingly harmless blinking lights on servers and desktop PCs may give away secrets if a hacker can hijack them with malware. Researchers in Israel have come up with an innovative hack that turns a computer’s LED light into a […]
February 16, 2017
Via: Help Net SecurityA group of researchers from the Systems and Network Security Group at VU Amsterdam have discovered a way to bypass address space layout randomization (ASLR) protections of major operating systems and browsers by exploiting a common feature of computer microprocessors. […]
January 25, 2017
Via: Security AffairsThis work compares some infamous methods for the creation of malicious payloads or shellcodes. These payloads must be used to create a remote connection between the victim’s machine and the attacker’s machine that wants to listen and, once a connection is successfully […]
December 28, 2016
Via: SecurelistMore than 500 participants from around the world attended the event, which included technical trainings, security conference and capture the flag (CTF) competition. We met many high-skilled malware analysts, incident responders, security researchers and professionals at this event to discuss […]
December 16, 2016
Via: The HillA Department of Commerce survey shows that 60 percent of cyber-security researchers fear legal repercussions for reporting security vulnerabilities they discover to a product’s manufacturers. The Commerce Department’s National Telecommunication and Information Administration’s survey came through its role in a […]
Threats & Malware, Virus & Malware
December 12, 2016
Via: InfoSecurity LiveAs per the first prediction threats are getting smarter and are increasingly able to operate autonomously. In the coming year it is expected to see malware designed “human-like” with adaptive, success-based learning to improve the impact and efficacy of attacks. […]
December 8, 2016
Via: Naked SecurityNintendo has announced it’s now supporting a bug bounty program for researchers to find flaws in its 3DS family of handheld game consoles. Researchers could make up to $20,000 for discovering vulnerabilities for the 3DS that could be used for pirating […]
December 5, 2016
Via: Naked SecurityWe recently reported on a flaw in iOS that would allow someone to bypass the iOS lockscreen by using Siri. Well, Siri’s off the hook this time. The new vulnerability, disclosed yesterday by Benjamin Kunz Mejri of Vulnerability Lab, involves […]
December 5, 2016
Via: Dark ReadingResearchers at the UK’s Newcastle University have developed what they say is an almost absurdly easy way to get the card number, security code, and expiration date of any Visa credit or debit card using nothing but guesswork — six […]
October 25, 2016
Via: InfoWorldResearchers have devised a new way to compromise Android devices without exploiting any software vulnerabilities and instead taking advantage of a physical design weakness in RAM chips. The attack technique could also affect other ARM and x86-based devices and computers. […]
October 24, 2016
Via: Security AffairsInTheCyber – Intelligence & Defense Advisors (www.inthecyber.com), a leader in offensive & Defensive Cyber Security, has discovered in its R&D Labs a new easy and dangerous vulnerability affecting messaging systems. Voicemail caller-id spoofing it’s a quite old flaw. When the mobile […]