SAP closes critical vulnerability affecting TREX
SAP closed a critical vulnerability for an issue that was exposed for almost two years. The vulnerability (SAP Security Note 2419592) affects TREX, a SAP NetWeaver standalone …
Attackers can steal smartphone users’ PINs by tapping into data collected by mobile sensors
Researchers have demonstrated that a malicious website or app could work out smartphone users’ PINs or passwords based just on the data collected by various motion …
CLDAP reflection attacks generate up to 24 Gbps of traffic
Akamai researchers Jose Arteaga and Wilber Majia have identified a new Connection-less Lightweight Directory Access Protocol (CLDAP) reflection and amplification method. CLDAP …
Ewind Android adware is actually a full-fledged Trojan
Palo Alto Networks researchers have analyzed a string of legitimate-looking Android apps and have discovered that the adware included in them has the potential to do much more …
Mobile payment card cloning: Understanding the risks
Mobile contactless payments have grown exponentially and Host Card Emulation (HCE) – the possibility to emulate payment cards on a mobile device, without dependency on special …
Bracing for the Denial of Things
Turn out the lights in any major city in the developed world, and you know what? It’s not really all that dark. Unless you’ve managed to lock yourself in a broom closet (I …
Cybersecurity: To automate or not to automate?
There are seven vital automated IT security applications that will function as the stepping stones necessary to advance cybersecurity in the new world of artificial …
Hacking tools in Vault 7 data dump linked to prolific cyber espionage group
While security researchers and companies go through the collection of hacking tools contained in the data dump that the Shadow Brokers failed to sell, Symantec has tied …
Similarities in partial fingerprints may trick biometric security systems
No two people are believed to have identical fingerprints, but researchers at the New York University Tandon School of Engineering and Michigan State University College of …
How fraudsters stole millions with the help of a legitimate online tool
Identity thieves have managed to steal $30 million from the US Internal Revenue Service by taking advantage of an online tool designed to help students fill out financial aid …
MS Office zero-day is used to infect millions of users with Dridex
The still unpatched MS Office zero-day vulnerability publicized by McAfee and FireEye researchers this weekend is being exploited to deliver the infamous Dridex banking …
Exploit revealed for remote root access vulnerability affecting many router models
Back in January 2013, researchers from application security services firm DefenseCode unearthed a remote root access vulnerability in the default installation of some Cisco …