Zeljka Zorz
Smart homes can be easily hacked via unsecured MQTT servers
The Internet of Things is full of security holes, and the latest one has been pointed out by Avast researcher Martin Hron: unsecured MQTT servers. What is MQTT? The Message …
Who’s trying to eavesdrop on your customers’ encrypted mobile traffic?
The number one source of TLS/SSL Man in the Middle (MitM) attacks on encrypted mobile traffic are not corporate firewalls or captive portals used by hotels, airports and other …
Telecom services: Patient zero for email-based attacks?
Organizations offering telecommunication services are seeing more advanced malware threats than organizations in other industries, Lastline researchers have found. They have …
AT&T sued for enabling SIM swap fraud
A cryptocurrency investor is suing AT&T because criminals were able to empty his accounts through SIM swap fraud (aka account port out fraud), even though he had already …
Google offers rewards for techniques that bypass their abuse, fraud, and spam systems
Google is expanding its vulnerability reward program again: the company wants to be notified about techniques that allow third parties to successfully bypass their abuse, …
Networking vendors patch against new cryptographic attack
Vulnerable IPSec IKE implementations used in Cisco, Huawei, ZyXel and Clavister networking devices can allow attackers to retrieve session keys and decrypt connections, …
August 2018 Patch Tuesday: Microsoft fixes two actively exploited zero-days
In the August 2018 Patch Tuesday, Microsoft has plugged over 60 vulnerabilities, two of which are being actively exploited in the wild. In addition to those, the company has …
New Office 365 phishing attack uses malicious links in SharePoint documents
Fake emails targeting Office 365 users via malicious links inserted into SharePoint documents are the latest trick phishers employ to bypass the platform’s built-in …
Microsoft ADFS flaw allows attackers to bypass MFA safeguards
A vulnerability (CVE-2018-8340) in Microsoft Active Directory Federation Services (ADFS) allows a second authentication factor for one account to be used for all other …
Turning off Location History doesn’t prevent Google from knowing your location
If you believe that by turning off Location History on your Android device or iPhone means that Google won’t be able to know your location, think again: Princeton …
Vulnerabilities in smart card drivers open systems to attackers
Security researcher Eric Sesterhenn of X41 D-SEC GmbH has unearthed a number of vulnerabilities in several smart card drivers, some of which can allow attackers to log into …
Critical vulnerability in Oracle Database, patch without delay!
Oracle is urging users to patch their Oracle Database installations to plug a critical security issue that can result in complete compromise of the Oracle Database and shell …
Featured news
Resources
Don't miss
- The long conversations that reveal how scammers work
- Metis: Open-source, AI-driven tool for deep security code review
- How to cut security tool sprawl without losing control
- Product showcase: Proton Pass, a password manager with identity protection
- Internet slowly recovers after far-reaching Cloudflare outage