Zeljka Zorz
18-year-old random number generator flaw fixed in Libgcrypt, GnuPG
Researchers have discovered a “critical security problem” that affects all versions of the Libgcrypt cryptographic library and, therefore, all versions of the …
Researchers pinpoint best times for delivering security messages
When is the best time to deliver a security message? A group of researchers from Brigham Young University has been tracking users’ neural activity while they are using a …
Compromising Linux virtual machines via FFS Rowhammer attack
A group of Dutch researchers have demonstrated a variant of the Rowhammer attack that can be used to successfully compromise Linux virtual machines on cloud servers. The Flip …
Windows users will no longer be able to apply individual patches
Since Microsoft began pushing Windows 10 on consumers and enterprise users, it has consistently worked towards minimizing the choices they can make about the installation. One …
Cisco, Fortinet validate exploits leaked by the Shadow Brokers
Cisco and Fortinet have released security advisories confirming that some of the exploits leaked by the Shadow Brokers work as intended. The entity released the batch as proof …
Spammers modify sites’ core WordPress files for long-lasting compromise
In their quest to compromise WordPress installations and prevent site owners from discovering it and cleaning up the website, blackhat SEO spammers have turned to modifying …
Leaked hacking tools can be tied to NSA’s Equation Group
The batch of data released by the Shadow Brokers, an entity that claims to have hacked the Equation Group, contains attack tools that can be tied to the group. Equation Group …
Bug in Rockwell’s PLCs allows attackers to modify firmware
There is an undocumented SNMP community string in Rockwell Automation’s MicroLogix 1400 programmable logic controllers that can be exploited by attackers to remotely …
Shark Ransomware-as-a-Service: A real threat, a scam, or both?
A new Ransomware-as-a-Service project has sprung up, and the “service providers” are allowing others to use it for free, but take a 20 percent cut out of every …
Proxy authentication flaw can be exploited to crack HTTPS protection
Mistakes made in the implementation of proxy authentication in a variety of operating systems and applications have resulted in security vulnerabilities that allow MitM …
Attackers can hijack unencrypted web traffic of 80% of Android users
The recently revealed security bug (CVE-2016-5696) in the TCP implementation in the Linux kernel that could allow attackers to hijack unencrypted web traffic without an MitM …
Beware of browser hijacker that comes bundled with legitimate software
Lavians, a “small software vendor team,” is packaging its offerings with a variant of browser-hijacking malware Bing.vc. The company sells and offers for free …
Featured news
Sponsored
Don't miss
- Update: Worldwide IT outage due to buggy Crowdstrike sensor configuration update
- Faulty CrowdStrike update takes out Windows machines worldwide
- GenAI network acceleration requires prior WAN optimization
- Critical Splunk flaw can be exploited to grab passwords (CVE-2024-36991)
- eBook: How CISSP turns career goals into reality