Stealing login credentials from locked computers in 30 seconds or less
Security researcher Rob Fuller has demonstrated a simple way for stealing login credentials from locked computers running Windows and Mac OS X. For the attack to work, …
Shadow Brokers, digital attacks, and the escalation of geopolitical conflict
Last week’s data dump by the Shadow Brokers has left many wondering how the US will respond. This is just the latest in a series of politically motivated data breaches often …
Compromising Linux virtual machines via FFS Rowhammer attack
A group of Dutch researchers have demonstrated a variant of the Rowhammer attack that can be used to successfully compromise Linux virtual machines on cloud servers. The Flip …
Hundreds of millions of cars can be easily unlocked by attackers
Security researchers have come up with a way to unlock cars manufactured by vendors around the world, and are set to present their findings on Friday at the Usenix security …
Top-level cyber espionage group uncovered after years of stealthy attacks
Symantec and Kaspersky Lab researchers have uncovered another espionage group that is likely backed by a nation-state. The former have dubbed the threat actor Strider, wile …
Remote Butler attack: APT groups’ dream come true
Microsoft security researchers have come up with an extension of the “Evil Maid” attack that allows attackers to bypass local Windows authentication to defeat full …
QRLJacking: A new attack vector for hijacking online accounts
We all know that scanning random QR codes is a risky proposition, but a newly detailed social engineering attack vector dubbed QRLJacking adds another risk layer to their use. …
UAC bypass attack on Windows 10 allows malicious DLL loading
Security researchers Matt Graeber and Matt Nelson have discovered a way to run a malicious DLL on Windows 10 without the User Account Control (UAC) springing into action and …
Hacking smartphones via voice commands hidden in YouTube videos
A group of researchers from Georgetown University and UC Berkeley have demonstrated how voice commands hidden in YouTube videos can be used by malicious attackers to …
The DAO is under attack, a third of its ether reserves stolen
The DAO, a digital Decentralised Autonomous Organisation that has been set up to support projects related to Ethereum, a public blockchain platform that allows programmable …
How programmers can be tricked into running bad code
Are programming language package managers vulnerable to typosquatting attacks? And can these attacks result in software developers running potentially malicious code? The …
DROWN attack breaks TLS encryption, one-third of all HTTPS servers vulnerable
There’s a new attack that breaks the communication encryption provided by SSL and TLS and can therefore lead to theft of extremely sensitive data exchanged between users …