research
Preventing exfiltration of sensitive docs by flooding systems with hard-to-detect fakes
A group of researchers from Queen’s University (Canada) have proposed a new approach for keeping important documents safe: creating so many believable fakes that …
How lucrative is web-based cryptojacking?
1 out of 500 of the one million most visited websites according to Alexa contains a web-based cryptominer that starts mining as soon as the website has been opened in the …
Listening-Watch: Strong, low-effort, wearable 2FA scheme
Passwords are still the preferred online authentication method because they are easy to use, but they are increasingly not enough to keep our accounts secure. To mitigate the …
The single sign-on account hijacking threat and what can we do about it?
Single sign-on (SSO) lets users avoid creating and managing accounts across different services, but what happens when that main, identity-providing account gets compromised? …
How often are users’ DNS queries intercepted?
A group of Chinese researchers wanted to find out just how widespread DNS interception is and has presented the result of their large-scale study to the audience at the Usenix …
Researchers reveal new online user tracking techniques
Researchers have identified a number of online user tracking techniques that can’t be blocked by browsers’ built-in anti-tracking defenses and existing …
Smart homes can be easily hacked via unsecured MQTT servers
The Internet of Things is full of security holes, and the latest one has been pointed out by Avast researcher Martin Hron: unsecured MQTT servers. What is MQTT? The Message …
Telecom services: Patient zero for email-based attacks?
Organizations offering telecommunication services are seeing more advanced malware threats than organizations in other industries, Lastline researchers have found. They have …
Google offers rewards for techniques that bypass their abuse, fraud, and spam systems
Google is expanding its vulnerability reward program again: the company wants to be notified about techniques that allow third parties to successfully bypass their abuse, …
Networking vendors patch against new cryptographic attack
Vulnerable IPSec IKE implementations used in Cisco, Huawei, ZyXel and Clavister networking devices can allow attackers to retrieve session keys and decrypt connections, …
Connecting the dots to North Korea as a threat adversary
Reports of malware campaigns invariably focus on two critical conclusions: attribution and who was the intended target of the attack. It is challenging to draw swift …
Vulnerabilities in smart card drivers open systems to attackers
Security researcher Eric Sesterhenn of X41 D-SEC GmbH has unearthed a number of vulnerabilities in several smart card drivers, some of which can allow attackers to log into …