Collaborate Disseminate
Many websites, firewalls and load balancers are vulnerable to an attack that can allow hackers to decrypt TLS traffic between them and users or to sign data with their certificate’s private key. The weakness was found by independent researcher Ha… Continue reading Many Websites Vulnerable to 19-Year-Old TLS Decryption Attack
Microsoft’s security patches for December fix 34 vulnerabilities across the company’s products, including in Internet Explorer, Edge, Office and Windows. The largest number of vulnerabilities were fixed in the scripting engine used in the c… Continue reading Microsoft Fixes 34 Security Flaws in Windows, Office, IE and Edge
Google released Chrome 63 this week and the new version adds several security features aimed at the enterprise, including per-site isolation and permission-based extension blacklisting. Chrome’s process sandboxing mechanism, which was architected… Continue reading Google Chrome Update Focuses on Enterprise Security
A team of researchers has found issues with the validation of TLS certificates for mobile banking and other security-focused applications that could allow man-in-the-middle (MITM) attackers to decrypt their traffic. Some of the apps are from high-profi… Continue reading MITM Vulnerabilities Found in Mobile Banking Apps
An internet of things (IoT) botnet that recently hijacked more than 100,000 DSL modems in Argentina has extended to other countries and doubled in size over the past week, possibly due to a zero-day vulnerability. The botnet has been dubbed “Sato… Continue reading IoT Botnet Satori Grows Rapidly Thanks to Zero-Day Flaw
Millions of computers and servers that are used to develop, test and analyze Android applications were put at risk by vulnerabilities in widely used development tools. The flaws were discovered by researchers from Check Point Software Technologies and … Continue reading Flaws in Development Tools Expose Android App Makers to Attacks
Payments processor TIO Networks identified a security breach that potentially has compromised the personally identifiable information of 1.6 million people. PayPal, which acquired TIO in July for more than $230 million, suspended the company’s op… Continue reading PayPal Subsidiary TIO Networks Suffers Breach Affecting 1.6 Million Users
There’s no end in sight for ransomware and, based on what we’ve seen this year, these threats will become even more aggressive. Worse still, hackers have started incorporating extortion into other types of attacks. Ransomware pushers have h… Continue reading Brace for Hybrid Threats and Extortion-Fueled Attacks Next Year
Attackers have found a new technique to make cryptocurrency mining, or cryptomining, inside browsers persistent, or at least survive normal attempts of closing the browser window. Drive-by cryptomining has become widespread in recent months with websit… Continue reading Attackers Inject Persistent Cryptomining in Browsers
Attackers have found a new technique to make cryptocurrency mining, or cryptomining, inside browsers persistent, or at least survive normal attempts of closing the browser window. Drive-by cryptomining has become widespread in recent months with websit… Continue reading Attackers Inject Persistent Cryptomining in Browsers