Author Archives: Tom Spring

PoC Code Surfaces to Exploit Apache Struts 2 Vulnerability

Posted on August 24, 2018 by Tom Spring

Researchers find proof-of-concept code that can take advantage of the recently identified Apache Struts framework (CVE-2018-11776) vulnerability. Continue reading PoC Code Surfaces to Exploit Apache Struts 2 Vulnerability→

T-Mobile Alerts 2.3 Million Customers of Data Breach Tied to Leaky API

Posted on August 24, 2018 by Tom Spring

T-Mobile alerts millions of its customers to a breach of its website that resulted in subscriber names, zip codes, phone numbers, email addresses and account numbers being stolen. Continue reading T-Mobile Alerts 2.3 Million Customers of Data Breach Tied to Leaky API→

Black Hat Video Exclusive: Mobile APTs Redefining Phishing Attacks

Posted on August 13, 2018 by Tom Spring

Mike Murray, vice president of security intelligence at Lookout, discusses how mobile is redefining phishing, taking it out of the traditional inbox and into SMS and Facebook messages. Continue reading Black Hat Video Exclusive: Mobile APTs Redefining Phishing Attacks→

DEF CON 2018: Critical Bug Opens Millions of HP OfficeJet Printers to Attack

Posted on August 12, 2018 by Tom Spring

A malicious fax sent to an HP Inc. OfficeJet all-in-one inkjet printer can give hackers control of the printer and act as a springboard into an attached network environment. Continue reading DEF CON 2018: Critical Bug Opens Millions of HP OfficeJet Printers to Attack→

DEF CON 2018: Apple 0-Day (Re)Opens Door to ‘Synthetic’ Mouse-Click Attack

Posted on August 12, 2018 by Tom Spring

Apple 0-Day allows hackers to mimic mouse-clicks for kernel access, despite mitigations. Continue reading DEF CON 2018: Apple 0-Day (Re)Opens Door to ‘Synthetic’ Mouse-Click Attack→

Black Hat 2018: Voice Authentication is Broken, Researchers Say

Posted on August 10, 2018 by Tom Spring

Researchers crack voice authentication systems by recreating any voice using under ten minutes of sample audio. Continue reading Black Hat 2018: Voice Authentication is Broken, Researchers Say→

Black Hat 2018: Stealthy Kernel Attack Flies Under Windows Mitigation Radar

Posted on August 9, 2018 by Tom Spring

Researchers create PoC of a post-exploitation kernel-mode fileless attack technique. Continue reading Black Hat 2018: Stealthy Kernel Attack Flies Under Windows Mitigation Radar→

Hacking For Sport: A Journey in Reverse Engineering a Toshiba Wireless SD Card

Posted on August 9, 2018 by Tom Spring

Reverse engineering the Toshiba FlashAir SD storage card allowed a researcher to execute remote code – and could’ve allowed him to add other malicious or practical features. Continue reading Hacking For Sport: A Journey in Reverse Engineering a Toshiba Wireless SD Card→

Google Bug Hunter Urges Apple to Change its iOS Security Culture

Posted on August 9, 2018 by Tom Spring

Project Zero researcher highlights stubborn iOS bugs as an example of why Apple and the rest of the industry needs to take a fresh approach to securing systems. Continue reading Google Bug Hunter Urges Apple to Change its iOS Security Culture→

Patrick Wardle on Breaking and Bypassing MacOS Firewalls

Posted on August 8, 2018 by Tom Spring

A Black Hat talk demonstrates the ease of poking holes in firewalls: How to break, bypass and dismantle macOS firewall products. Continue reading Patrick Wardle on Breaking and Bypassing MacOS Firewalls→