Collaborate Disseminate
A Clickjacking attack works by loading a malicious website inside a low-opacity iframe and overlaying it with an innocuous looking button, checkbox or link. This tricks the user into interacting with the vulnerable website beneath. The user is then for… Continue reading Sound Hijacking – Abusing Missing XFO
Powerful capabilities of modern browser APIs could be misused by attackers to take control of a site visitor’s browser, add it to their botnet, and use it for a variety of malicious actions, researchers from the Foundation for Research and Technology &… Continue reading Modern browser APIs can be abused for hijacking device resources
Researchers from the University of California, Irvine (UCI) and the University of California, Riverside (UCR) have uncovered the possibility of an acoustic side-channel attack on the DNA synthesis process, a vulnerability that could present a serious r… Continue reading Researchers eavesdrop on DNA synthesizer to steal genetic blueprint
In light of the recent DNS hijacking attacks, the Internet Corporation for Assigned Names and Numbers (ICANN) is urging domain owners and DNS services to implement DNSSEC post-haste. “Although DNSSEC cannot solve all forms of attack against the D… Continue reading ICANN calls for wholesale DNSSEC deployment
Wormable stored XSS on WordPress.org, a security lapse revealed private complaints from Silicon Valley employees, hackers hijack thousands of Chromecasts to warn of latest security bug, a linting tool for checking accessibility, speed, and security, ho… Continue reading WordPress, Silicon Valley, and Hijacking – Application Security Weekly #45
Hijacking smart TV’s to promote PewDiePie, hackers attempt to sell stolen 9/11 documents, turning your house into a DOOM level with a Roomba, and hopefully you’re over that New Year’s hangover, because there’san Adobe PDF ap… Continue reading PewDiePie, DOOM Roomba, and 9/11 – Paul’s Security Weekly #588
This week, how Docker containers can be exploited to mine for cryptocurrency, WordPress sites attacking other WordPress sites, why the Marriott Breach is a valuable IT lesson, malicious Chrome extensions, why hospitals are the next frontier of cybersec… Continue reading Marriott Breach, Lame Printer Hack, and Docker – Paul’s Security Weekly #585
A slew of verified Twitter accounts have been hijacked and altered, used to tweet out a bogus Bitcoin giveaway scam. Continue reading Bitcoin Giveaway Scam Balloons, with Google the Latest Victim
An attacker can send spoofed commands to the crane’s controller. Continue reading IoT Flaw Allows Hijacking of Connected Construction Cranes
By concatenating a known improper authentication flaw with a newly discovered CSRF vulnerability, remote unauthenticated attackers can obtain full control over TP-Link TL-WRN841N, a popular wireless consumer router used worldwide. “This type of r… Continue reading Popular TP-Link wireless home router open to remote hijacking