research

Vulnerability allows Yubico security keys to be cloned

Don't miss, Encryption, hardware, Hot stuff, Infineon Technologies, MFA, News, research, security key, Yubico /

Vulnerability allows Yubico security keys to be cloned 2024-09-04 at 13:31 By Zeljka Zorz Researchers have unearthed a cryptographic vulnerability in popular Yubico (FIDO) hardware security keys and modules that may allow attackers to clone the devices. But the news is not as catastrophic as it may seem at first glance. “The attacker would need […]

React to this headline:

Loading spinner

Vulnerability allows Yubico security keys to be cloned Read More »

Stolen, locked payment cards can be used with digital wallet apps

apple, Banks, digital wallet, Don't miss, financial industry, fraud, Google, Hot stuff, mobile payment, News, online payment, PayPal, research, vulnerability /

Stolen, locked payment cards can be used with digital wallet apps 2024-08-19 at 21:32 By Zeljka Zorz Fraudsters can add stolen payment cards to digital wallet apps and continue making online purchases even after victims’ report the card stolen and the bank blocks it, computer engineers with University of Massachusetts Amherst and Pennsylvania State University

React to this headline:

Loading spinner

Stolen, locked payment cards can be used with digital wallet apps Read More »

“Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days

0-day, attack, Don't miss, Hot stuff, News, research, SafeBreach, vulnerability, Windows, Windows Server /

“Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days 2024-08-08 at 13:01 By Zeljka Zorz A researcher has developed a downgrade attack that can make Windows machines covertly, persistently and irreversibly vulnerable, even if they were fully patched before that. A downgrade attack exploiting the Windows Update process The direction of SafeBreach researcher Alon Leviev’s

React to this headline:

Loading spinner

“Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days Read More »

Innovative approach promises faster bug fixes

News, programming, research /

Innovative approach promises faster bug fixes 2024-07-31 at 12:02 By Help Net Security Modern software applications usually consist of numerous files and several million lines of code. Due to the sheer quantity, finding and correcting faults, known as debugging, is difficult. In many software companies, developers still search for faults manually, which takes up a

React to this headline:

Loading spinner

Innovative approach promises faster bug fixes Read More »

New security loophole allows spying on internet users’ online activity

attacks, cybersecurity, Don't miss, Graz University of Technology, Hot stuff, News, Privacy, research, vulnerability /

New security loophole allows spying on internet users’ online activity 2024-06-25 at 13:16 By Help Net Security Researchers at Graz University of Technology were able to spy on users’ online activities simply by monitoring fluctuations in the speed of their internet connection. This vulnerability, known as SnailLoad, does not require malicious code to exploit, and

React to this headline:

Loading spinner

New security loophole allows spying on internet users’ online activity Read More »

Vulnerability in Cisco Webex cloud service exposed government authorities, companies

Cisco, cloud security, Don't miss, enterprise, Europe, Germany, Government, Hot stuff, News, research, video conferencing, vulnerability, Webex /

Vulnerability in Cisco Webex cloud service exposed government authorities, companies 2024-06-05 at 22:33 By Zeljka Zorz The vulnerability that allowed a German journalist to discover links to video conference meetings held by Bundeswehr (the German armed forces) and the Social Democratic Party of Germany (SPD) via their self-hosted Cisco Webex instances similarly affected the Webex

React to this headline:

Loading spinner

Vulnerability in Cisco Webex cloud service exposed government authorities, companies Read More »

Financial system ‘outdated’ but crypto is no fix either: US swing voters

Cryptocurrency Ownership, Digital Currency Group, Political Candidates, Poll, research, survey, The Harris Group, United States Election /

Financial system ‘outdated’ but crypto is no fix either: US swing voters 2024-05-08 at 09:01 By Cointelegraph by Brayden Lindrea In a survey by the Digital Currency Group, 70% of swing state voters agreed the current financial system is “outdated” and in need of an overhaul, but most didn’t think crypto was the answer either.

React to this headline:

Loading spinner

Financial system ‘outdated’ but crypto is no fix either: US swing voters Read More »

Apps secretly turning devices into proxy network nodes removed from Google Play

consumer, Don't miss, enterprise, Hot stuff, HUMAN Security, mobile apps, News, Orange Cyberdefense, Proxy, research, Sekoia.io /

Apps secretly turning devices into proxy network nodes removed from Google Play 2024-03-26 at 12:16 By Zeljka Zorz Your smartphone might be part of a proxy network, and you might not even know it: all it takes is for you to download apps whose developers have included the functionality and didn’t mention it. If that

React to this headline:

Loading spinner

Apps secretly turning devices into proxy network nodes removed from Google Play Read More »

RaaS groups increasing efforts to recruit affiliates

cybercrime, cybercriminals, dark web, Don't miss, GuidePoint Security, Hot stuff, News, Ransomware, research /

RaaS groups increasing efforts to recruit affiliates 2024-03-20 at 16:46 By Zeljka Zorz Smaller RaaS groups are trying to recruit new and “displaced” LockBit and Alphv/BlackCat affiliates by foregoing deposits and paid subscriptions, offering better payout splits, 24/7 support, and other “perks”. Cybercriminals wanted RaaS operations usually consist of a core group that develops the

React to this headline:

Loading spinner

RaaS groups increasing efforts to recruit affiliates Read More »

The most prevalent malware behaviors and techniques

Don't miss, Elastic, malware analysis, malware detection, News, research, tips /

The most prevalent malware behaviors and techniques 2024-03-20 at 12:46 By Zeljka Zorz An analysis of 100,000+ Windows malware samples has revealed the most prevalent techniques used by malware developers to successfully evade defenses, escalate privileges, execute the malware, and assure its persistence. Malware tactics and techniques The analyzed malware samples were most often delivered

React to this headline:

Loading spinner

The most prevalent malware behaviors and techniques Read More »

Web-based PLC malware: A new potential threat to critical infrastructure

Don't miss, Hot stuff, ICS/SCADA, Malware, News, PLC, research, web application security /

Web-based PLC malware: A new potential threat to critical infrastructure 2024-03-07 at 13:47 By Zeljka Zorz A group of researchers from Georgia Tech’s College of Engineering have developed web-based programmable logic controller (PLC) malware able to target most PLCs produced by major manufacturers. “Our Web-Based (WB) PLC malware resides in PLC memory, but ultimately gets

React to this headline:

Loading spinner

Web-based PLC malware: A new potential threat to critical infrastructure Read More »

What makes ransomware victims less likely to pay up?

backup, cyber insurance, data theft, Don't miss, Hot stuff, Incident Response, News, Ransomware, research /

What makes ransomware victims less likely to pay up? 2024-01-26 at 08:34 By Zeljka Zorz There’s a good reason why ransomware gangs started exfiltrating victims’ data instead of just encrypting it: those organizations pay more. University of Twente researcher Tom Meurs and his colleagues wanted to know which factors influence victims to pay the ransom

React to this headline:

Loading spinner

What makes ransomware victims less likely to pay up? Read More »

CloudFoxable: Open-source AWS penetration testing playground

AWS, Bishop Fox, cybersecurity, News, penetration testing, research, skill development, software /

CloudFoxable: Open-source AWS penetration testing playground 2024-01-22 at 07:02 By Mirko Zorz CloudFoxable is a capture-the-flag (CTF) style learning platform you can deploy to your playground AWS account. It primarily targets current penetration testers seeking to learn exploitation of cloud-native attack paths, and cloud security experts aiming to practice offensive security techniques safely. “What makes

React to this headline:

Loading spinner

CloudFoxable: Open-source AWS penetration testing playground Read More »

Attackers could use vulnerabilities in Bosch Rexroth nutrunners to disrupt automotive production

automotive security, Don't miss, Hot stuff, manufacturing sector, News, Nozomi Networks, Ransomware, research, vulnerability /

Attackers could use vulnerabilities in Bosch Rexroth nutrunners to disrupt automotive production 2024-01-09 at 17:46 By Zeljka Zorz Researchers have discovered over two dozen vulnerabilities in “smart” cordless nutrunners (i.e., pneumatic torque wrenches) manufactured by Bosch Rexroth that could be exploited to make the devices inoperable or their output unreliable. “Depending on a manufacturer’s use

React to this headline:

Loading spinner

Attackers could use vulnerabilities in Bosch Rexroth nutrunners to disrupt automotive production Read More »

Securing AI systems against evasion, poisoning, and abuse

AppOmni, Artificial Intelligence, Don't miss, how-to, machine learning, News, NIST, report, research, strategy, tips /

Securing AI systems against evasion, poisoning, and abuse 2024-01-09 at 06:32 By Mirko Zorz Adversaries can intentionally mislead or “poison” AI systems, causing them to malfunction, and developers have yet to find an infallible defense against this. In their latest publication, NIST researchers and their partners highlight these AI and machine learning vulnerabilities. Taxonomy of

React to this headline:

Loading spinner

Securing AI systems against evasion, poisoning, and abuse Read More »

8220 gang exploits old Oracle WebLogic vulnerability to deliver infostealers, cryptominers

cryptojacking, Don't miss, exploit, Hot stuff, Imperva, Malware, News, Oracle WebLogic, research, vulnerability /

8220 gang exploits old Oracle WebLogic vulnerability to deliver infostealers, cryptominers 20/12/2023 at 16:02 By Helga Labus The 8220 gang has been leveraging an old Oracle WebLogic Server vulnerability (CVE-2020-14883) to distribute malware, the Imperva Threat Research team has found. About 8220 Active since 2017, the 8220 gang has been known for deploying cryptocurrency miners

React to this headline:

Loading spinner

8220 gang exploits old Oracle WebLogic vulnerability to deliver infostealers, cryptominers Read More »

SSH vulnerability exploitable in Terrapin attacks (CVE-2023-48795)

cryptographic attack, Don't miss, Hot stuff, News, OpenSSH, research, SSH, SUSE, vulnerability /

SSH vulnerability exploitable in Terrapin attacks (CVE-2023-48795) 19/12/2023 at 13:18 By Zeljka Zorz Security researchers have discovered a vulnerability (CVE-2023-48795) in the SSH cryptographic network protocol that could allow an attacker to downgrade the connection’s security by truncating the extension negotiation message. The Terrapin attack Terrapin is a prefix truncation attack targeting the SSH protocol.

React to this headline:

Loading spinner

SSH vulnerability exploitable in Terrapin attacks (CVE-2023-48795) Read More »

“Pool Party” process injection techniques evade EDRs

CrowdStrike, Cybereason, Don't miss, Endpoint Security, Hot stuff, Microsoft, News, Palo Alto Networks, PoC, research, SafeBreach, SentinelOne, threat detection, XDR /

“Pool Party” process injection techniques evade EDRs 12/12/2023 at 14:01 By Zeljka Zorz SafeBreach researchers have discovered eight new process injection techniques that can be used to covertly execute malicious code on Windows systems. Dubbed “Pool Party” because they (ab)use Windows thread pools, these process injection techniques work across all processes and, according to the

React to this headline:

Loading spinner

“Pool Party” process injection techniques evade EDRs Read More »

Many popular websites still cling to password creation policies from 1985

authentication, Don't miss, Hot stuff, News, passwords, policy, research, trends /

Many popular websites still cling to password creation policies from 1985 12/12/2023 at 09:01 By Helga Labus A significant number of popular websites still allow users to choose weak or even single-character passwords, researchers at Georgia Institute of Technology have found. Websites’ lax creation policies for passwords The researchers used an automated account creation method

React to this headline:

Loading spinner

Many popular websites still cling to password creation policies from 1985 Read More »

Changpeng Zhao’s next move could involve decentralized science

Binance, Changpeng Zhao, Health, research, science, World Health Organization /

Changpeng Zhao’s next move could involve decentralized science 07/12/2023 at 17:02 By Cointelegraph by Robert D. Knight Decentralized science, or DeSci, aims to apply decentralized business models to medical research. This article is an excerpt from Cointelegraph.com News View Original Source React to this headline:

React to this headline:

Loading spinner

Changpeng Zhao’s next move could involve decentralized science Read More »

Scroll to Top