The critical bug in a connected medical device can allow an attacker to remotely manipulate hospital pumps, either to withhold meds or dispense too much. | Continue reading
The two CVEs allow bypasses to get around NTLM relay attack mitigations. | Continue reading
A recent breach of U.S. Customs and Border Protection traveler photo and license plate data has led experts to condemn the collection and storage of facial recognition data. | Continue reading
SandboxEscaper is back, with a second bypass for the recent CVE-2019-0841 Windows patch. | Continue reading
A bug impacting editors Vim and Neovim could allow a trojan code to escape sandbox mitigations. | Continue reading
The flaw affected all versions of Microsoft Office, Microsoft Windows and architecture types dating back to 2000, and was patched in November 2017. | Continue reading
Popular media player receives 33 security bug fixes, two of which are rated high severity. | Continue reading
A botnet has appeared that has attempted to brute-force 1.5 million RDP connections to Windows systems in the last few days — and counting. | Continue reading
A working exploit for the critical remote code-execution flaw shows how an unauthenticated attacker can achieve full run of a victim machine in about 22 seconds. | Continue reading
Apple 0-Day allows hackers to mimic mouse-clicks to allow malicious behavior on macOS Mojave, despite mitigations. | Continue reading
After a report found that Snap employees were abusing their access to Snapchat data, experts are warning that insider threats will continue to be a top challenge for privacy. | Continue reading
Researchers are warning of flaws in two WordPress plugins – Slick Popup and WP Database Backup – including one that remains unpatched. | Continue reading
Nvidia is urging gamers to update its GeForce Experience software after patching two high-severity vulnerabilities. | Continue reading
SandboxEscaper has released her latest local privilege-escalation exploit for Windows. | Continue reading
A database with millions of data points on games played plus sensitive information was left right in the middle of the internet fairway for all to see. | Continue reading
An attacker can supply a malicious hyperlink in order to secretly alter the download path for files shared in a Slack channel. | Continue reading
Attackers have been tampering with TLS signatures at a scale never before seen using the cipher-stunting approach. | Continue reading
A simple Wireshark analysis was enough to subvert the gadget, which uses iris identification to protect the drive. | Continue reading
A video interview and Q&A with IoT specialist Dan Demeter of Kaspersky Lab. | Continue reading
A bug in the popular anti-piracy framework allows a side-channel attack on premium content. | Continue reading
The ubiquitous nature of the flaw opens the door for rapidly spreading, crippling cyberattacks. | Continue reading
The incident was the work of malicious cyberattackers. | Continue reading
Overall Oracle patched 297 flaws across multiple product as part of its April security update. | Continue reading
An ongoing campaign, active since 2017, has been stealing credentials via global DNS hijacking attacks. | Continue reading
Patched just last week, the Windows kernel bug is being used for full system takeover. | Continue reading
A popular Australian smartwatch's tracking capabilities expose its user's locations, personal data and more. | Continue reading
The surveillance tool was signed with legitimate Apple developer certificates. | Continue reading
White hat hacker reverse engineers financial apps and finds a treasure trove of security issues. | Continue reading
Attackers can remotely compromise multiple network devices (IP PBX, conferencing gear and IP phones), installing malware and eavesdropping via video and audio functions. | Continue reading
On the first day of Pwn2Own 2019 hackers poked holes in Apple Safari, VMware Workstation and Oracle VirtualBox. | Continue reading
Some of the flaws would allow remote code-execution. | Continue reading
A researcher who discovered a flaw letting him steal passwords in MacOS is not sharing his findings with Apple without a macOS bug bounty program. | Continue reading
Eleven critical bugs will be patched as part of the February Android Security Bulletin. | Continue reading
How do advanced persistent threat groups such as Double Secret Octopus and Anchor Panda get their ridiculous names? | Continue reading
Armed with an impressive bag of exploits and other tricks for propagation, researchers believe the new trojan could be the catalyst for an upcoming, major cyber-offensive. | Continue reading
A cyberattack lifts employee data at the French aerospace giant as news hits of "Collections 2-5" being passed around the underground. | Continue reading
The attack makes use of previously disclosed critical vulnerabilities in the Apple Safari web browser and iOS. | Continue reading
Researchers show how rogue web applications can be used to attack vulnerable browser extensions in a hack that gives adversaries access to private user data. | Continue reading
As the shutdown continues into its 21st day, dozens of .gov websites haven't renewed their TLS certificates. | Continue reading
A penetration testing tool called Modlishka can defeat two-factor authentication in the latest 2FA security issue. We asked a roundtable of experts what it all means. | Continue reading
As the hype at CES demonstrates, 5G is the newest and shiniest tech bauble out there: but security concerns loom. | Continue reading
A proof-of-concept from the University of Maryland can defeat the audio challenges that are offered as an option for people with disabilities. | Continue reading
Researcher at ESET outlines research on the first successful UEFI rootkit used in the wild. | Continue reading
Twelve years' worth of data has blasted off into the Dark Web. | Continue reading
The intimate recordings paint a detailed picture of a man’s life. | Continue reading
The trojan purports to be a battery optimization app – and then steals up to 1,000 euro from victims' PayPal accounts. | Continue reading
Researchers identified a widespread campaign of brute force attacks against WordPress websites. | Continue reading
Examples of how attackers carry out mass exploitation campaigns and how to defend against them. | Continue reading