Duo Labs does a lot of odd research now and again. The whole IoT world can offer up a lot of ups and downs to a researcher, but since we are trying to not only get through this ourselves, we are also trying to encourage others to research. Therefore, it makes sense to come up […]
Bug Hunting: Drilling Into the Internet of Things (IoT) Read More »
In March 2017, Palo Alto Networks Unit 42 published research on a new malicious spam campaign dubbed “Blank Slate.” Named as such because the malspam message is empty. Only the malicious attachment is present. Read more
Blank slate: A tale of two malware Servers Read More »
Another banking malware variant has been spotted in the wild, and it’s using UPnP to pop home routers to expose unsuspecting home users, recruited as part of the botnet. McAfee Labs says the new campaign uses a variant of the ancient “Pinkslipbot”, and says it uses Universal Plug’n’Play (UPnP) to open ports through home routers,
It’s 2017, and UPnP is helping black-hats run banking malware Read More »
Jaguar Land Rover has enlisted a cartoon musician to help it fill what it says are 5,000 electronics and software vacancies across the firm. Noodle, “guitarist” of virtual band Gorillaz, is fronting the JLR advertising campaign. The band is actually the work of Blur frontman Damon Albarn and his cartoonist mate Jamie Hewlett, with the
Jaguar Land Rover ropes in Gorillaz to help it lure 5,000 ‘electronic wizards’ Read More »
With the Doubleswitch attack, a hijacker takes control of a victim’s account through one of several attack vectors. People who have not enabled an app-based form of multifactor authentication for their accounts are especially vulnerable. For instance, an attacker could trick you into revealing your password through phishing. If you don’t have multifactor authentication, you
New Technique to Hijack Social Media Accounts Read More »
Computer systems have now been restored at two universities which were forced offline following ransomware attacks. On Wednesday 14 June, both University College London and Ulster University were infected with ransomware in separate incidents. Both universities have referred to the ransomware potentially exploiting a zero-day vulnerability, but it is currently unclear if there is a
Ransomware attacks: Universities back online after ‘zero-day’ infections Read More »
There’s no such thing as a “safe system” – only safer systems. Our Security team works to create and maintain the safest operating environment for Google’s users and developers. As a Security Engineer, you help protect network boundaries, keep computer systems and network devices hardened against attacks and provide security services to protect highly sensitive
Security Engineer, Detection Read More »
Security researchers at the Ben-Gurion University of the Negev (BGU) found that attackers can secretly obtain data (such as encryption keys, passwords and files) from extremely secure or air-gapped networks via the row of status LEDs that exists in networking devices such as LAN routers and switches. Read more
The newest attack for stealing network data! Read More »
https://www.youtube.com/watch?v=DfVqmOtplOE Exploiting a vulnerable Domain controller without the MS14-068 patch. You would be surprised how many domain controller are still not patched. Patch with MS14-068 to avoid this exploit. Read more
Checkmarx is an Application Security software company, whose mission is to provide enterprise organizations with application security testing products and services that empower developers to deliver secure applications. Amongst the company’s 1,000 customers are 5 of the world’s top 10 software vendors and many Fortune 500 and government organizations. Read more
We secure your code Read More »