News

Attackers are increasingly targeting insecure legacy protocols, like IMAP, to avoid running into multi-factor authentication in password-spraying campaigns.

A full 39 percent of Counter-Strike 1.6 game servers on Steam were found to be malicious.

Not on 5.1.1? You should be

A newly revealed vuln in the open-source CMS WordPress allows an unauthenticated website attacker to remotely execute code – potentially letting naughty folk delete or edit blog posts.…

Vulnerability allows adversaries to access monitoring system used for gathering info on operating systems and hardware.

A new malware targeting point of sale systems, GlitchPOS, has been spotted on a crimeware forum.

Compromised government website slurps buttload of data about applicants

A Pakistani government website was compromised with a keylogger and other malware that hoovered up a whole host of information about people checking on their passport application status.…

Pesky JavaScript malware harvester strikes again

Sportswear brand FILA is the latest company to fall victim to the card-stealing JavaScript infection that menaced British Airways and Ticketmaster last year.…

Increasingly, attackers are targeting the most vulnerable people inside companies and exploiting their weaknesses.

You do know just dragging stuff to the delete folder doesn't wipe stuff, right? Apparently not

About two-thirds of USB memory sticks bought secondhand in the US and UK have recoverable and sometimes sensitive data, and in one-fifth of the devices studied, the past owner could be identified.…

Here comes Chipzilla with a big bunch of security fixes for graphics drivers, server and workstation firmware, and more

Hot on the heels of this month's security updates from Microsoft, Adobe, and SAP, Intel has kicked out a batch of its own bug patches.…

A Sydney man is accused of selling nearly 1 million compromised accounts, for a significant profit.

Devs may have been duped into using dodgy SDK

Android adware has managed to find its way into as many as 150 million devices – after it was stashed inside a large number of those bizarre viral “mundane job simulator” games, we're told.…

Intel has patched several high-severity vulnerabilities in its graphics drivers for Windows 10, which could lead to code execution.

64 bits of cert ID on the wall, 64 bits of ID. Take the top bit down, don't pass it around, 63 bits of cert ID on the wall...

A bunfight over a controversial UAE mobile security company led to the discovery that millions of TLS security certificates have been improperly issued – thanks to a dodgy default configuration in popular certificate authority (CA) management software.…

The mobile app, dubbed a "Yelp for Conservatives," was found with an open API leaking reams of user data.

Why are hackers using the DNS infrastructure against us? The answer is more complex than you might think.

Newly patched CVE-2019-0797 is being actively exploited by two APTs, FruityArmor and SandCat.

Ride the fox, ride the fox

Mozilla's Firefox Send, a free encrypted file sharing service, graduated from test to official release on Tuesday after a year and half of refinement.…

DHCP client has trio of remote-code exec vulns – plus SAP, Adobe issue updates

Patch Tuesday  It's the second Tuesday of the month, and you know what that means: a fresh dump of security fixes from Microsoft, Adobe and others.…

Money earmarked for the Defense Department and DHS, and bipartisan bills to address the security of federal IoT devices, showcase growing federal cyber-efforts.