A recently disclosed User Account Control (UAC) bypass that leverages App Paths can be used for fileless attacks as well, security researcher Matt Nelson now says.
read more
McDonald’s App Leaks Details of 2.2 Million Customers
A vulnerable application used by millions of McDonald’s customers in India was recently found to leak personal information on its users.
read more
New Bill Forces Cybersecurity Responsibility Into the Boardroom
read more
Continue readingSerious Flaws Found in Moodle Learning Platform
Researchers have discovered serious vulnerabilities in Moodle, a popular open-source learning platform used by many top universities in the United States, the United Kingdom and other countries around the world.
read more
IBM and SecureKey Announce Blockchain-Based Identity Verification
The blockchain promise took a step closer to fruition today with IBM and SecureKey making a joint announcement of a blockchain-based digital identity network.
Built on the Linux Foundation's open source Hyperledger Fabric v1.0 and the IBM Blockchain service, a new digital identity and attribute sharing network will go live in Canada later in 2017.
read more
New Attack Combines Self-XSS and Clickjacking
A researcher has demonstrated an attack that combines Clickjacking and a type of Cross Site Scripting (XSS) called Self-XSS. The new attack can trigger Self-XSS on pages that are also vulnerable to Clickjacking, the researcher says.
read more
Mozilla Patches Firefox Flaw Disclosed at Pwn2Own
Mozilla has already patched a Firefox vulnerability disclosed last week at the Pwn2Own 2017 competition by a team of researchers from Beijing-based enterprise security firm Chaitin Tech.
read more
Hackers Earn $200,000 for VM Escapes at Pwn2Own 2017
White hat hackers earned more than $250,000 for the vulnerabilities they disclosed on the third day of the Pwn2Own 2017 competition, including a couple of exploits that involved escaping VMware virtual machines.
read more
Cisco Finds Zero-Day Vulnerability in ‘Vault 7’ Leak
Cisco has warned customers that the Vault 7 files obtained by WikILeaks contain information on a critical vulnerability affecting many of the company’s switches. Patches are not available, but Cisco has provided some mitigation advice.
read more
App Paths Used to Bypass User Account Control in Windows 10
A new technique that leverages App Paths to bypass the User Account Control (UAC) in Windows 10 has been detailed by security researcher Matt Nelson.
read more
