Quality and security. Two words that share an interesting relationship and no small amount of confusion.
read more
Audit Finds Over a Dozen NTP Vulnerabilities
Researchers at Germany-based security firm Cure53 have conducted a 32-day audit of the Network Time Protocol (NTP) and the NTPsec project and discovered more than a dozen vulnerabilities.
read more
iOS Scareware Campaign Abuses Safari Vulnerability
One of the vulnerabilities addressed by Apple this week with the release of iOS 10.3 has been being abused by scammers to execute a scareware campaign, Lookout researchers warn.
read more
Millions of Websites Affected by IIS 6.0 Zero-Day
More than 8 million websites could be exposed to a buffer overflow vulnerability in Internet Information Services (IIS) 6.0 that has been exploited in the wild since July 2016, researchers warn.
read more
New Mirai Variant Unleashes 54-Hour DDoS Attack
New Variant of Infamous IoT Botnet Launches Attack Against Network of U.S. College
A newly discovered variant of the Mirai botnet was responsible for powering a 54-hour distributed denial of service (DDoS) attack, Imperva researchers reveal.
read more
VMware Patches Flaws Disclosed at Pwn2Own
VMware has released updates and patches for its ESXi, Workstation and Fusion products to address critical and moderate severity vulnerabilities disclosed at the Pwn2Own 2017 competition.
read more
This Stealthy Malware Remained Unnoticed for Three Years
Stealthy command and control methods allowed a newly discovered malware family to fly under the radar for more than three years, Palo Alto Networks security researchers reveal.
read more
Siemens RUGGEDCOM Devices Affected by Several Flaws
Siemens has shared recommendations for mitigating several medium and high severity vulnerabilities affecting some of the company’s RUGGEDCOM products.
read more
US-CERT’s Warning on SSL Interception vs. Security is a False Dichotomy
Sometimes a headline succinctly and cleverly captures the essence of a simple situation. Note last week’s headline about the apprehension of a nearly naked suspect: “Man in Boxers Leads Police on Brief Chase.”
read more
NukeBot Source Code Leaked After Marketing Fail
The developer of the NukeBot banking Trojan has decided to release the malware’s source code after he failed to convince the cybercrime community that his creation is worth buying and that he is not a scammer.
read more