In this blog post, we will present a new technique for domain fronting, which enables attackers to abuse Content Delivery Networks (CDNs) to...
A vulnerability codenamed Devil’s Ivy is putting thousands of Internet-connected devices at risk of hacking. Discovered by security researchers from Senrio, the...
The maker of a smart home security system has failed to patch five security issues in the firmware of his product. These...
For the second time in a year, a highly critical remote code execution vulnerability was found in the Cisco WebEx Extension. For the second...
I recently uncovered two critical vulnerabilities in Alpine Linux’s package manager, assigned CVE-2017-9669 and CVE-2017-9671. These vulnerabilities could potentially lead to an...
Cisco has fixed nine serious remote code execution flaws in the SNMP subsystem running in all the releases of IOS and IOS XE software....
Microsoft announced that Canonical’s Ubuntu Linux Distro is now available in the Windows Store and can be installed on any Windows Insider...
Two implementations of the Kerberos authentication protocol received patches this week against a vulnerability that allowed a threat actor to bypass authentication...
The developer of a tool named Eternal Blues that scans for computers vulnerable to the NSA’s ETERNALBLUE exploit has published statistics gathered...
Oracle’s next quarterly Critical Patch Update is slated for July 18, but two vulnerabilities in an older version of the company’s Oracle...
A new tool is making the rounds on the criminal underground. Called Katyusha Scanner, this is a hybrid between a classic SQL injection...
A black market hacking tool has the potential to rapidly conduct website scans for SQL injection vulnerabilities at a large scale, all...
Microsoft’s July 2017 Patch Tuesday includes a fix for an issue with the NT LAN Manager (NTLM) Authentication Protocol that can be...
Adobe releases patches for critical security flaws which allows attackers to control your system. This bundle applies for Windows, Macintosh, Linux and...
One of the biggest lottery scams in the history of the US is coming to a close as the mastermind behind the...
The world’s two most popular mobile platforms are affected by a security vulnerability called Broadpwn and which allows attackers to gain remote code execution...
Introduction In march 2017, I took part in the pwn2own contest with team Chaitin Security Research Lab. The target I was focused on was...
Google warned of a serious flaw dubbed BroadPwn in some Broadcom Wi-Fi chipsets that potentially impacts millions of Android devices. Google published...
Perl development team solved a flaw in DBD—MySQL in some configurations that wasn’t enforcing encryption allowing an attacker to power MiTM attacks....
Bithumb, the world’s fourth largest cryptocurrency exchange by volume, confirmed a security incident during which an unknown hacker was able to make...
Security experts from Talos discovered a couple of vulnerabilities in Dell Precision software which allow attackers to disable security mechanisms, escalate privileges...