Proof-of-concept exploit code has been published this week for a new attack technique that can bypass the Kerberos authentication protocol in Windows environments and let intruders access sensitive network-connected services.
The server-client communication in certain versions of the WinZip file compression tool is insecure and could be modified to serve malware or fraudulent content to users.
The OpenSSF announced at the Black Hat Europe conference the availability of an open-source tool designed for evaluating the ability of static analysis security testing (SAST) products to detect vulnerabilities.
A new card skimmer has been found using an innovative technique to inject highly convincing PayPal iframes and hijack the checkout process on compromised online stores.
Kaspersky’s security researchers stumbled across a new PowerShell backdoor by the DeathStalker group that has several anti-detection tactics from mouse movements detection to MAC addresses filtering.
Google patched ten critical bugs as part of its December updates. The worst of the bugs was tied to the Android media framework component and gives attackers remote control of vulnerable devices.
API security platform provider Salt Security announced on Tuesday that it has raised $30 million in Series B funding led by Sequoia Capital, with participation from existing investors Tenaya Capital, S Capital VC, and Y Combinator.
Personal details, including phone numbers and email addresses of 7 million Indian debit and credit cardholders, have been circulating on the dark web, an Internet security researcher alerted.
The Apache Software Foundation has released a security update to address a “possible remote code execution” flaw in Apache Struts 2 that is related to the OGNL technology.
CheckPoint’s latest Global Threat Index for November 2020 has revealed that there has been a new surge in infections by the well-known Phorpiex botnet which has made it the month’s most prevalent malware.