In research presented at the Defcon security conference this month, a researcher found workarounds that attackers could potentially use to get past Google’s enhanced Workspace protections.
Google Project Zero researcher James Forshaw shared details of a Windows AppContainer vulnerability after Microsoft backtracked on its previous stance of not fixing the flaw and announcing to address it soon.
The Internet Systems Consortium (ISC) has released security updates to address a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2021-25218, that affects its BIND DNS software.
Emsisoft has released a decryptor for the SynAck Ransomware, allowing victims to decrypt their encrypted files for free. As part of this rebranding, the threat actors released the master decryption keys on their Tor data leak site.
This week, a threat actor began emailing recipients, telling them that their iPhone device was hacked with a ‘zero-click’ vulnerability to install the Pegasus spyware software.
ShadowPad, an infamous Windows backdoor that allows attackers to download further malicious modules or steal data, has been put to use by five different Chinese threat clusters since 2017.
Just over 70 of The Spaghetti Detective’s users were able to control others’ 3D printing devices as a result – something the service said it doesn’t normally allow to happen.
Cloudflare said this attack peaked at 17.2 million HTTP requests/second (rps), a figure that the company described as almost three times larger than any previously reported volumetric DDoS attack.
The Internet Systems Consortium (ISC) this week publicly announced the availability of patches for a high-severity denial-of-service (DoS) vulnerability affecting its BIND DNS software.
The authentication protocols used by security systems must be flawless. But there’s no such thing as a flawless system, and implementation errors can lead to hazardous security vulnerabilities.