Read more about vulnerability
Bookmark and Share
  • LostPass: A worryingly simple phishing attack aimed at LastPass users


    Security researcher (and Praesido CTO) Sean Cassidy has demonstrated at ShmooCon how easy it can be for hackers to steal LastPass users' email, password, and two-factor authentication code via a simple phishing attack.

  • OS X's Gatekeeper bypassed again


    Do you remember when, last October, Synack director of research Patrick Wardle found a simple way to evade OS X's Gatekeeper defense mechanism by bundling up a legitimate Apple-signed app with a malicious, unsigned one placed in the same directory, and wrapping it all up in an Apple disk image file? Until they come up with a permanent fix, which will require a redesign of OS X, Apple has temporarily blocked this attack avenue by creating a (short) blacklist of files that Wardle reported could be repackaged to trip up the Gatekeeper and introduce malware on Macs.

  • Flaw allows malicious OpenSSH servers to steal users' private SSH keys


    Qualys researchers have discovered two vulnerabilities in the popular OpenSSH implementation of the secure shell protocol, one of which (CVE-2016-0777) could be exploited by attackers to extract users' private cryptographic keys.

  • Cheap web cams can open permanent, difficult-to-spot backdoors into networks


    They might seems small and relatively insignificant, but cheap wireless web cams deployed in houses and offices (and connected to home and office networks) might just be the perfect way in for attackers.

  • Cisco kills hardcoded password bug in Wi-Fi access points


    Along with fixes for a number of older vulnerabilities in Cisco IOS and IOS XE software, the Cisco IOS Software Common Industrial Protocol, and the OpenSSL package incorporated in multiple company products, Cisco Systems has pushed out security updates that plug unauthorized access and default account/static password vulnerabilities in some of its offerings.


101,000 US taxpayers affected by automated attack on IRS app

The IRS has revealed more details about an attack it suffered last month, mounted by unknown individuals with the aim to file fraudulent tax returns and funnel the returned money to their own bank accounts.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Feb 10th