Microsoft's Enhanced Mitigation Experience Toolkit (EMET) is a good piece of software and helpful for protecting non-kernel Microsoft applications and third-party software, but the protection it offers can also be bypassed completely if the attackers know what they are doing, claim researchers from security firm Bromium.
The recently spotted watering hole attacks aimed at the visitors of the official website of the US Veterans of Foreign Wars and of a bogus website mimicking that of the French aerospace association GIFAS might not be, after all, the work of the same threat actors.
The recent release of a Metasploit module that allows attackers to remotely access ("get shell") on most Android-running devices has again raised a very good question: "How can we force carriers and sellers to deliver security updates to users in a timely manner?" The bug is in Android's WebView programming interface.
Evernote users are being actively targeted with an email spam campaign that tries to trick them into following a malicious link.
There are a few new rules for this years' edition of the Pwn2Own hacking contest and a huge new prize for an "Exploit Unicorn worthy of myth and legend" - $150,000 for a system-level code execution on Windows 8.1 x64 on Internet Explorer 11 x64 with EMET bypass.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.