Emoji Attack Can Kill Skype for Business Chat
The "Kitten of Doom" denial-of-service attack is easy to carry out.
Gmail Glitch Offers Stealthy Trick for Phishing Attacks
The issue comes from how Gmail automatically files messages into the "Sent" folder.
Critical WordPress Flaw Grants Admin Access to Any Registered Site User
The privilege-escalation vulnerability would allow an attacker to inject malware, place ads and load custom code on an impacted website.
Lock-Screen Bypass Bug Quietly Patched in Handsets
The flaw in a high-end phones and up-and-coming handsets made by top OEMs allows hackers to bypass handset lock screens in seconds.
tRat Emerges as New Pet for APT Group TA505
The modular malware seems to be in a testing phase, but TA505's interest made researchers take note.
Managing the Risk of IT-OT Convergence
Why manufacturing and logistics are especially challenged.
Connected Wristwatch Allows Hackers to Stalk, Spy On Children
"Our advice is to stop using this watch" as mitigations are not available, researchers told Threatpost.
Ahead of Black Friday, Rash of Malware Families Takes Aim at Holiday Shoppers
As consumers skip the store crowds in favor of online deals, cyberattackers have geared up to victimize them.
Bitcoin Giveaway Scam Balloons, with Google the Latest Victim
A slew of verified Twitter accounts have been hijacked and altered, used to tweet out a bogus Bitcoin giveaway scam.
Pwn2Own Trifecta: Galaxy S9, iPhone X and Xiaomi Mi6 Fall to Hackers
Hacker contest earns participants $325,000 based on the discovery of 18 vulnerabilities.
Siemens Patches Firewall Flaw That Put Operations at Risk
The industrial company on Tuesday released mitigations for eight vulnerabilities overall.
Microsoft Patches Zero-Day Bug in Win7, Server 2008 and 2008 R2
Microsoft’s November Patch Tuesday fixes include mitigation against a zero-day vulnerability leaving Windows 7, Server 2008 and Server 2008 R2 open to attack.
Google’s G Suite, Search and Analytics Taken Down in Hijacking
Google cloud business customers were impacted by a Border Gateway Protocol hijacking.
Unpatched Android OS Flaw Allows Adversaries to Track User Location
The vulnerability is one of many with the same root cause: Cross-process information leakage.
Adobe Fixes Acrobat and Reader Flaw With Publicly-Available PoC
Overall, the company released only three patches as part of its regularly-scheduled November update.
Podcast: IoT Firms Face a ‘Tidal Wave’ of Lawsuits, Attorney Explains
An attorney in the infamous 2015 Jeep hack predicts that more lawsuits related to IoT security are looming in the future.
Emotet Campaign Ramps Up with Mass Email Harvesting Module
The new variant can exfiltrate emails for a period going back 180 days, en masse.
U.S. Chip Cards Are Being Compromised in the Millions
A full 60 million U.S. cards were compromised in the past 12 months. While 93 percent of those were EMV chip-enabled, merchants continued to use mag stripes.
Malware-Laced App Lurked on Google Play For a Year
Google Play’s policy prohibits apps or SDKs that download executable code, such as dex files or native code, from a source other than Google Play
New Boom in Facial Recognition Tech Prompts Privacy Alarms
Tech advances are accelerating the use of facial recognition as a reliable and ubiquitous mass surveillance tool, privacy advocates warn.
Instagram flaw exposes user passwords
A security flaw in Instagram’s recently released “Download Your Data” tool could have exposed some user passwords, the company reportedly told users.
The tool, revealed by Instagram right before the GDPR regulation went into effect, is designed to let users...
Julian Assange Charges, Japan’s Top Cybersecurity Official, and More Security News This Week
Safer browsing, more bitcoin scams, and the rest of the week's top security news.
SMS 2FA database leak drama, MageCart mishaps, Black Friday badware, and more
Plus, why is Kaspersky Lab getting into chess? Roundup What a week it has been: we had the creation of a new government agency, a meltdown flashback, and of course, Patch Tuesday.…
Is retaining a cybersecurity attorney a good idea for your business?
Cybersecurity is so complicated that businesses, large and small, are retaining legal counsel specializing in security. Learn two more steps businesses should take before a cyberattack hits.
Machine Learning Can Create Fake ‘Master Key’ Fingerprints
Researchers have refined a technique to create so-called DeepMasterPrints, fake fingerprints designed to get past security.
