While Facebook’s bug bounty program does not typically cover denial-of-service (DoS) vulnerabilities, the social media giant has decided to award a significant bounty for a serious flaw affecting Fizz, its open source TLS library. Fizz, which Facebook released as open source in August 2018, is the company’s implementation of the...
The financially-motivated hacking group FIN7 has used new malware samples in a recent attack campaign, Flashpoint security researchers warn.  Operating since at least 2015, the cybercrime gang has been mainly focused on targeting businesses worldwide to steal credit card information. According to an indictment from the United States Department of...
In this article, I want to demonstrate extracting the firmware from a secure USB device running on the Cortex M0. Who hacks video game consoles? The manufacture of counterfeit and unlicensed products is widespread in the world of video game consoles. It’s a multi-billion dollar industry in which demand creates supply....
Finnish authorities will launch an investigation into claims that Nokia phones have been transmitting users' personal data to China, the country's data protection ombudsman announced on Thursday. "Based on our initial analysis it appears that personal data has also been transferred (to China)," Reijo Aarnio, Finland's data protection ombudsman, told...
Manufacturing arguably offers the largest attack surface of almost any industry with regards to cybersecurity threats, and has long been a prime target for ‘everyday’ attacks like phishing, ransomware, data-theft – you name it, they’ve seen it. But these ‘everyday’ attacks and the associated losses are only the tip...
Poland-based cybersecurity research firm Security Explorations claims to have identified nearly 20 vulnerabilities in Oracle’s Java Card, including flaws that could be exploited to compromise the security of chips using this technology. Oracle’s Java Card technology is designed to provide a secure environment for applications running on smart cards, SIMs,...
A serious denial-of-service (DoS) vulnerability has been found in Schneider Electric’s Triconex TriStation Emulator software. The vendor has yet to release a patch, but assured customers that the flaw does not pose a risk to operating safety controllers. The vulnerability, discovered by a researcher from industrial cybersecurity firm Applied Risk,...
Mimikatz Has Become a Lethal Weapon for Attackers Seeking to Move Laterally Inside Corporate and Government Networks The origin story of Mimikatz — a post-exploitation module that has enabled criminals to steal millions of passwords around the world — reads like an over-the-top spy thriller. It began in 2011, when...
Apple’s Safari web browser and the Oracle VirtualBox and VMware Workstation virtualization products were hacked on the first day of the Pwn2Own 2019 hacking competition, earning researchers a total of $240,000 in cash. Pwn2Own 2019, which takes place these days in Vancouver, Canada, alongside the CanSecWest conference, is organized by...
Cisco Talos security researchers were able to leverage properties of the Universal Plug and Play (UPnP) protocol to unmask the IPv6 address of specific IPv4 hosts. Comparative scans of discovered hosts on both IPv4 and IPv6 revealed not only that the newly discovered technique is valid, but also that “there...