News overview Not just one but two new DDoS amplification methods were discovered last quarter. In mid-May, Israeli researchers reported a new DNS server vulnerability that lurks in the DNS delegation process. The vulnerability exploitation scheme was dubbed “NXNSAttack”. The hacker sends to a legitimate recursive DNS server a request to several subdomains within the…
The fundamental causes for the skill gap are myriad, starting with a lack of training and career-development opportunities.
Four critical-severity flaws were recently disclosed in the Find My Mobile feature of Samsung Galaxy smartphones, which if exploited could allow attackers to force a factory reset on the phones or spy on users.
Three separate proof-of-concepts on Bash, Python and Ruby posted to outsmart fix issued last year to remedy pre-auth RCE bug.
Google Home devices reportedly recorded noises even without the “Hey Google” prompt due to the inadvertent rollout of a home security system feature.
The vulnerability allows attackers to bypass Content Security Policy (CSP) protections and steal data from website visitors.
Attacks were way up year-over-year in the second quarter as people continue to work from home.
Remote, unauthenticated attackers could exploit the TeamViewer flaw to execute code and crack victims’ passwords.
Researchers identified serious flaws in Qualcomm’s Snapdragon SoC and the Hexagon architecture that impacts nearly half of Android handsets.
Legacy applications don’t support modern authentication — and cybercriminals know this.