Google Chrome Browser Bug Exposes Billions of Users to Data Theft
The vulnerability allows attackers to bypass Content Security Policy (CSP) protections and steal data from website visitors.
DDoS Attacks Cresting Amid Pandemic
Attacks were way up year-over-year in the second quarter as people continue to work from home.
TeamViewer Flaw in Windows App Allows Password-Cracking
Remote, unauthenticated attackers could exploit the TeamViewer flaw to execute code and crack victims’ passwords.
DDoS attacks in Q2 2020
News overview Not just one but two new DDoS amplification methods were discovered last quarter. In mid-May, Israeli researchers reported a new DNS server vulnerability that lurks in the DNS delegation process. The vulnerability exploitation scheme was dubbed “NXNSAttack”. The hacker sends to a legitimate recursive DNS server a request to several subdomains within the…
Qualcomm Bugs Open 40 Percent of Android Handsets to Attack
Researchers identified serious flaws in Qualcomm’s Snapdragon SoC and the Hexagon architecture that impacts nearly half of Android handsets.
Attackers Horn in on MFA Bypass Options for Account Takeovers
Legacy applications don’t support modern authentication — and cybercriminals know this.
Have I Been Pwned Set to Go Open-Source
Fully opening the door to allow people to contribute to – and notably, tinker with – the code for the data-breach information service will be an entirely next-level effort, according to founder Troy Hunt.
Hackers Dump 20GB of Intel’s Confidential Data Online
Chipmaker investigates a leak of intellectual property from its partner and customer resource center.
Augmenting AWS Security Controls
Appropriate use of native security controls in AWS and other CSPs is fundamental to managing cloud risk and avoiding costly breaches.
Spam and phishing in Q2 2020
Quarterly highlights Targeted attacks The second quarter often saw phishers resort to targeted attacks, especially against fairly small companies. To attract attention, scammers imitated email messages and websites of companies whose products or services their potential victims could be using. The scammers did not try to make any of the website elements appear credible as…