News overview Not just one but two new DDoS amplification methods were discovered last quarter. In mid-May, Israeli researchers reported a new DNS server vulnerability that lurks in the DNS delegation process. The vulnerability exploitation scheme was dubbed “NXNSAttack”. The hacker sends to a legitimate recursive DNS server a request to several subdomains within the…
Three separate proof-of-concepts on Bash, Python and Ruby posted to outsmart fix issued last year to remedy pre-auth RCE bug.
Google Home devices reportedly recorded noises even without the “Hey Google” prompt due to the inadvertent rollout of a home security system feature.
The vulnerability allows attackers to bypass Content Security Policy (CSP) protections and steal data from website visitors.
Attacks were way up year-over-year in the second quarter as people continue to work from home.
Remote, unauthenticated attackers could exploit the TeamViewer flaw to execute code and crack victims’ passwords.
Researchers identified serious flaws in Qualcomm’s Snapdragon SoC and the Hexagon architecture that impacts nearly half of Android handsets.
Legacy applications don’t support modern authentication — and cybercriminals know this.
Fully opening the door to allow people to contribute to – and notably, tinker with – the code for the data-breach information service will be an entirely next-level effort, according to founder Troy Hunt.
Chipmaker investigates a leak of intellectual property from its partner and customer resource center.