Microsoft network breached through password-spraying by Russian-state hackers (arstechnica.com)
Senior execs' emails accessed in network breach that wasn't caught for 2 months.
Senior execs' emails accessed in network breach that wasn't caught for 2 months.
Terrapin is a prefix truncation attack targeting the SSH protocol. More precisely, Terrapin breaks the integrity of SSH's secure channel. By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at the beginning of the secure channel...
A new attack technique named SMTP Smuggling can allow malicious actors to send out spoofed emails that bypass authentication mechanisms.
Discoveries made by Google's Threat Analysis Group, which tracks nation-state hacking.
An error as small as a single flipped memory bit is all it takes to expose a private key.
The eight-page report said hackers were able to obtain access to the data by exploiting vulnerability in the MOVEit file transfer program
iLeakage is practical and requires minimal resources. A patch isn't (yet) available.
Security researchers hacked the Samsung Galaxy S23 twice during the first day of the consumer-focused Pwn2Own 2023 hacking contest in Toronto, Canada.
Vulnerability allows hackers to execute malicious code when targets open malicious ZIP files.
The Winter Vivern Russian hacking group has been exploiting a Roundcube Webmail zero-day since at least October 11 to attack European government entities and think tanks.
The Google Play store was infiltrated by 43 Android applications with 2.5 million installs that secretly displayed advertisements while a phone's screen was off, running down a device's battery.
The problem stems from the complexity of the Android ecosystem, involving several steps between the upstream vendor (Google) and the downstream manufacturer (phone manufacturers), significant discrepancies in security update intervals between different device models, short support periods, responsibility mixups, and others...
Two new Android malware families named 'CherryBlos' and 'FakeTrade' were discovered on Google Play, aiming to steal cryptocurrency credentials and funds or conduct scams.
In the last few months there has been a lot of hype about "passkeys" and how they are going to change authentication forever. But that hype will come at a cost....