New World, Amazon’s latest entry into the gaming world, is a plagued by bots that are ruining player experiences.

SharkBot: a new generation of Android Trojans is targeting European banks. It has been discovered by the threat intelligence team of Cleafy: here's the technical analysis.

In this blog, we’ll explore a new way to exploit reentrancy that can be used to evade the behavioral analysis of EDR and legacy antivirus products.

Some time ago Microsoft released a very cool feature that caught our attention. That was a passwordless authentication functionality that provides seamless single sign-on (SSO) to on-premises resources, using security keys such as the famous FIDO2 keys.  …

To protect our users, TAG routinely hunts for 0-day vulnerabilities exploited in-the-wild. In late August 2021, TAG discovered watering hole attacks targeting visitors to Hong Kong websites for a media outlet and a prominent pro-democracy labor and political…

A community for technical news and discussion of information security and closely related topics.

Docker is a popular tool that has become synonymous with containers. Docker can build images and run containers. The tool also allows its users to upload their docker images to Docker Hub - the container image registry from Docker Inc. that helps share images.…

This week at Black Hat Europe 2021, Marloes Venema (Radboud University Nijmegen) and me, presented our work on attacking attribute-based encryption implementations: Attribute-based encryption Attri…

The discovery and analysis of a new threat: Krane malware – a cryptominer botnet that has the ability to spread laterally.

Familiarity is what makes spear phishing attacks successful.

exploit

Execute ELF files without dropping them on disk. Contribute to nnsee/fileless-elf-exec development by creating an account on GitHub.

Discord is the easiest way to communicate over voice, video, and text. Chat, hang out, and stay close with your friends and communities.

Israel has been caught hacking the phones of six Palestinian human rights staffers. It’s the latest incident in Israel’s larger web of blatantly undemocratic mass surveillance practices.

This blog post will discuss our findings that we presented in our Blackhat Europe talk noscriptd "Exploiting CSP in Webkit to break Authentication/Authorization", a vulnerability that enabled us to takeover user accounts on most of the web applications out thereby…

This blog post will discuss our findings that we presented in our Blackhat Europe talk noscriptd "Exploiting CSP in Webkit to break Authentication/Authorization", a vulnerability that enabled us to takeover user accounts on most of the web applications out thereby…

Posted in r/netsec by u/CyberMasterV • 26 points and 6 comments

Posted in r/netsec by u/digicat • 153 points and 14 comments

Multiple vulnerabilities in concrete cms. File upload, double race condition, RCE, turbo intruder.