Malware from a newly uncovered group PowerPool has been exploiting zero-day vulnerability in the wild, only two days after its disclosure. The vulnerability affects Microsoft Windows OSes from Windows 7 to Windows 10 and in particular, the ALPC function,…

Instead of modifying and blocking page contents; Firefox optionally lets users modifies the browser to become harder to track across websites.

5 votes and 3 comments so far on Reddit

1 vote and 0 comments so far on Reddit

Author: Chris Lyne

What is CT? Certificate Transparency (CT) is an experimental IETF standard. The goal of CT is to allow the public to audit which certificates were created by Certificate Authorities (CA). TLS has a weakness that comes from the large list of CAs that your…

3 votes and 2 comments so far on Reddit

1 vote and 0 comments so far on Reddit

With some care, it turns out to be possible to spoof fake DNS responses using fragmented datagrams. While preparing a presentation for XS4ALL back in 2009, I found out how this could be done, but I…

Skilled hackers disabled security features of Aadhaar enrolment software, circulated hack on Whatsapp

Sploitus is a convenient central place for identifying the newest exploits and finding attacks that exploit known vulnerabilities. The search engine is also a good resource for finding security and vulnerability discovery tools.

Back in the days, the word Amazon used to refer to over half of earth's rainforests. While this is still true, it isn't what most people ...

Attackers don't need sophisticated tools to create effective malware. Basic tools work just fine. Case in point: Cybereason researchers discovered a .NET dropper/crypter. Here's how they reverse engineered it.

The shortage of proficient cyber operators in a world now dependent on connectivity and information has left nations scrambling to build capabilities in a vo...

Posted by Jann Horn, Google Project Zero Recently, there has been some attention around the topic of physical attacks on smartphones, wh...

by Mitja Kolsek, the 0patch Team As expected, Windows Update has just brought the official patch for CVE-2018-8440 today, a patch that w...

Inject JavaScript to explore native apps on Windows, macOS, GNU/Linux, iOS, Android, and QNX

Learn more about update KB4457128, including improvements and fixes, any known issues, and how to get the update.

A first-hand look from the .NET engineering teams

The Keybase browser extension subverts the app's end-to-end encryption. Keybase considers that "an acceptable risk" and not worth fixing.