Chinese hacker group APT41 compromises Cisco, Citrix and Zoho apps
APT41 has compromised apps from Cisco, Citrix and Zoho worldwide at a time when many companies are less able to respond.
Stories by Lucian Constantin
Covid-19 offers unique opportunity to pilot zero trust, rapidly and at scale
A zero trust model addresses many of the security concerns around supporting large numbers of remote workers.
New CPU attack technique can leak secrets from Intel SGX enclaves
The Load Value Injection attack can bypass security boundaries and mitigations put in place for other CPU vulnerabilities such as Spectre and Meltdown.
How Visa built its own container security solution
The homegrown solution takes advantage of the native capabilities that already exist on container orchestration platforms, built on open source tools.
Design flaw could compromise Intel platform security features, researchers warn
Researchers reveal that a previously known Intel flaw is unpatchable and could allow attackers to compromise the cryptographic chain of trust.
APIs are becoming a major target for credential stuffing attacks
New research shows that attackers use APIs to automate credential stuffing attacks. The financial sector is particularly vulnerable.
Lack of firmware validation for computer peripherals enables highly persistent attacks
Vulnerabilities in unvalidated peripheral firmware such as WiFi adapters, cameras, and network interface controllers give attackers control over systems.
More targeted, sophisticated and costly: Why ransomware might be the biggest threat
Ransomware has matured and its threat level is now on par with APTs as attackers use better tools and learn from past mistakes.
Infrastructure-as-code templates are the source of many cloud infrastructure weaknesses
A new report shows a high percentage of IaC template misconfigurations in cloud deployments that leave them vulnerable to attack.
Implementation flaws make LoRaWAN networks vulnerable to attack
New report from IOActive details implementation errors that expose LoRaWAN networks to attack and provides a framework for mitigating the risk.
Magecart-related arrests made in Indonesia
The three individuals arrested represent only a small portion of the Magecart web-skimming group, but the investigation is ongoing.
What is a buffer overflow? And how hackers exploit these vulnerabilities
Software that writes more data to a memory buffer than it can hold creates vulnerabilities that attackers can exploit.
Macy’s breach is a game changing Magecart attack
The attackers customised the Magecart code to the Macy's website to steal credit card information in the wallet and new registrations.
Hackers use free tools in new APT campaign against industrial sector firms
Researchers have recently detected an advanced persistent threat campaign that targets critical infrastructure equipment manufacturers.
Remote hackers can modify CPU voltage to steal secrets from Intel SGX enclaves
By manipulating the voltage of Intel CPUs that use SGX, researchers can extract sensitive data, including full RSA encryption keys.
