Defenders can discover phishing sites through web analytics IDs
Many phishing websites are now using unique user IDs, giving defenders a signal to detect phishing attacks before they do much damage.
Stories by Lucian Constantin
Attackers phish Office 365 users with fake voicemail messages
Recent phishing campaigns have combined a clever use of fake voicemail, phony Microsoft email, and off-the-shelf phishing kits to target high-value victims.
Zero-day vulnerability gives attackers full control of Android phones
Attackers are reportedly exploiting an unpatched vulnerability to take control of Android devices and potentially deliver spyware.
SMS-based provisioning messages enable advanced phishing on Android phones
Attackers can use this vulnerability to send highly credible phishing messages. Victims' internet traffic is then routed through the attacker's proxy.
Popular Avaya enterprise VoIP phones vulnerable to hacking
Attackers can use the vulnerability to gain complete control of the phone. It underscores the risks of using old open-source code in IoT devices.
Critical VxWorks flaws expose millions of devices to hacking
Researchers have found 11 serious vulnerabilities in VxWorks, the world's most popular real-time operating system.
Over 90% of data transactions on IoT devices are unencrypted
A report from Zscaler reveals some troubling facts about the risks posed by network-connected IoT devices.
Microsoft urges Windows customers to patch wormable RDP flaw
A newly found vulnerability allows remote exploits using the Remote Desktop Protocol to gain full access to systems with no authentication.
New Intel firmware boot verification bypass enables low-level backdoors
By replacing a PC's SPI flash chip with one that contains rogue code, an attacker can can gain full, persistent access.
Public SAP exploits could enable attacks against thousands of companies
A recently released exploit takes advantage of a known configuration vulnerability that persists among many on-premise and cloud SAP instances.
Hackers use Slack to hide malware communications
A group of hackers is using a previously undocumented backdoor program designed to interact with attackers over Slack.
One in three organisations suffered data breaches due to mobile devices
New Verizon report shows a big gap between organisations' mobile security risk concerns and mobile security best practices they implement.
Qbot malware resurfaces in new attack against businesses
The decade-old Qbot financial malware has resurfaced with an improved version in a new attack that has infected thousands of systems so far.
Attackers place crypto-jacking apps in Microsoft App Store
Microsoft has removed eight applications from its app store for Windows that were mining Monero crypto-currency without users' knowledge.
Over 59,000 GDPR data breach notifications, but only 91 fines
The low number of fines relative to the volume of reported breaches might be due to over-extended regulators, according to DLA Piper findings.
