A researcher says he has discovered yet another critical cross-site scripting (XSS) vulnerability in Yahoo Mail. The recently patched flaw could have been exploited to steal the targeted user's emails and attach malicious code to their outgoing messages.
1 day ago Password Manager Weaknesses RevealedInfoRiskToday View Synopsis+1
The latest edition of the ISMG Security Report describes vulnerabilities found in popular password generator apps. Plus, the evolution of blockchain as a utility and a new decryptor for GandCrab ransomware.
Card details of 2.15 million Americans advertised in a separate forum ad.
Street Value of 60,000 Cards on Joker's Stash is $3 Million, Group-IB SaysThe notorious carder site Joker's Stash is featuring a fresh batch of Pakistani banks' payment card data with an estimated street value of $3.5 million. Nearly all of the 70,000 bank cards are advertised as being from Meezan Bank, the country's largest Islamic bank.
The phishing campaign impersonates Google in attacks against banking institutions and their users.
Researchers also devise a Spectre-like attack with no known mitigation.
There's a PhD position in it too, if you want to get involved
NCC Group and the University of Surrey have set up a "Space Cyber Security Research Partnership" to investigate the security issues faced by satellites.…
The number of adverts selling logins for hacked accounts on adult websites doubled in 2018.
Mexico's privacy watchdog said Wednesday that the federal Attorney General's Office stonewalled it for more than a year as it tried to investigate the government's use of powerful Israeli spyware against journalists, lawyers and activists.
Duo Labs, part of Cisco-owned Duo Security, has launched a new service designed to analyze Chrome extensions and deliver security reports on them.
Several phone apps are sending sensitive user data, including health information, to Facebook without users' consent, according to a report by The Wall Street Journal.
An analytics tool called "App Events" allows app developers to record user activity and report it back to Facebook, even if the user isn't on Facebook, according to the report .
Recent rash of DNS hijacking attacks has spurred ICANN to urge the industry for a more rapid DNSSEC adoption.