Researchers are warning of a new Netflix phishing scam that leads victims to sites with valid Transport Layer Security (TLS) certificates. Johannes Ullrich, dean of research at the SANS Technology Institute, said Wednesday that there’s been an uptick in Netflix phishing mails using TLS-certified sites. The bad actors behind the attacks will take advantage of
An unusual botnet dubbed Mylobot has emerged, percolating up from the Dark Web – and displaying a never-before-seen level of complexity in terms of the sheer breadth of its various tools, especially evasion techniques. According to an analysis posted on Tuesday by Tom Nipravsky, a security researcher for Deep Instinct, Mylobot’s bag of
The elusive APT15 cyber-espionage group, believed to be affiliated with the Chinese government, has been spotted for the first time in many months, mounting a highly targeted spy campaign using an upgraded version of the Mirage remote access trojan. This is the first evidence of the China-linked actor’s activity since hacking the U.K.
Tapplock, a smart padlock that received positive reviews and media hype when it was released earlier this year, has issued a critical patch after researchers discovered several security issues enabling them to easily hack into and unlock the device. The $100 lock is Bluetooth-based and can be fingerprint-activated. At first glance, everything about
Google Home and Chromecast devices allow attackers to uncover the precise physical locations of the connected gadgets thanks to two common internet of things issues present in both. A fix from Google is incoming in July. At issue is, like many other IoT devices, they don’t require authentication for connections received on a
Researchers are cautioning macOS users that not all the data they store on their encrypted hard drive is protected. In a report published Monday, Apple security expert Patrick Wardle revealed that a macOS feature called QuickLook stores unprotected previews of images and other file types. “Apple states that: ‘we believe privacy is a
More than 22,000 container orchestration and API management systems are unprotected or publicly available on the internet – highlighting the reality of the risks of operating workloads in the cloud. According to research from Lacework, the containers (Kubernetes, Mesos, Docker Swarms and more) suffer from poorly configured resources, lack of credentials and the
A slew of vulnerabilities in Axis cameras could enable an attacker to access camera video streams, control the camera, add it to a botnet or render it useless. Researchers at VDOO, who disclosed the vulns on Monday, recommended that customers update immediately after finding that more than 400 Axis IP cameras are impacted.
389-ds-base -- 389-ds-base 389-ds-base before versions 126.96.36.199, 188.8.131.52 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service.2018-06-13not yet calculatedCVE-2018-10850CONFIRMCONFIRMCONFIRMacccheck -- acccheck acccheck.pl in acccheck 0.2.1 allows Command Injection
In a David-and-Goliath moment, a 49-year-old librarian has won damages against credit giant Equifax, in the wake of its head-spinningly massive 2017 data breach. It’s a small but significant victory: a small claims court awarded $600 to Jessamyn West, native of the small town of Randolph in Orange County, Vermont. West told Threatpost