The final version of the 2017 OWASP Top 10 has been released on Monday and some kinds of vulnerabilities that are not serious have been substituted with vulnerabilities that are more expected to pose a significant threat. Many years ago, injection remained the top web application security vulnerability, but there […]

Crypto hackers are at it again.  According to Tether, a company that’s behind the cryptocurrency of the same name (known by the symbol USDT), someone recently stole nearly $31 million from its digital vault. The announcement, together with Tether’s website, is currently offline, but an archived version says that « $30,950,010 […]

US CERT has issued a warning on a vulnerability in Windows’ Address Space Layout Randomization (ASLR) that affects Windows 8, Windows 8.1, and Windows 10 which could an attacker to take control of an affected system. CERT’s Will Dormann wrote in Vulnerability Note #817544 that both the Enhanced Mitigation Experience […]

Denial of Service (DoS) attacks have been around as long as computers have been networked. But if your business relies on the Internet to sell products or collaborate, a DoS attack is more than a nuisance, it can be critical. Over the past few years, the number of DoS attacks […]

Do you own an Android smartphone? If yes, then you are one of those billions of users whose smartphone is secretly gathering location data and sending it back to Google. Google has been caught collecting location data on every Android device owner since the beginning of this year (that’s for […]

In past few months, several research groups have uncovered vulnerabilities in the Intel remote administration feature known as the Management Engine (ME) which could allow remote attackers to gain full control of a targeted computer. Now, Intel has admitted that these security vulnerabilities could « potentially place impacted platforms at risk. » […]

The McAfee Mobile Research team recently examined a new threat, Android malware that contains a backdoor file in the executable and linkable format (ELF). The ELF file is similar to several executables that have been reported to belong to the Lazarus cybercrime group. (For more on Lazarus, read this post […]