Twitter, Reddit, Spotify, PSN, XBox, Netflix, Github, PayPal and bunch of other websites were offline earlier today. That’s because someone conducted a massive distributed denial of service (DDoS) attack on the Dyn DNS, a world renowned Domain Name Servers (DNS) service provider. You can read the most recent status messages at DynDNS. So far there [...]
Security researcher Patrick Wardle of Synack has discovered a new potential use of malware that targets the use of the Mac OS X webcam. This new attack allows OS X malware to record video and audio whenever a victim legitimately turns on their webcam, without drawing attention to itself. As you can see in the [...]
The malicious program first appeared in May 2016, detected by Doctor Web after being added to its virus database under the name Linux.DDoS.87 and Linux.DDoS.89. The Trojan can work with with the SPARC, ARM, MIPS, SH-4, M68K architectures and Intel x86 computers. It has similar features as Linux.BackDoor.Fgt, a backdoor that was found infecting Linux [...]
Researchers at CyberArk have published a proof-of-concept attack that leverages Windows Safe Mode to expose credentials and gain further access to a PC or Windows Servers. They first discovered this attack back in February and even reported it to the Microsoft Security Response Center who said it was not a valid vulnerability. An attacker would [...]
JAMF Software has a number of solutions for fleet management of Apple products, including their own Apple MDM. The issue discussed in this post applies to the self-hosted JAMF Casper Suite and deploying a JSS. This suite of tools includes software that will help track inventory, manage devices, implement security policies, and deployment of software [...]
A security researcher by the name of Rob Fuller has posted an article on Softpedia where he has discovered a unique attack method that can steal PC credentials from Windows and Mac computers, and possibly Linux (currently untested). He used USB ethernet adapters where he modified the firmware code so that it runs special software [...]
Legacy ciphers such as triple-DES (3DES) and Blowfish are vulnerable to Sweet32 attacks, which let attackers decrypt HTTPS sessions even without the encryption key. Security researchers were able to use a Sweet32 attack and take authentication cookies from HTTPS-protected traffic using triple-DES (3DES) and Blowfish and recover login credentials to be able to access to [...]
