PayPal recently fixed a vulnerability on its PayPal.me site that could have let an attacker change a user’s profile without permission. The issue stemmed from a cross-site request forgery (CSRF)Read More →
Misbehaving hidden service directories are scattered around the world. The trust of the Tor anonymity network is in many cases only as strong as the individual volunteers whose computers form itsRead More →
Far too many otherwise intelligent and talented software developers these days apparently think they can get away with writing, selling and supporting malicious software and then couching their commerce asRead More →
Android Stagefright like attack for iPhone, All it takes is a specially crafted message to hack your iPhone If you remember the Stagefright vulnerability in Android discovered in July last year, youRead More →
tl;dr: We found 6(!) different common security issues that stem from incorrect implementation of code hooking and injections techniques. These issues were found in more than 15 different products. TheRead More →
In part one of our web shell series we analyzed recent trends, code bases, and explored defensive mitigations. In part two we investigate a new web shell created by Chinese-speakingRead More →
Sites exploited by SoakSoak bots give the gift of CryptXXX malware. If you’ve visited the do-it-yourself project site of Dunlop Adhesives, the official tourism site for Guatemala, or a numberRead More →
Increasingly, browsers are taking on a central role in our daily lives. With web apps for everything, we have placed our most intimate data on online services such as Facebook,Read More →
Malicious macros made a comeback in 2015 to deliver malware. Now we’re seeing phishing emails use macros in Excel attachments to steal sensitive banking details. In 2015, we saw maliciousRead More →
Fifteen-year-old vulnerability comes back to life. HTTPoxy is the name of a 15-year-old vulnerability that has plagued several code libraries that make HTTP requests, and has most recently been found toRead More →
