pindrop-logo-2.svg
Search
Close this search box.
Search
Close this search box.

Exploit Kits Target Flash and Focus on Newer Vulnerabilities

The conventional wisdom on exploit kits is that they rely mainly on exploits for older vulnerabilities, bugs that were disclosed and patched years ago. But new research shows that most of the popular exploit kits are actually going after flaws from 2015 and later, and the most commonly exploited vulnerabilities are in Flash and Java. […]

Large Network of Compromised Embedded Devices Found

The word botnet usually conjures images of hordes of compromised PCs being used for DDoS attacks or malware operations, but researchers in the Czech Republic has discovered a large network of compromised CCTV cameras, routers, and other embedded devices that’s growing by tens of thousands of devices per day. Since the end of May, researchers […]

Android Bug in Nexus 5 Devices Allowed Memory Access

Google quietly patched a serious vulnerability in the Android image used on some Nexus devices that could allow an attacker to get full access to a device’s memory even while it was locked. The bug could have been exploited by a remote attacker or someone who had physical access to a vulnerable device. Researchers from IBM’s […]

Here’s an Adult Conversation About Crypto

Earlier this week, FBI Director James Comey said that the country needed to have an “adult conversation” about encryption and how it’s used. To get the ball rolling, here’s what we thought that conversation might sound like. Alice: Bob, I need to talk to you about something. Have a seat. Bob: Uh, ok. Sounds serious. Alice: […]

On the Wire Podcast: Bruce Schneier

It’s been a few months since we talked with Bruce Schneier, the cryptographer, author, and speaker, and there was plenty to cover. In this episode, Dennis Fisher talks with Bruce about the Shadow Brokers NSA tool dump, the crypto debate, and the Sweet32 attack that was revealed last week. Music by Chris Gonsalves and Ken […]

Apple Patches Trident Bugs in OS X and Safari

A week after fixing three critical vulnerabilities in iOS that were used in an attack on a human rights activist, Apple has released patches for the same bugs in Safari and OS X. The vulnerabilities include two flaws in the OS X kernel and a WebKit bug, which was fixed in the Safari browser. One of the […]

There is No Encryption Debate

Like most arguments, the encryption debate has gotten more absurd and contentious as time has gone on. And now it appears to have reached its illogical and inevitable denouement, with FBI Director James Comey calling for an “adult conversation” about encryption. One of the oft-overlooked parts of this story is that the encryption debate isn’t actually […]

61% of Fraud Traced Back to the Contact Center

Contact center fraud attacks have increased substantially in recent years due to the EMV transition and data breaches. Despite the intent to administer positive and timely customer experiences, contact centers often fall victim to social engineering methods that enable fraud attacks. Fraud attacks increase operational costs, decrease customer satisfaction, and jeopardize brand reputation as customer […]

Employee Password Compromise Leads to Breach at OneLogin

A password compromise of an employee at OneLogin, the identity and access management company, has led to a breach at the company that affected stored customer data that was supposed to be encrypted but was actually available in plaintext. The attack happened earlier this summer, and OneLogin officials say the attacker may have been on their […]