News Clipping

751 Domains Hijacked to Redirect Traffic to Exploit Kits [bleepingcomputer]

On July 7, French domain registrar Gandi lost control over 751 customer domains, which had their DNS records altered to point incoming traffic to websites hosting exploits kits. The domain hijacking was active for only a few hours, between 12:50 UTC and 13:30 UTC, albeit the DNS records of some domains propagated slower and they still redirected user traffic up until 18:02 UTC.


SMS Phishing induces victims to photograph its own token card [securityaffairs]

Today I faced quite an unusual SMS phishing campaign here in Brazil. A friend of mine received an SMS message supposedly sent from his bank asking him to update his registration data through the given URL. Otherwise, he could have his account blocked. My friend doesn’t have any account on the informed bank and, even so, we know that those kinds of message are hardly...

Read More


Android Backdoor GhostCtrl can Silently Record Your Audio, Video, and More [trendmicro]

The information-stealing RETADUP worm that affected Israeli hospitals is actually just part of an attack that turned out to be bigger than we first thought—at least in terms of impact. It was accompanied by an even more dangerous threat: an Android malware that can take over the device. There are three versions of GhostCtrl. The first stole information and controlled some of the device’s functionalities...

Read More


A deep dive into AWS S3 access controls – taking full control over your assets

Setting up access control of AWS S3 consists of multiple levels, each with its own unique risk of misconfiguration. We will go through the specifics of each level and identify the dangerous cases where weak ACLs can create vulnerable configurations impacting the owner of the S3-bucket and/or through third party assets used by a lot of companies. We also show how to do it properly...

Read More


21-Year-Old Bug in Kerberos Protocol Gets Patch in Windows, Linux [bleepingcomputer]

Researchers have contacted projects where the Kerberos protocol was used. Microsoft patched the vulnerability in its Kerberos implementation (CVE-2017-8495) in this week’s Patch Tuesday security update. Debian, FreeBSD, and Samba — projects using the Heimdal Kerberos implementation — have also released patches for the flaw, tracked as CVE-2017-11103.


Page 111 of 123« First...102030...109110111112113...120...Last »