CHM Help Files Deliver Brazilian Banking Trojan

Brazilian firms are the latest targets in a spam campaign delivering CHM help files hiding links to bank Trojans.

U.S. Government Blames North Korea for WannaCry

The United States government is officially blaming North Korea for the WannaCry ransomware outbreak in May that infected nearly a quarter-million computers in 150 countries.

Project Zero Chains Bugs for ‘aPAColypse Now’ Attack on Windows 10

Google’s Project Zero team dubs a new WPAD-related attack as an “aPAColypse Now” that allows a local attacker to compromise a targeted and fully patched Windows 10 PC.

User ‘Gross Negligence’ Leaves Hundreds of Lexmark Printers Open to Attack

Researchers warn hundreds of Lexmark printers are vulnerable to a trivial hack thanks to user “gross negligence.”

Triton Malware Targets Industrial Control Systems in Middle East

Malware intended for a “high-impact” attack against safety systems likely would of caused physical damage to a targeted company located in the Middle East.

Synaptics Says Claims of a Keylogger in HP Laptops are False

Synaptics said reports that hundreds of HP laptops contained a secret keylogger that traced back to debugger software made by the company are inaccurate.

Permissions Flaw Found Azure AD Connect

A permissions flaw in Microsoft’s Azure AD Connect software could allow a rogue admin to escalate account privileges and gain unauthorized universal access within a company’s internal network. 

19-Year-Old TLS Vulnerability Weakens Modern Website Crypto

New research shows how an old vulnerability called ROBOT can be exploited using an adaptive chosen-ciphertext attack to reveal the plaintext for a given TLS session.

Microsoft December Patch Tuesday Update Fixes 34 Bugs

Microsoft patched 34 vulnerabilities in all on Tuesday with most of the bugs impacting Microsoft Edge, Microsoft Office and Microsoft’s Scripting Engine.

Bleichenbacher Attack on TLS Affecting Cisco Products: December 2017

On December 12, 2017, a research paper with the title Return of Bleichenbacher's Oracle Threat was made publicly available.

This paper describes how some Transport Layer Security (TLS) stacks are vulnerable to variations of the classic Bleichenbac...

New Spider Ransomware Comes With 96-Hour Deadline

A ransomware campaign targeting the Balkans comes with a 96-hour deadline and includes a link to a video that assures victims payments can be made easily.

VU#144389: TLS implementations may disclose side channel information via discrepencies between...

TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding,and may therefore be vulnerable to Bleichenbacher-style attacks..

This attack is known as aROBOT attackquot;.