Cambridge University researchers have discovered a new kind of “fingerprinting attack” that could enable websites to keep track of individual users as they visit other websites using the same browser. Fingerprinting is a nightmare for people who care about their privacy. It can be used to target people with customized

Just one day after notorious Windows exploit developer “SandboxEscaper” released a Windows zero-day exploit, she posted two additional zero-days on her GitHub account. One is a sandbox escape impacting Internet Explorer 11 and the other is a local privilege escalation flaw affecting Windows Error Reporting. The latter is very difficult

Cybersecurity experts warn that the recent Whatsapp vulnerability that allowed cyberattacker to remotely install malicious software on mobile phones, is unlikely to be the only flaw of that kind affecting messaging applications. In fact, Tom Uren of the International Cyber Policy Centre (ICPC) believes that “pretty much the entire suite

A notorious Windows exploit developer known by the moniker SandboxEscaper has released a new exploit that allows users with limited privileges to obtain complete control over files that can otherwise only be altered by admin accounts and system processes. The zero-day flaw affects the Task Scheduler utility and is relatively

New research by Kenna Security found that Docker containers are often not protected with root passwords. Containers are standardized software units that allow software to be run in isolation, so that performance is not influenced by the underlying infrastructure. A security researcher found that 194 (19.4%) of the 1000 most

The first quarter of this year broke the record for reported security vulnerabilities, a new report by Risk Based Security shows. A total of 5,501 new flaws were disclosed during this period, most of which were web-based (56.8%). Two additional findings from the report are especially worrisome. The first is

Google is offering to provide owners of Bluetooth Titan Security Keys with free replacements because the products are affected by a serious security vulnerability. The company has discovered that a “misconfiguration in the Titan Security Keys’ Bluetooth pairing protocols” could enable threat actors to take over user accounts under certain

Once again, security researchers have discovered critical vulnerabilities in CPU chips that allow attackers to use a technique called speculative execution in order to get CPUs to leak sensitive information. The January 2018 disclosure of a previous set of such flaws, called Meltdown and Spectre, sent shock waves through the

As part of this month’s patch Tuesday, Microsoft released a critical patch for CVE-2019-0708, a “wormable” vulnerability affecting Windows 7, Windows Server 2008 R2, and Windows Server 2008 and various older operating systems. Due to the extraordinary severity of the flaw, Microsoft also released versions of the patch for otherwise

New research by Sitelock indicates that attempts to attack websites are on the rise. In 2018, the average website faced 62 attack threats on a daily basis. The most common attacks involved the use of backdoors, shells, and JavaScript files (cross-site scripting or XSS). XSS attacks target visitors, since they