Security researchers from Duo Labs and the US Computer Emergency Response Team Coordination Center (CERT/CC) will release security advisories today detailing a new SAML vulnerability that allows malicious attackers to authenticate as legitimate users without knowledge of the victim’s password. The flaw affects SAML (Security Assertion Markup Language), an XML-based markup language often used for exchanging authentication and authorization data between parties. SAML’s most important use if...
Read More
Cryptojacking JavaScript can be launched in Word documents – New Word features that appeared in its latest version made it possible – MS Word now allows adding video into the document by inserting an iFrame code. The file size does not increase as the video is played through a headless web browser opened in a popup window. Amit Dori, a security researcher from Israel, who works with...
Read More
The sudden rise of cryptocurrency triggered a shift in the target landscape. Cybercriminals started adapting and using their resources to try acquiring cryptocurrencies, whether through pursuing repositories like Bitcoin wallets or by compromising networks and devices to mine the currency. This isn’t completely new — ransomware authors have been using bitcoin as their preferred currency for years. But more recently, we saw examples of cryptocurrency miners in late October of...
Read More
Consumers around the world that use mobile banking apps are at a greater risk of being tricked by cybercriminals and falling victim to mobile banking theft. This is according to new global research from Avast, which asked almost 40,000 consumers in Spain and eleven other countries around the world to compare the authenticity of official and counterfeit banking applicationinterfaces. Fraudulent software sometimes difficult to identify Globally, 58% of...
Read More
Who is asking Google to delist certain URLs appearing in search results related to their name, and what kind of requests does the search giant honor? The company has been keeping track of them since the “Right to be Forgotten” privacy ruling has been put into practice by the European Union, and since January 2016 the company’s reviewers have been manually annotating each requested URL...
Read More