A vulnerability in the firmware of a Wi-Fi chipset that is widely used in laptops, streaming, gaming and a variety of “smart” devices can be exploited to compromise them without user interaction. The research and the discovered flaws The discovery was made by Embedi researcher Denis Selianin, who decided to first analyze the code of the Marvell Avastar Wi-Fi driver code, which loads firmware to Wi-Fi SoC (system on chip), and then to engage in … More
The post Bug in widespread Wi-Fi chipset firmware can lead to zero-click code execution appeared first on Help Net Security.
Microsoft has launched yet another bug bounty program and is urging security researchers to look into the security of Azure DevOps, its cloud service for collaborating on code development. About the program The services and products that are in scope of this new bug bounty program are: Azure DevOps Services (formerly Visual Studio Team Services) The latest publicly available versions of Azure DevOps Server and Team Foundation Server. Researchers can earn between $500 and $20,000 … More
The post Microsoft launches Azure DevOps bug bounty program appeared first on Help Net Security.
One malicious tactic that has become quite prevalent in recent years is known as a ‘man in the cloud’ (MitC) attack. This attack aims to access victims’ accounts without the need to obtain compromised user credentials beforehand. Below, this article explains the anatomy of MitC attacks and offers practical advice about what can be done to defend against them. What is MitC attack? To gain access to cloud accounts, MitC attacks take advantage of the … More
The post Beware the man in the cloud: How to protect against a new breed of cyberattack appeared first on Help Net Security.
Machine learning is currently one of the biggest buzzwords in cybersecurity and the tech industry in general, but the phrase is often overused and misapplied, leaving many with their own, incorrect definition. So, how do you cut through all the noise to separate fact from fiction? And how can this tool be best applied to security operations? What is machine learning? Machine learning (ML) is an algorithm that gives the software applications it is applied … More
Companies globally could incur $5.2 trillion in additional costs and lost revenue over the next five years due to cyberattacks, as dependency on complex internet-enabled business models outpaces the ability to introduce adequate safeguards that protect critical assets, according to Accenture. Based on a survey of more than 1,700 CEOs and other C-suite executives around the globe, the report — Securing the Digital Economy: Reinventing the Internet for Trust — explores the complexities of the … More
The post Cybercrime could cost companies trillions over the next five years appeared first on Help Net Security.
In a new report, NSFOCUS introduced the IP Chain-Gang concept, in which each chain-gang is controlled by a single threat actor or a group of related threat actors and exhibit similar behavior among the various attacks conducted by the same gang. IP Gang attack-type classification against attack volume size Researchers analyzed attack types, volume, size of events, gang activities, and attack rates. By studying the historical behavior of the 80 gangs identified in the report, … More
The post Researchers analyze DDoS attacks as coordinated gang activities appeared first on Help Net Security.