About
"Distrust and caution are the parents of security" - Benjamin Franklin
Siemens fixed a session hijacking vulnerability in its LOGO! logic module Wednesday but says a second issue, one that could help facilitate a man-in-the-middle attack, has no fix currently.
Google began sending out notices to site owners this month who haven’t yet migrated from HTTP to HTTPS warning them that in October their sites will be marked “NOT SECURE.”
Drone manufacturer DJI announced Monday it was launching a bug bounty program to reward researchers who find vulnerabilities in its drones.
The anonymous messaging app Sarahah says it plans to remove a feature that uploads users contacts, including phone numbers and email addresses to the company’s servers, in the next update.
Defray, a new, although small strain of ransomware, was spotted by researchers targeting comapnies in the education and healthcare verticals.
The news of the week is discussed, including the AWS S3 leaks, Zerodium’s bounty on messaging app zero days, Ropemaker, and cobot vulnerabilities.
Attackers have taken to Facebook Messenger with a combination of social engineering and malicious JavaScript to spread adware.
An exploit dubbed ROPEMAKER relies on taking advantage of email design functionality, namely by remotely changing CSS in HTML-based emails after they’ve been sent.
Researchers say the Neptune, or Terror exploit kit has been spreading Monero cryptocurrency miners via malvertisements.
Foxit Software says it will fix two vulnerabilities in its PDF reader products that could be triggered through its JavaScript API to execute code.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
