News

News

• January 31, 2017 31 Jan'17

  RSAC 2017 Innovation Sandbox highlights top 10 cyber startups

  RSAC 2017: Innovation Sandbox competition pits this year's top 10 cybersecurity startups against each other in a bid to win top honors as most innovative.

• January 31, 2017 31 Jan'17

  Hacked CCTV cameras in DC before inauguration leave unanswered questions

  The Washington, D.C., Police Department spotted hacked CCTV cameras before the inauguration and has remediated the ransomware, but questions still surround the attack.

• January 31, 2017 31 Jan'17

  Q&A: Rapid7's Beardsley and Brown dish on Mirai botnet, pen testing

  Rapid7's Beardsley and Brown offer insight on Mirai botnet attacks, while also sharing some of their craziest penetration testing and incident response experiences.

• January 30, 2017 30 Jan'17

  RSA 2017: Special conference coverage

  Follow breaking news from the SearchSecurity team at RSA 2017 in San Francisco to learn the latest developments in the information security industry.

• January 27, 2017 27 Jan'17

  Symantec CA report offers more clarity on certificate transparency catch

  One week after certificate transparency revealed a Symantec CA improperly issued over 100 digital certificates, Symantec offers more details on the incident.

• Sponsored News

  • It’s Time to Modernize Your SOC

    Sponsored by Microsoft - With the shift to remote work caused by COVID-19, Security Operations Centers (SOCs) are under more pressure than ever, particularly with many SOC workers also working from home. Today’s reality is that SOCs have to embrace a new way of working in order to keep their analysts and admins effective and to ensure that morale doesn’t collapse under the weight of too much work and pressure. See More

  • 6 Factors to Consider in Building Resilience Now

    Sponsored by Microsoft - COVID-19 has been, and continues to be, a stark reminder of the importance of business resilience. Organizations of all types and sizes have had to adjust to rapidly changing and unpredictable circumstances: A shift to remote work, supply chain disruptions, new digitally driven business models and an environment where uncertainty is the rule, not the exception. See More

  • Why Zero Trust, Why Now

    Sponsored by Microsoft - The concept of a Zero Trust cybersecurity architecture has been around for more than a decade, but adoption didn’t really begin to take hold until the past couple of years. As with many technology innovations, it hasn’t always been clear just what Zero Trust is all about and, more important, how to implement it easily and cost effectively. See More

  • 5 Best Practices To Secure Remote Workers

    Sponsored by Microsoft - The impact of COVID-19 has changed the dynamics and landscape of remote work for at least the foreseeable future and, probably, forever. All of a sudden, organizations across all industries had to scale remote workers at unprecedented intensity and speed. See More

  View All Sponsored News
• January 27, 2017 27 Jan'17

  Google creates its own root certificate authority

  Google is expanding its certificate authority capabilities by creating its own root certificate authority, but experts are unsure of Google's plans moving forward.

• January 27, 2017 27 Jan'17

  How improper SSH key management is putting enterprises at risk

  In part two of his interview with SearchSecurity, SSH creator Tatu Ylonen explains why proper SSH key management is crucial and how attackers can use lost or exposed keys.

• January 27, 2017 27 Jan'17

  Americans split on federal government security, encryption attitudes

  News roundup: Half of Americans don't trust federal government security. Plus, a Kaspersky Lab manager was arrested; an internal DOD network was found vulnerable; and more.

• January 26, 2017 26 Jan'17

  More than 200 vulnerabilities found in Trend Micro security products

  Researchers uncovered more than 200 vulnerabilities across Trend Micro products, but experts said the company brand won't take a hit.

• January 26, 2017 26 Jan'17

  Microsoft defeats DOJ appeal in cloud data privacy case

  Microsoft notches another win in its battle to protect cloud data privacy, as an appeals court quashes the DOJ appeal over a warrant for data stored in an Ireland data center.

• January 26, 2017 26 Jan'17

  Heartbleed bug still found to affect 200,000 services on the web

  Researchers found the infamous Heartbleed bug is still unpatched on as many as 200,000 services connected to the internet and experts don't expect that number to change.

• January 25, 2017 25 Jan'17

  Risk & Repeat: Windows SMB warning raises questions, concerns

  In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the Shadow Brokers' alleged exploit for Windows SMB and what it means for both enterprises and Microsoft.

• January 25, 2017 25 Jan'17

  Project Zero finds Cisco WebEx vulnerability in browser extensions

  A critical Cisco WebEx vulnerability in the service's browser extensions was discovered and patched, though some disagree the patch goes far enough to protect against attack.

• January 24, 2017 24 Jan'17

  Certificate Transparency snags Symantec CA for improper certs

  Symantec CA could be in for more trouble after a security researcher, using Certificate Transparency logs, discovered more than 100 improperly issued certificates.

• January 23, 2017 23 Jan'17

  SEC to investigate the Yahoo breach disclosures

  The SEC has requested more information for potential cases concerning whether the Yahoo breach disclosures could have come sooner.

• January 20, 2017 20 Jan'17

  Tatu Ylonen: Bad SSH security practices are exposing enterprises

  SSH creator Tatu Ylonen talks with SearchSecurity about how the cryptographic network protocol has grown over the years and why poor SSH security is jeopardizing enterprises today.

• January 20, 2017 20 Jan'17

  Future of the federal CISO position in question as Touhill steps down

  Retired Brig. Gen. Gregory Touhill stepped down as the federal CISO, leaving questions surrounding the future of the position and the work he has done.

• January 20, 2017 20 Jan'17

  Carbanak gang using Google services for command and control

  Researchers find the Carbanak gang has evolved its attacks on financial institutions to use Google services for command and control infrastructure in malware.

• January 20, 2017 20 Jan'17

  Vulnerable Adobe extension downloads covertly to Chrome

  News roundup: A flawed Adobe extension was secretly installed on 30 million Chrome browsers. Plus, the Mirai author has been identified; Google releases security details; and more.

• January 19, 2017 19 Jan'17

  Windows 10 security tackles exploits, while Windows 7 gets a warning

  As Microsoft touted its Windows 10 security features defeating unpatched zero-day vulnerabilities, it also warned customers about security issues with Windows 7.

• January 19, 2017 19 Jan'17

  US-CERT reminds users that Windows SMB v1 needs to die

  Experts say US-CERT is taking advantage of a potential -- but unverified -- vulnerability in Windows SMB v1 to remind enterprise users the outdated service should be disabled.

• January 17, 2017 17 Jan'17

  Gmail phishing campaign uses real-time techniques to bypass 2FA

  Researchers saw a Gmail phishing campaign in the wild using clever tricks to access accounts including a difficult 2FA bypass only possible in real time.

• January 13, 2017 13 Jan'17

  Microsoft privacy tools give users control over data collection

  New Microsoft privacy tools will give users control over the data collected on the web and within Windows. Experts hope the tools will offer data privacy transparency.

• January 13, 2017 13 Jan'17

  St. Jude Medical finally patches vulnerable medical IoT devices

  News roundup: St. Jude Medical patches vulnerable medical IoT devices after a five-month controversy. Plus, the Email Privacy Act is reintroduced; Juniper warns of a firewall flaw; and more.

• January 12, 2017 12 Jan'17

  Google Cloud KMS simplifies the key management service, but lacks features

  Experts are impressed with the simplicity of Google's Cloud KMS even if it doesn't separate itself from the key management service competition.

• January 12, 2017 12 Jan'17

  Risk & Repeat: CES Cybersecurity Forum tackles passwords, IoT

  In this episode of SearchSecurity's Risk & Repeat podcast, editors highlight the topics discussed at the CES Cybersecurity Forum, as well as new technologies showcased at the event.

• January 11, 2017 11 Jan'17

  Insecure MongoDB configuration leads to boom in ransom attacks

  Poor authentication in MongoDB configurations has led to a sharp increase in ransom attacks, and experts say tens of thousands of databases could be at risk.

• January 10, 2017 10 Jan'17

  January Patch Tuesday sparse before Windows security updates change

  Microsoft offers up a meager January 2017 Patch Tuesday release before bigger changes planned for Windows security update announcements, which are set to take effect in February.

• January 10, 2017 10 Jan'17

  What are the potential pros and cons of a Cyber National Guard?

  A congressman proposed adding a Cyber National Guard to the military to protect the U.S. from cyber adversaries. Expert Mike O. Villegas examines the potential drawbacks of this branch.

• January 09, 2017 09 Jan'17

  Git repos hide secret keys, rooted out by Truffle Hog

  Truffle Hog utility roots out and detects text blobs with enough entropy to be secret keys -- even those buried deep in old Git repositories -- to prevent exploits.

• January 09, 2017 09 Jan'17

  In a post-Mirai world, the FTC wants more secure routers from D-Link

  The Federal Trade Commission filed a lawsuit against D-Link, and experts said the move was likely to push more secure routers in the wake of the Mirai botnet attacks.

• January 06, 2017 06 Jan'17

  FTC launches competition to improve IoT device security

  News roundup: FTC starts a contest to create a better IoT device security tool. Plus, ransomware is now illegal in California; Google patches 29 critical Android flaws; and more.

• January 06, 2017 06 Jan'17

  Doxware: New ransomware threat, or just extortionware rebranded?

  The threat of ransomware continues to evolve, with a new spin on extortionware, called doxware, that's designed to target and potentially expose sensitive data of ransomware victims.

• January 04, 2017 04 Jan'17

  SSL certificate validation flaw discovered in Kaspersky AV software

  Google Project Zero discovers more antivirus vulnerabilities. This time, the issues are with how Kaspersky Lab handles SSL certificate validation and CA root certificates.

• January 03, 2017 03 Jan'17

  Decades-old bug in the libpng open source graphics library patched

  A low-severity vulnerability dating back to 1995 in libpng, the official reference library implementation for PNG, may have enabled remote DoS attacks.

• December 30, 2016 30 Dec'16

  Why ad fraud botnets have become so hard to stop

  White Ops CEO Michael Tiffany talks with SearchSecurity about why ad fraud campaigns are so successful and what can be done to stop the spread of ad fraud botnet infections.

• December 30, 2016 30 Dec'16

  FDA issues medical device cybersecurity guidance for manufacturers

  News roundup: FDA issues new medical device cybersecurity guidance. Plus, Obama announces the U.S. government's response to Russian hacking; PHP flaws patched; more.

• December 30, 2016 30 Dec'16

  Risk & Repeat: Tatu Ylonen on solving SSH security woes

  In this episode of SearchSecurity's Risk & Repeat podcast, SSH creator Tatu Ylonen talks about the SSH security issues facing enterprises today and how they should be addressed.

• December 29, 2016 29 Dec'16

  Critical PHPMailer library vulnerability patched, and repatched

  A bypass for the patch of a remote code execution vulnerability in the PHPMailer library prompted a second patch release for the popular library used by millions of websites.

• December 28, 2016 28 Dec'16

  'Switcher' Android Trojan targets routers with rogue DNS servers

  A new Android Trojan, 'Switcher,' performs brute-force attacks on wireless routers' default passwords to target DNS server configurations and hack connected devices.

• December 23, 2016 23 Dec'16

  Massive ad fraud campaign Methbot profits exceed $3 million per day

  News roundup: A report finds the ad fraud campaign Methbot makes more than $3 million daily; plus, new Linux malware targets SSH, the latest on the Shadow Brokers and more.

• December 22, 2016 22 Dec'16

  Fancy Bear ties to Kremlin strengthened with Ukraine military hack

  Researchers found the Fancy Bear threat group used mobile malware to track the Ukraine military, lending more confidence to assertions the group is linked to the Russian government.

• December 22, 2016 22 Dec'16

  Yahoo breach data reveals the need for ethical breach reporting

  Yahoo breach data from 1 billion users was sold to multiple groups on the deep web and questionable breach reporting kept Yahoo from informing users for months.

• December 22, 2016 22 Dec'16

  Work group attempts to reconcile 'going dark' with strong cryptography

  The congressional encryption working group convened earlier this year to investigate the issues behind strong cryptography and 'going dark' offers some guidance.

• December 20, 2016 20 Dec'16

  Google Project Wycheproof offers testing suite for crypto libraries

  Google offers developers a new tool, Project Wycheproof, to strengthen crypto libraries with a testing suite to check libraries for known weaknesses.

• December 19, 2016 19 Dec'16

  Gas stations get three extra years before EMV liability shift

  Gas stations get an extra three years to support new chip card payments, as the EMV liability shift date for automated fuel dispensers is pushed to 2020.

• December 16, 2016 16 Dec'16

  Google and Microsoft herald death of Flash with default browser blocks

  Microsoft followed Google's lead in promising to block Flash Player content by default in some situations and experts say the moves should expedite the death of Flash.

• December 16, 2016 16 Dec'16

  Vulnerable websites make up half of the internet's top sites

  News roundup: A report finds nearly half the internet is filled with vulnerable websites. Plus, SWIFT confirms more hacks, Amit Yoran steps down from RSA and more.

• December 15, 2016 15 Dec'16

  Yet another Yahoo breach compromises more than 1 billion accounts

  A second Yahoo breach was disclosed, with more than 1 billion accounts compromised and users left at risk of further attacks for three years.

• December 14, 2016 14 Dec'16

  Major Netgear security flaw in routers gets a beta patch

  A major Netgear security vulnerability in routers prompted experts to suggest abandoning products, as Netgear finally releases a beta patch.

• December 14, 2016 14 Dec'16

  Risk & Repeat: Avalanche crimeware as a service busted

  In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the takedown of Avalanche, the crimeware as a service operation, and why the victory may be short lived.

• December 14, 2016 14 Dec'16

  Facebook Certificate Transparency Monitoring tool will help secure web

  A new Certificate Transparency Monitoring tool from Facebook may help webmasters track and vet TLS certificates, as well as improve integrity and security for HTTPS traffic.

• December 13, 2016 13 Dec'16

  Dec. 2016 Patch Tuesday caps off a record-breaking year for Windows

  Microsoft's Dec. 2016 Patch Tuesday was a fairly routine monthly entry in a year that ended up setting a new record for most Windows patch bulletins.

• December 12, 2016 12 Dec'16

  Unique threat offers victims ransomware decryption to spread infections

  New unpublished ransomware includes a number of unique tactics including offering victims ransomware decryption keys in exchange for infecting more targets.

• December 09, 2016 09 Dec'16

  IBM's Watson for Cyber Security puts a new face on machine learning

  The IBM Watson for Cyber Security beta program aims to augment human intelligence, but experts question if IBM can distinguish it from other machine learning products.

• December 09, 2016 09 Dec'16

  Experts unsure if cyber attribution research will yield results

  Georgia Tech received a contract to research the science of cyber attribution, but experts disagree on whether it is possible to succeed in this endeavor.

• December 09, 2016 09 Dec'16

  More internet-connected devices plagued by attacks, vulnerabilities

  News roundup: Internet-connected devices, including 3.2 million routers; 80-plus models of CCTV cameras have backdoors; Dirty Cow gets patched; NSA suffers 'brain drain' and more.

• December 07, 2016 07 Dec'16

  Exploit kit delivered via malvertising targets unpatched systems

  A malvertising campaign could put millions at risk of attack as the Stegano exploit kit is being delivered by this new method and is targeting unpatched systems.

• December 07, 2016 07 Dec'16

  Experts debate the key points of the final Obama cybersecurity report

  The final cybersecurity report from the Obama administration covered issues, including authentication, identity, infrastructure, cyberthreats and cooperation, but experts disagree on the key points.

• December 02, 2016 02 Dec'16

  Android app security tested by malware and vulnerabilities

  Android app security is under attack this week with vulnerabilities in the popular app, AirDroid, and malware that steals Google account authentication tokens.

• December 02, 2016 02 Dec'16

  C-level unclear on governance, risk and compliance responsibility

  A new survey uncovered confusion in the C-suite about governance, risk and compliance responsibilities and which security compliance requirements may affect companies.

• December 02, 2016 02 Dec'16

  EU, U.S. authorities take down Avalanche global crimeware network

  Authorities from 30 countries have dismantled Avalanche, the crimeware-as-a-service network used to steal hundreds of millions from victims around the globe.

• December 02, 2016 02 Dec'16

  Patched Tor browser vulnerability puts users' identity at risk

  News roundup: Tor browser patches de-anonymizing vulnerability. Plus, Senators ask Obama to release information on Russia's impact on the election, Mirai botnet for rent and more.

• November 30, 2016 30 Nov'16

  How cloud file sharing is creating new headaches for security teams

  A sharp rise in cloud file sharing and collaboration activity is creating big problems for security teams – even when the number of security incidents is miniscule.

• November 30, 2016 30 Nov'16

  Modified Mirai botnet could infect five million routers

  Researchers said a modified version of the Mirai botnet code has been attacking routers by exploiting a specific vulnerability and may leave millions at risk.

• November 30, 2016 30 Nov'16

  Last ditch Senate efforts fail to stall Rule 41 changes

  After a final push to delay changes to Rule 41 failed in the Senate, the U.S. government now has much wider authority to legally search computers whose location is unknown.

• November 29, 2016 29 Nov'16

  SF Municipal Railway restores systems after ransomware attack

  The San Francisco Municipal Transportation Authority restored systems without paying following a ransomware attack that allowed free rides for travelers over the weekend.

• November 29, 2016 29 Nov'16

  How ad fraud botnets are costing companies billions of dollars

  Ad fraud is a costly problem, but it's often overlooked. White Ops CEO Michael Tiffany talks with SearchSecurity about why it's time to address this cybercrime scheme.

• November 29, 2016 29 Nov'16

  Cisco expands responsible disclosure timeline from 60 to 90 days

  Vendors get an extra 30 days to patch under Cisco Talos' new responsible disclosure guidelines, as Talos notes key differences in time to patch among vendors.

• November 23, 2016 23 Nov'16

  DHS hiring puts into question the cybersecurity skills shortage

  A successful hiring event by the Department of Homeland Security calls into question the existence of the cybersecurity skills shortage, but experts wonder if the event was an outlier.

• November 22, 2016 22 Nov'16

  N.Y. DA wants to turn back the clock on smartphone encryption

  The Manhattan district attorney said his office has hundreds of locked iOS devices and called on Apple to open up its smartphone encryption to warrants.

• November 21, 2016 21 Nov'16

  Symantec acquires identity protection firm LifeLock for $2.3B

  In its first move following the Blue Coat Systems merger, Symantec agreed to acquire identity protection firm LifeLock for $2.3 billion to bolster its consumer security business.

• November 21, 2016 21 Nov'16

  Android backdoor discovered in firmware for budget devices

  A new Android backdoor leaves as many as 3 million users vulnerable, and one expert said enterprises must be careful about using budget devices.

• November 21, 2016 21 Nov'16

  Sunset for SHA-1 certificates, as Google firms up plans for deprecation

  As the internet prepares for deprecation of the obsolete secure hashing algorithm, Google and other browser companies prepare to drop support for SHA-1 certificates.

• November 18, 2016 18 Nov'16

  White House confirms it warned Russia about election hacking

  The White House has confirmed that it warned the Russian government about potential election hacking before the presidential election was held.

• November 18, 2016 18 Nov'16

  Congress floats last-chance bill to delay Rule 41 changes

  Just two weeks before the deadline, U.S. lawmakers seek to postpone until next summer the acceptance of controversial updates to Rule 41, allowing legal access to unspecified systems.

• November 18, 2016 18 Nov'16

  DLL code flaw marks the latest Symantec vulnerability

  News roundup: The latest chapter of Symantec's security struggles involves a high-severity DLL code flaw. Plus, Dyn attacker might be a lone gamer, James Clapper resigns and more.

• November 17, 2016 17 Nov'16

  Chinese company caught preinstalling Android spyware on budget devices

  A Chinese company was found to be preinstalling Android spyware on budget smartphones and collecting phone call and messaging data without consent.

• November 17, 2016 17 Nov'16

  DHS and NIST release complementary IoT security guidance

  New IoT security guidance from government agencies take on different aspects, with DHS tackling the basics and NIST giving a deeper take on securing new devices.

• November 16, 2016 16 Nov'16

  Android spyware detected in wild being used by government

  Researchers discover Italian-sourced Android spyware linked to Hacking Team, but it could be the work of another surveillance software vendor.

• November 15, 2016 15 Nov'16

  Massive FriendFinder Network breach prompts password security debate

  Experts debated various aspects of password security in the aftermath of the FriendFinder Network breach, which left 400 million user accounts exposed.

• November 14, 2016 14 Nov'16

  BlackNurse hits big routers with low-volume denial-of-service attack

  Researchers claim 'BlackNurse,' a low-volume ICMP denial-of-service attack, can allow a laptop to bring down routers and firewalls with as little as 4 Mbps of malicious packets.

• November 11, 2016 11 Nov'16

  Postelection Russian hacker cyberattacks evade malware detection

  A rash of spear-phishing attacks by Russian hacker groups were seen following the presidential election this week, but antivirus and malware detection has been failing enterprises.

• November 11, 2016 11 Nov'16

  Pawn Storm APT ramps up attacks after Google's zero-day disclosure

  Roundup: Russia-based APT group Pawn Storm expands spear-phishing attacks after Google's disclosure of a Windows zero-day. Plus, OpenSSL updates, IoT security and more.

• November 11, 2016 11 Nov'16

  Adobe data breach settlement pays $1 million to 15 states

  Adobe agreed to pay several states a total of $1 million and agreed to new compliance measures as part of a settlement over the company's 2013 data breach.

• November 11, 2016 11 Nov'16

  Yahoo breach investigation adds more questions than answers

  An SEC filing updated what was learned in the investigation into the Yahoo breach in late 2014, but the language in the filing has created more confusion about the incident.

• November 09, 2016 09 Nov'16

  Google releases supplemental Android patch for Dirty COW

  Google released an Android patch for the Dirty COW vulnerability, but the fix won't be part of a mandatory security update until December.

• November 08, 2016 08 Nov'16

  Microsoft kills Windows zero-day flaw in November 2016 Patch Tuesday

  The November 2016 Patch Tuesday includes a patch for a Windows zero-day reportedly being exploited by Russian hackers, as well as bulletins experts think may be underrated by Microsoft.

• November 08, 2016 08 Nov'16

  Poor OAuth implementation leaves millions at risk of stolen data

  Researchers find widespread risk for users of apps with insecure OAuth implementation, which could lead to attackers being able to access the data held within a vulnerable app.

• November 04, 2016 04 Nov'16

  Dark web markets get warning shots from global law enforcement

  Law enforcement agencies around the world arrested and questioned users of dark web markets allegedly connected to the sale of illegal goods.

• November 04, 2016 04 Nov'16

  Mirai botnet attacks Liberia as new and improved IoT malware looms

  Roundup: Mirai botnet attacks take down Liberia internet, as a new IoT botnet adapts old malware. Plus, the latest on Dirty COW and the WoSign certificate authority controversy.

• November 03, 2016 03 Nov'16

  Experts question Microsoft's Windows zero-day response

  A Windows zero-day disclosed by Google caught Microsoft between patch cycles, and experts questioned whether Microsoft downplayed the severity of the vulnerability.

• November 02, 2016 02 Nov'16

  Microsoft claims Windows zero-day exploited by Russian state actors

  Google disclosed an unpatched Windows zero-day vulnerability, which Microsoft claims is actively being exploited by a Russian APT group connected to the DNC hack.

• November 01, 2016 01 Nov'16

  Nematode worm could dismantle Mirai IoT botnet

  A new nematode worm proof of concept could help the internet avoid the next massive Mirai IoT botnet DDoS attack, but experts are unsure of the legality of the option.

• October 31, 2016 31 Oct'16

  Mandatory certificate transparency for Chrome trust starts Oct 2017

  Certificate transparency compliance will be mandatory for publicly trusted website certificates in order to be considered secure by Google's Chrome browser.

• October 31, 2016 31 Oct'16

  The Shadow Brokers dumps list of NSA-targeted servers

  In its latest data dump, The Shadow Brokers dropped a list of Equation Group-targeted servers across the globe that may have been used to stage NSA exploits and hacking tools.

• October 28, 2016 28 Oct'16

  Mozilla drops WoSign as trusted certificate authority, adopts TLS 1.3

  Mozilla boots WoSign as a trusted certificate authority for backdating SHA-1 certs and other controversial behavior, and it prepares to add default support for TLS 1.3 in 2017.

• October 28, 2016 28 Oct'16

  FCC passes new ISP privacy rules to protect customers

  The FCC passed new ISP privacy rules that increase transparency from broadband providers and mandate that customers must opt in before ISPs can use or share sensitive user data.

• October 28, 2016 28 Oct'16

  Details emerging on Dyn DNS DDoS attack, Mirai IoT botnet

  As more details emerge on last week's massive Dyn DNS DDoS, new analysis indicated as few as 100,000 Mirai IoT botnet nodes were enlisted in the incident and reported attack rates up to 1.2 Tbps.

• October 28, 2016 28 Oct'16

  Windows atom tables vulnerable to code-injection attack

  A new attack, called AtomBombing, allows malicious code injection into atom tables by a threat actor. And while all versions of Windows are vulnerable to attack, no patch will fix the flaw.