A team of academic researchers—who previously made the headlines earlier this year for uncovering severe security issues in the 4G LTE and 5G networks—today presented a new attack called 'ReVoLTE,' that could let remote attackers break the encryption used by VoLTE voice calls and spy on targeted phone calls. The attack doesn't exploit any flaw in the Voice over LTE (VoLTE) protocol; instead, it leverages weak implementation...
Read More
We introduce Stadeo – a set of scripts that can help fellow threat researchers and reverse engineers to deobfuscate the code of Stantinko and other malware. Stadeo is a set of tools primarily developed to facilitate analysis of Stantinko, which is a botnet performing click fraud, ad injection, social network fraud, password stealing attacks and cryptomining. Stadeo was demonstrated for the first time at Black Hat USA...
Read More
The going prices are lower than you probably think – your credit card details, for example, can sell for a few bucks. It’s no news that the dark web is rife with offers of stolen data that ranges from pilfered credit card information and hijacked payment services accounts to hacked social media accounts. Anyone interested can also hire a ne’er-do-well to launch a distributed denial of...
Read More
Like the universe, the attack surface is always expanding. Here's how to keep up and even get ahead. Most criminal activity is designed to elicit a payoff for the perpetrator, and crime on the Internet is no different. As new surfaces emerge, previous attacks are reconstituted and applied. Cybersecurity tends to follow a cycle, once you know when and what to look for. To (poorly) paraphrase...
Read More
Popular video conferencing app Zoom recently fixed a new security flaw that could have allowed potential attackers to crack the numeric passcode used to secure private meetings on the platform and snoop on participants. Zoom meetings are by default protected by a six-digit numeric password, but according to Tom Anthony, VP Product at SearchPilot who identified the issue, the lack of rate limiting enabled "an attacker...
Read More
A high percentage of discovered bugs remain unremediated for a long time, a new study shows. Chances are high that almost every single application an organisation uses has at least one security vulnerability in it. Contrast Security recently analysed telemetry gathered between June 2019 and May 2020 from applications in development, testing, and operations at customer locations. The exercise found 96% of applications contained at least one...
Read More