Security researchers at the University of Birmingham found that several banking apps were susceptible to man-in-the-middle (MitM) attacks through a vulnerability in the way they handle encrypted communications, which can let attackers steal credentials.
Several threat actors are actively exploiting CVE-2017-11882 to deliver a plethora of threats, including the information-stealing Loki, Pony/FAREIT, and a lockscreen with a ransom note that resembles Bad Rabbit's. Read more
An attacker or cybercriminal’s toolbox would not be complete without vulnerabilities and exploits. We look back at some of 2017's most egregious security flaws, and their impact users and businesses. Read more
Intel has released a security advisory on November 20 after discovering vulnerabilities in its remote administrative feature called the Management Engine (ME), along with the Server Platform Services (SPS) and the Trusted Execution Engine (TXE). Read more
Oracle released an emergency fix for a highly critical vulnerability found in its widely-used enterprise identity management system that allows an attacker to access enterprise software remotely without authentication. Read more
Adobe has released an emergency security update addressing a zero-day vulnerability (CVE-2017-11292) that researchers found actively exploited by a group of threat actors known as BlackOasis. Read more