Jonathan Brossard describes an ‘undetectable, unremovable’ attack on firmware through gimmicked hardware or a subsequent malware attack. David Harley isn’t convinced.

After my colleague Stephen Cobb stood in a huge line at Defcon waiting to get into the Friday keynote by NSA chief General Alexander, plus a swarm of interest shown at the two-part Meet the Fed panel presentation the next day, it’s becoming clear that multiple agencies of the federal government are focused on hackers,

If your organization’s website runs on Apache, and many do, you might wonder if the webserver’s .htaccess controls are securely configured. If you believe the demo we saw yesterday at Blackhat by Matias Katz and Maximiliano Soler, the answer is a resounding ‘NO!’ What Katz and Soler described in their session is not some rare

Detailed analysis of Rovnix.D reveal updates to the code injection technique employed, allowing multiple injections with a variety of payloads.

Blackhat keynote speaker Shawn Henry, the former executive assistant director of the FBI’s Criminal, Cyber, Response and Service Branch, started off the day after opening remarks from Jeff Moss, founder of Blackhat. Moss wondered if now was the time for the cyber-security sector to take a more aggressive/offensive approach. Jeff mentioned working for a former

Today I received the following message in my inbox, claiming to be from the Asian Domain Registration Service and warning me that the eset brand was in danger of being registered by a third-party.   Here is the message I received, which I’ve included in its entirety, except for a few bits: Received: from mail.umail168.cn4e.com

Want to access the music tracks of YouTube.com videos on your iPod but don’t want to pay? You’re not alone. Recently, a crop of websites have popped up offering to convert the audio from videos to .mp3 files that you can then download at no charge. Sounds great, right? The catch: scammers are trying to

Gamigo learned a few months ago about a breach and alerted its users that they had been attacked. But now, we see an estimated 8+ million records just went public, no small amount for the attackers. What is interesting is that by one account, hash cracking was able to decrypt over 90% of the passwords,

Giving a support scammer access to your PC can give you more problems than any imaginary virus, especially if you refuse to pay for his ‘service’.

Analysis of the Flame worm (Win32/Flamer) reveals some interesting facts about the internal structure of its main module.