New technique involves query hijacking to trigger a wide range of memory safety issues within the widely used database engine, Check Point says. The near-ubiquitous presence of the SQLite database on desktop and mobile operating systems makes it an attractive target for attackers. However, efforts at finding and exploiting vulnerabilities in the database engine have
The algorithms that check for a user’s ‘liveness’ have blind spots that can lead to vulnerabilities. BLACK HAT USA 2019 – Las Vegas – The multifactor authentication that some have touted as the future of secure authentication is itself vulnerable to hacks as complex as injected video streams and as simple as tape on a
An inside look at staffing levels, budget allocation, outsourcing habits, and the metrics used by security operations centers (SOCs). 1 of 8 Image Source: Adobe Stock ( Gorodenkoff) As the nerve center for most cybersecurity programs, the security operations center (SOC) can make or break an organizations’ ability to detect, analyze, and respond to incidents
A recently announced pair of vulnerabilities in server firmware could put enterprise IT at risk. A recently announced pair of vulnerabilities in the firmware for baseboard management controllers (BMCs) used by at least eight different manufacturers’ servers is the latest incident to show a supply chain vulnerability that can have an impact on enterprise computing.
Incident leaves GPS units showing a location in England and a date 17 years in the future. At least seven manufacturers at the annual Geneva Motor Show, which began last week in Switzerland, have been hit by an attack that left their cars thinking they were somewhere far, far away. According to Jalopnik, which covers
US brings more indictments against the APT10 cyber espionage group operating in China for its Operation Cloud Hopper campaign against managed service providers, but what will those indictments accomplish? The US government has indicted two Chinese hackers for their roles in a state-sponsored cyber esponiage campaign that included attacks on managed service providers (MSPs) and,