Security News

QRLJacking: A new attack vector for hijacking online accounts (Help Net Security)
2016-08-01 20:53

We all know that scanning random QR codes is a risky proposition, but a newly detailed social engineering attack vector dubbed QRLJacking adds another risk layer to their use. Many web apps and...

Hijacking Someone's Facebook Account with a Fake Passport Copy (Schneier on Security)
2016-07-07 18:27

BBC has the story. The confusion is that a scan of a passport is much easier to forge than an actual passport. This is a truly hard problem: how do you give people the ability to get back into...

Hijacking the PC Update Process (Schneier on Security)
2016-06-06 11:10

There's a new report on security vulnerabilities in the PC initialization/update process, allowing someone to hijack it to install malware: One of the major things we found was the presence of...

Device hijacking security flaws discovered in LG handsets (ZDNet)
2016-05-31 11:40

Extreme photo-bombing: Bad Imagemagick bug puts countless websites at risk of hijacking (The Register)
2016-05-03 18:03

FreedomPop Account Hijacking Flaws Remain Unpatched (Threatpost)
2016-05-03 15:36

A serious vulnerability in mobile provider FreedomPop has yet to be patched and can be leveraged with online banking flaws to put customer accounts at risk.

Google/Berkeley Study on Efficacy of Web Hijacking Notification Methods (April 18, 2016) (SANS Newsbites)
2016-04-19 19:02

Microsoft plugs online services account hijacking vulnerability (Help Net Security)
2016-04-06 14:31

London-based security researcher and bug hunter Jack Whitton has discovered a serious cross-site request forgery flaw affecting Microsoft’s authentication system for online services. A successful...

Microsoft patches severe account hijacking security flaw (ZDNet)
2016-04-05 11:30

Microsoft account-hijacking hole closed 48 hours after bug report (The Register)
2016-04-05 04:15