Security News

Microsoft warns this year’s crop of tax scams use social engineering attacks based on fear to spread banking Trojans and collect personal info.

A researcher has published a method by which a local admin can hijack any other Windows sessions without the need for credentials.

Mozilla patched a zero day uncovered at Pwn2Own in Firefox in 22 hours on Friday.

Cisco said an unpatched critical vulnerability exposed by WikiLeaks' Vault 7 release of CIA documents could give an attacker full control of the targeted switches and routers.

Mike Mimoso talks to Duo Security co-founder and CTO Jon Oberheide at RSA Conference about Google's BeyondCorp security model, enforcing perimeter security, how endpoint security has evolved...

Hackers pulled off a VM escape and took down Adobe Flash, Microsoft Windows and Edge, Apple Safari and macOS, and Mozilla Firefox at Pwn2Own 2017.

Researchers at SEC Consult disclosed a command injection vulnerability in Ubiquiti Networks gear for ISPs after a private disclosure to the vendor in November went unresolved.

Mike Mimoso and Chris Brook discuss the news of the week, including Pwn2Own 2017, Microsoft's silence around February's Patch Tuesday, and a nasty SAP bug.

GitHub awarded $18,000 to a researcher after he came across a remote code execution bug in the company’s enterprise management console.

Security tools that proxy and inspect HTTPS traffic create a blindspot for network administrators trying to determine whether communication between clients and servers is secure.