Unlike Rowhammer, which only allows for data corruption, the newly discovered RAMBleed vulnerability provides a way to grab data such as encryption keys from memory.
Stories by Lucian Constantin
Cybercriminal group Carbanak has stolen hundreds of millions of dollars from financial institutions. Here's a detailed analysis by Bitdefender of how they did it at one bank.
Researchers released two tools--Muraen and NecroBrowser--that automate phishing attacks that can bypass 2FA. Most defenses won't stop them.
Intel has done some mitigations for these vulnerabilities that can leak secrets from virtual machines, secure enclaves and kernel memory. Here's how the attacks work.
By replacing a PC's SPI flash chip with one that contains rogue code, an attacker can can gain full, persistent access.
A recently released exploit takes advantage of a known configuration vulnerability that persists among many on-premise and cloud SAP instances.
If your company uses Confluence, make sure you have the latest available patches for this vulnerability.
Detected scans suggest attacker are seeking vulnerable servers to target for attacks.
Popular e-commerce platform Magento has released security patches to fix the flaw. Researchers say update now.
Web-based card skimmers are becoming harder to detect and remove thanks to evolving techniques.
A group of hackers is using a previously undocumented backdoor program designed to interact with attackers over Slack.
New Verizon report shows a big gap between organisations' mobile security risk concerns and mobile security best practices they implement.
If you are running an older version of Elasticsearch, make sure you've patched its known vulnerabilities or consider upgrading.
The decade-old Qbot financial malware has resurfaced with an improved version in a new attack that has infected thousands of systems so far.
Experts downplay discovery of a vulnerability that can expose passwords in a computer's memory. Hackers likely to take easier paths to stealing passwords.