Davey Winder

Telegram bot API flaw gives threat actors command & control

Telegram bot API flaw gives threat actors command & control

Research from Forcepoint Security Labs has revealed that the Telegram encrypted messaging service isn't quite as secure as users might like to think.

Mitigating against the Modlishka 2FA-busting automated attack tool

Mitigating against the Modlishka 2FA-busting automated attack tool

A Polish security researcher has created an automated tool for cracking two-factor authentication systems in phishing attacks, a tool he has made publicly available.

EU announces FOSSA bug bounty programme worth nearly €1m - but is it enough?

EU announces FOSSA bug bounty programme worth nearly €1m - but is it enough?

As the EU launches financial incentives to find bugs in popular open source software, experts warn that there may not be enough resources to respond to waves of bug reports.

As cryptocurrency values tank, threat actors take cryptomining malware to the bank

As cryptocurrency values tank, threat actors take cryptomining malware to the bank

Despite the plunging value of cryptocurrencies, cyber-criminals are still distributing cryptomining malware and many analysts expect the problem to only worsen in 2019.

Researchers reveal how easily Signal, Telegram and WhatsApp messages can be hijacked

Researchers reveal how easily Signal, Telegram and WhatsApp messages can be hijacked

Session-hijacking side-channel attacks can risk exposing users messages in full, researchers at Cisco Talos Intelligence Group have found.

Will the imminent death of Microsoft Edge lead to an insecure browser monoculture?

Will the imminent death of Microsoft Edge lead to an insecure browser monoculture?

Reports suggest Microsoft may adopt the Chromium browser as the basis for a complete rebuild of Edge which could address some security issues but introduce an even deeper vulnerability.

Hackers are stealthily spreading brute-force Butter attack

Hackers are stealthily spreading brute-force Butter attack

According to a newly published paper from GuardiCore Labs researchers, threat actors have been stealthily deploying a DDoS-capable RAT by spreading a SSH brute-force attack known as Butter.

Has the enterprise, and judiciary, learned anything from TalkTalk hack?

Has the enterprise, and judiciary, learned anything from TalkTalk hack?

The perpetrators of the TalkTalk attack in 2015 have been sentenced to less than a year in jail each for a crime estimated to have cost £77 million, raising questions as to whether the judiciary understand the severity and consequences of digital crimes.

Boundaries between nation-state and criminal actors more blurred than ever

Boundaries between nation-state and criminal actors more blurred than ever

Criminals are adopting the tools of nation-state actors, calling into question the value of attribution and underscoring the need for an 'any risks' approach to cyber-defense.

WooCommerce Plugin file deletion vulnerability exposes WordPress 'failing open' design flaw

WooCommerce Plugin file deletion vulnerability exposes WordPress 'failing open' design flaw

WordPress is the most popular content management systems, and WooCommerce one of the biggest names in e-commerce plugins for the platform with more than 4 million users.