Skype logo perspective
Skype logo perspective

Skype bug lets hackers execute arbitrary code on victim's machine

Security researchers have discovered a flaw in Skype that could enable hackers to run code on a target system, phish for credentials and crash applications.

According to Zacharis Alexandros, an independent researcher, a bug in Skype was discovered in January, but it has only recently been brought to light following the successful patch of the problem by Microsoft. He dubbed the bug, Spyke. In a blog post (at time of publication, the article on LinkedIn (also owned by Microsoft) appears to have disappeared – here is acached page), Alexandros said the problem mainly affected the Windows version of the VoIP application and to mount an attack, a hacker would need  local access to the login screen of a running Skype instance. More ...

Nomx 'most secure email server' challenged by British researchers

The creator of the nomx “secure email server” has rejected claims by Professor Alan Woodward at the University of Surrey department of computing and security researcher Scott Helme that his device is not secure and that his product design is based on a false premise.

Willie Donaldson, founder, CEO and CTO of nomx LLC, says that nomx is designed to keep messages off vulnerable third-party servers. He claims that email providers such as Yahoo, Hotmail, Gmail and others cannot be trusted. In a video on the company website, he claims that emails copied and stored on email servers are inherently insecure, pointing to millions of cases of account hacking against many of the major email providers. More (article)...

More (Summary SC video - 2 min 15 sec)

Has this new Black Duck report sunk Linus's Law once and for all?

Black Duck's new report showcasing widespread vulnerabilities in open source software challenges the widely and tightly held belief in Linus' law.

Linus's Law, named after Linux creator Linus Torvalds, states that 'given enough eyeballs, all bugs are shallow.' This has, for many people at least, been used to drive the argument that open source applications are somehow 'more secure' than proprietary software.

If proof that such sweeping statements are never a good idea when it comes to risk analysis, a new report from Black Duck reveals significant cross-industry risks related to open source vulnerabilities. More...

Locky returns from the dead with new features and an old botnet

Locky may well be making a comeback, according to new reports. Despite news of its fading away since the beginning of 2017, two reports have noted its return.

Researchers from Cisco Talos spotted  the massive Necurs botnet distributing Locky by the tens of thousands on 21 April. Meanwhile, PhishMe credited its lively resurrection with the addition of new features once associated with Dridex banking Trojans. More....

More than 400 DDos attacks identified using new attack vector - LDAP

More than 400 DDoS attacks taking advantage of misconfigured LDAP servers have been spotted by security researchers.

CLDAP DDoS attacks use an amplification technique, which takes advantage of the Connectionless Lightweight Directory Access Protocol (CLDAP): LDAP is one of the most widely used protocols for accessing username and password information in databases like Active Directory, which is integrated in many online servers. When an Active Directory server is incorrectly configured and exposes the CLDAP service to the Internet it is vulnerable to be leveraged to perform DDoS attacks. More....