iOSNoReboot: A fake restart to gain a foothold in the system
How a fake restart helps malware to gain a foothold in a smartphone’s operating system without exploiting a persistence vulnerability.
Alex Drozhzhin
64 articles
2FAThe best authenticator apps for Android, iOS, Windows, and macOS
A detailed guide to the world of authenticator apps for those looking for an alternative to Google Authenticator.
RSACTV remote turned into a listening device
At RSA Conference 2021, researchers talked about how they managed to turn a Comcast Xfinity remote into a listening device.
How identification, authentication, and authorization differ
We use raccoons to explain how identification, authorization, and authentication differ, and why 2FA is necessary.
black hatLamphone: A new kind of “visual eavesdropping”
A lightbulb is all the specialist equipment Lamphone needed to eavesdrop on a conversation in a soundproofed room.
How to mitigate the impact of deepfakes
With deepfakes becoming more and more common — and more and more convincing — how can you protect your business?
Faking e-mails: Why it is even possible
Phishing and business e-mail compromise attacks rely on fake e-mails. But why is it so easy for attackers to make them so convincing?
Update to iOS 12.4 right away
Six severe vulnerabilities in iMessage that allow remote code execution and data stealing with no user interaction? Sounds like a good reason to update to iOS 12.4 as soon as possible.
smart devicesWhy buying a “smart” padlock is a bad idea
It seems the only reason to buy a “smart” padlock is to make lock-pickers happy.
RSAC 2019: Grand Theft DNS
At RSAC 2019, a SANS Institute instructor talked about how DNS manipulations can be used to hijack a company’s IT infrastructure.
RSAC 2019: Seeking the perfect patching strategy
Researchers at RSAC 2019 reported on the current vulnerability landscape and built a model that helps with effective patching strategy.
Change Your Password Day Strong Password Day
Changing passwords regularly is outdated. Use strong and unique passwords that are easy to remember instead. Here’s how to make them.
How to hack a hardware cryptocurrency wallet
Security researchers found several ways to compromise hardware cryptocurrency wallets made by Ledger and Trezor.
New leakage of Facebook user data, including private messages
The personal data of 257,000 Facebook users, including private messages belonging to 81,000 of them, has leaked online. Hackers claim to have access to 120 million accounts.
SMS-based two-factor authentication is not safe — consider these alternative 2FA methods instead
Why SMS isn’t the best choice for two-factor authentication, and what alternative types of 2FA you should consider.
androidApp permissions in Android 8: The complete guide
Android lets you configure app permissions to protect your data and restrict access to dangerous functions. We explain how to do it and why.
def con8 fun facts about fax. Yes, fax!
Which is older, the phone or the fax? Is it true that no one faxes anymore? And can a fax machine be hacked? (Spoiler: yes)
MitM and DoS attacks on domains through the use of residual certificates
Due to certification centers specifics, it is not rare for other people to hold a valid HTTPS certificate for your domain. What can go wrong?
Man-in-the-Disk: A new and dangerous way to hack Android
How a seemingly harmless Android application can infect your smartphone using shared external storage.
Hijacking online accounts through voicemail
When it comes to online accounts, voicemail is a major security hole. Here’s why.
Quiz: Are you ready to meet Mother Russia?
World Cup 2018 is coming. If you’re going to Russia, you’ve gotta be prepared. Take our quiz and find out if you are ready!