Half of Leading USB Controller Chips Vulnerable to BadUSB

BadUSB hasn’t gone from bad to worse necessarily, but it sure has reached a new state of confusion for security experts and consumers in the crosshairs. Researcher Karsten Nohl, who warned the world during Black Hat last summer that the controller chips in most USB devices could be reprogrammed t...

Cybercriminals Use Evernote as C&C

At least one group of cybercriminals has taken to Evernote, the popular cloud-based note-taking and data-sharing service, as a base of operations for a data stealing Trojan, according to TrendMicro threat response engineer Nikko Tamana. TrendMicro detected the threat as “BKDRVERNOT.A” and observe...

Ignore Supply Chain Security and Risk Management at Your Peril

No CFO thinks that his signature approving a purchase order for a new five-figure piece of hardware could ultimately cost his company seven-figures, or maybe force them to shut their doors forever. But that’s the reality many companies need to face when it comes to supply chain security and risk...

scp.hole.txt

This issue appears quite often - tar suffers from problem of this kind as well using cute symlink tricks, you can create an archive, which, when unpacked, can overwrite or create specific files anywhere in your filesystem. This time, similar scp vulnerability has been found and acknowledged in ss...