MESSAGETAP: Eavesdropping on SMS Messages inside Telco Networks

FireEye reports on a Chinese-sponsored espionage campaign to eavesdrop on text messages, violating telco servers: yet another example that demonstrates why end-to-end message encryption is so important.

Continue reading “MESSAGETAP: Eavesdropping on SMS Messages inside Telco Networks”

Some thoughts about WS-Discovery DDoS attacks

Security researchers from Akamai published interesting details about the Web Services Dynamic Discovery (WS-Discovery) protocol, which they say can be abused to launch massive DDoS attacks.

Continue reading “Some thoughts about WS-Discovery DDoS attacks”

CPDoS in a nutshell

Recently, a team of cybersecurity researchers from Cologne University of Applied Sciences (Hoai Viet Nguyen and Luigi Lo Iacono) has disclosed a new cache poisoning attack against CDN systems that could be used to force a website into delivering error pages to its visitors instead of legitimate content or resources.

Continue reading “CPDoS in a nutshell”

Meet Graboid, the first cryptojacking worm that spreads using Docker images: how to defend your infrastructure from this new threat?

Recently, researchers from Palo Alto Networks’ threat intelligence team Unit 42 have uncovered the first instance case of a cryptojacking worm that propagates via malicious Docker images.

Continue reading “Meet Graboid, the first cryptojacking worm that spreads using Docker images: how to defend your infrastructure from this new threat?”