Ransomware

Ransomware Attack Hit Gas Pipeline Facility

A gas compression facility was the victim of a ransomware attack that took its operations offline for two days and required replacement equipment.

By Dennis Fisher

Android

Changes in Kernel Code Created New Security Bugs in Android Devices

Code changes intended to prevent attacks can wind up creating even more security issus, Google Project Zero warned.

By Fahmida Y. Rashid

Microsoft

Microsoft Pulls Buggy UEFI Security Update

Microsoft has removed the Windows security update addressing issues with third-party boot managers after users complained the...

By Fahmida Y. Rashid

2FA

OpenSSH Adds Support for U2F Hardware Keys

OpenSSH has added support for hardware security keys that implement the U2F standard.

By Dennis Fisher

2FA

Review Finds Downgrade Attack in Solokey Firmware

A review of the SoloKey firmware found a serious downgrade attack flaw, which an attacker could use to install an older,...

By Dennis Fisher

Privacy

Senate Bill Would Create Data Protection Agency

Sen. Kirsten Gillibrand has introduced a new bill that would establish a federal Data Protection Agency with privacy oversight.

By Dennis Fisher

Red, green, purple, blue Bumper cars parked and no people.

DNS Security

Sale of Corp.com Can Expose Corporate Data

Depending on who winds up buying corp.com, administrators with Active Directory in their networks may wind up with sensitive...

By Fahmida Y. Rashid

TLS

Browsers Will Block Sites Using Old Versions of TLS

Starting in March 2020, all the major web browsers—Firefox, Chrome, Safari, and Edge—will display warnings when users visit...

By Fahmida Y. Rashid

Podcast

Decipher Podcast: Rick Altherr

Rick Altherr of Eclypsium joins Dennis Fisher to talk about the company's new research on unsigned device firmware.

By Dennis Fisher

2FA

Dennis Has Some Questions About…2FA

Two-factor authentication is a vital part of many corporate security strategies, and is now offered by lots of consumer apps,...

By Dennis Fisher

Wall of padlocks, with a green filter over it.

Data Breaches

Maze Turns Ransomware Incidents into Data Breaches

Maze ransomware, which infected Pensacola, Florida, exfiltrates the data to a remote server before encrypting the local copies...

By Fahmida Y. Rashid

Data Breaches

Imperva Breach Stemmed From Compromised Internal Compute Instance

A data breach disclosed in August by Imperva came from an AWS API key stolen from a compromised internal compute instance in 2017.

By Dennis Fisher

Data Breaches

Imperva Discloses Data Breach, Theft of Customer API Keys

Security firm Imperva says that API keys and SSL certificates for some of its Cloud WAF customers were exposed in a data breach.

By Dennis Fisher