Security news that informs and inspires

All Articles

261 articles:

Facebook Brings Bug Bounty to Developer Ecosystem

Facebook is expanding its bug bounty program to third-party apps and websites that might expose user tokens improperly.

Facebook, Bug Bounty

Cloudflare Makes InterPlanetary File System Globally Accessible

Cloudflare has released a gateway and browser extension to make the distributed IPFS network easily and securely accessible.

Encryption

No Sleep for Computers: Cold Boot Attacks are Back

F-Secure researchers found that modifying the hardware on modern computers make them susceptible to “cold boot” attacks where passwords and encryption keys can be harvested from memory. Hibernate or power off. Don't put the computer in sleep mode.

Hardware, Vulnerability

Senators Question Lack of MFA at State Department

Five lawmakers have asked the Secretary of State for answers about his agency's failure to implement MFA despite a federal requirement to do so.

2Fa

BA Breach Another Step in Magecart Group’s Evolution

The attack group known as Magecart has been stealing payment information from sites for several years and is showing signs of maturation with the BA breach.

Data Breaches

Data Breaches Have Long-Term Impact on Stock Price

A data breach disrupts day-to-day operations and can hurt the company’s reputation, but the fact that stock prices bounce back pretty quickly makes it seem like the stock market doesn't penalize the company. Analysis by UK-based Comparitech found that long-term impact on the company’s stock performance after a breach.

Data Breaches, CISO

Decipher Podcast: Richard Bejtlich

Security strategist, adviser, and author Richard Bejtlich joins the podcast to talk about the evolution of incident response and how the security community has changed over the last 20 years.

Podcast

IoT Botnets Turn Attention to Enterprises

The Mirai and Gafgyt IoT botnets recently have begun adding exploits for vulnerabilities in enterprise products.

Apache

Tor Browser Comes to Android

The Tor Browser, which allows for private web browsing, is now available for the Android platform.

Encryption

Justice Department Describes North Korea’s Attack Arsenal

The United States Department of Justice painstakingly laid out the investigative breadcrumbs that identified the tools and techniques used by North Korea in offensive campaigns conducted over a four-year span, which includes the attack against Sony Pictures in 2014, the theft from Bangladesh Bank in 2016, and the devastating WannaCry ransomware outbreak in 2017.

Government, Hackers

US Calls Out North Korea for Sony, Bangladesh Bank, WannaCry Attacks

The United States Department of Justice has charged a North Korean programmer for taking part in the attacks as part of its strategy to call out nation-state attackers. While there is no chance of US law enforcement ever making the arrest, the complaint is a way for the government to respond to damaging nation-state sponsored attacks.

Government, Hackers

Crypto Backdoor Law Unlikely Soon

Policy experts say that legislation mandating encryption backdoors are not on the horizon in the U.S., but could be a reality soon in the U.K. and Australia.

Encryption

NIST Outlines How to Secure BGP

The Internet relies on BGP, but the protocol doesn't have any security protections to prevent route hijacking. NIST's draft paper outlines techniques for securing BGP for a safer Internet.

Government, NIST, Internet, Networking

Facebook and Twitter Move to Fight Disinformation Campaigns

The two dominant social media platforms are changing the way they verify users in an effort to fight foreign influence operations.

Facebook, Twitter

Five Eyes Countries Press for Encryption Laws

The governments of the Five Eyes countries say that if tech companies can't help find a way to provide access to encrypted data, laws may be the answer.

Encryption