Security news that informs and inspires

All Articles

325 articles:

U.S. Says Russia, Other Nations, Are Uncooperative on Cybercrime Investigations

A deputy U.S. attorney general said that Russia and other nations stonewall cybercrime investigations and called for international cooperation.

Cybercrime, Privacy

AWS Adds Feature to Block Public Access to S3 Buckets

Amazon's AWS cloud platform now has a security feature that will block all public access to S3 data storage buckets.

Cloud

ICT Task Force Meets to Set Supply Chain Standards

Attacks on the global supply chain—sabotaging hardware components, installing malware or backdoors in software—are stuff security nightmares are made of. The ICT Task Force, formed by the Department of Homeland Security, meets to help companies manage their risk.

Supply Chain, Government

Firefox to Warn Users When They Visit Breached Sites

In the coming weeks, Firefox will begin to warn users when they visit a site that has been part of a data breach.

Data Breaches

Congress Votes to Create New Federal Cybersecurity Agency

A bill that passed the House Tuesday will create the new Cybersecurity and Infrastructure Security Agency to handle the government's cybersecurity responsibilities.

Government

The Deep, Dark Reach of the Magecart Group

The Magecart group has been compromising web stores and skimming card numbers from them for several years, and security researchers are exposing much of the group's techniques and tactics.

Fraud

Chip-Based Credit Cards Did Not Stop Payment Card Fraud

Three years ago, the United States shifted to chip-enabled credit and debit cards. The big promise was that chip cards would reduce payment card fraud. While that is mostly true, millions of chip-cards are still getting stolen because some merchants haven't made the switch.

Finance Security, Payment Card Breach

Google Data Shows Tiny Fraction of Android Devices Run Malicious Apps

A new transparency report on Android security shows that far less than one percent of all devices have a potentially harmful app running on them.

Android

Congress May Consider a U.S. Version of GDPR

Despite high-profile data breaches, increased scrutiny of how consumer data is used, and several hearings, there hasn’t been a lot of movement on privacy legislation out of Congress. That may change if lawmakers decide to pass the U.S. version of the European Union's data privacy law.

Government, Privacy

U.S. Cyber Command is Making Foreign Malware Tools Public

A group within the U.S. Cyber Command is now contributing malware samples to VirusTotal, part of a broader strategy to put pressure on foreign adversaries.

Government

Google Expands Automated OSS-Fuzz Program

Google's OSS-Fuzz open source fuzzing project has identified more than 9,000 bugs in less than two years and is now expanding.

Google

NIST Looking at AI to Calculate Bug Severity

IBM has been touting the potential of using Watson to help security analysts analyze large volumes of security data and make security decisions. The National Institutes of Standards and Technology may be considering using AI to help determine the severity of software vulnerabilities.

NIST, Vulnerability

Apache Warns of Critical Flaw in Struts 2 Framework

There is a serious flaw in the file upload component in the Struts 2.3.x framework that can lead to remote code execution on vulnerable apps.

Apache

Crypto Implementation Flaws Found in Popular Solid-State Drives

Researchers at Radboud University have uncovered a number of serious weaknesses in self-encrypting solid-state drives.

Encryption

Wyden Proposes Severe Fines, Jail Time for Corporate Privacy Violations

Sen. Ron Wyden is circulating a draft of a bill that would punish corporate privacy violations with massive fines and potential jail time for executives.

Privacy