Security news that informs and inspires

All Articles

895 articles:

Tech, Privacy Groups Urge Senators to Oppose EARN IT Act

A large coalition of privacy and civil liberty groups have sent a letter urging senators to oppose the EARN IT Act.

Privacy, Encryption

US Charges Five Alleged Members of APT41 Group

The Department of Justice has charged five men with hacking offenses in connection with operations by the APT41 group from China.

Government

House Passes IoT Security Bill

The House of Representatives has unanimously passed a bipartisan bill setting minimum security requirements for Internet of Things devices connected to federal networks. The next step: get the Senate to vote on its version of the bill.

Iot Security

Chinese State-Sponsored Attackers Target F5, VPN Flaws

CISA says attackers affiliated with China's Ministry of State Security have been targeting public vulnerabilities in VPN appliances and F5 networking gear.

Government, China

Attackers Verify O365 Credentials On Azure AD

Attackers are cross-checking stolen Office 365 credentials on Azure Active Directory in real-time after victims type them into a malicious phishing page, researchers from Armorblox said.

Phishing, Office 365, Azure, Azure Ad, Active Directory

Raccoon Attack Can Compromise Some TLS Connections

A new technique called the Raccoon attack can break the confidentiality of some TLS connections under certain circumstances.

Encryption, Vulnerability

Attackers Use Cloud Tool to Target Docker, Kubernetes

An attack group TeamTNT is using Weave Scope, an open source cloud monitoring and control tool to compromise Docker and Kubernetes instances as part of a cryptocurrency mining operation, security company Intezer said.

Cloud, Kubernetes, Docker

Traditional is Best When Converting Stolen Money to Clean Cash

SWIFT and BAE Systems analyzed the web of businesses, money mules, and intermediate accounts used to transfer stolen money around the world until it becomes hard to trace.

Cybercrime, Financial Services, Cryptocurrency

Attacks Target Critical Flaw in WordPress File Manager Plugin

Attackers are actively exploiting a critical bug in the File Manager WordPress plugin.

Vulnerability, Wordpress

CISA Issues Final Order on Federal Vulnerability Disclosure, But Questions Remain

Federal agencies must publish a vulnerability disclosure policy by March 1, per a new CISA directive, but there is no provision for maturity assessments or resources to build a bug handling process.

Government, Bug Bounty

UK Says Children’s Apps Must Have Built-in Privacy

New rules from the United Kingdom's Information Commissioner's took effect requiring office apps, social media platforms and online games specifically targeted at children to be designed with privacy in mind. Violators will be fined 4 percent of total revenue.

Privacy, Gdpr

Gartner Warns CEOs Will be Personally Liable for Breaches by 2024

By 2024, 75 percent of CEOs will be held personally responsible and accountable for cyber-physical security incidents, research firm Garner said.

Internet of Things, Data Breaches, Risk

Notarized Malware Slips Into Mac App Store

A piece of malware made its way into the macOS app store after being accidentally notarized by Apple, allowing it to run on victims' Macs.

Apple, Malware

Cisco Warns of Exploits Against IOS XR Flaws

Attackers are actively trying to exploit a memory exhaustion vulnerability (CVE-2020-3566) in Cisco's IOS XR royter software.

Vulnerability

CISA Releases 5G Security Strategy

The United States Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has released the National Strategy to Secure 5G for securely deploying 5G networks in the United States.

Government