Security news that informs and inspires

All Articles

839 articles:

Citrix Patches 11 Vulnerabilities in Several Products

Citrix has fixed 11 vulnerabilities in its ADC, Gateway, and SD-WAN appliances, some which could allow authenticated access to a target appliance.

Vulnerabilities

Attackers Already Exploiting BIG-IP Vulnerability

A critical vulnerability in F5 Networks’ BIG-IP networking gear is under active attack, just days after the company first announced the flaw.

Networking, Patch

Facebook Changes Developer Rules After Apps Improperly Got User Data

On the heels of yet another privacy incident where Facebook app developers received user data when they shouldn’t be, the social networking giant rolled out new terms and policies for developers.

Privacy, Software Development, Facebook

ACM Calls for Suspension of Facial Recognition Use

The Association for Computing Machinery, a venerable computing society, has called for the immediate suspension of the use of facial recognition systems until regulation is in place.

Privacy

UCSF Pays Portion of $1.14M Ransom to Regain Medical School Data

The University of California San Francisco paid some of the $1.14 million ransom to regain access to data encrypted by ransomware on its School of Medicine servers.

Ransomware

Palo Alto Fixes Critical Authentication Bypass Flaw

Palo Alto Networks has patched a critical flaw in many of its products that support SAML-based authentication for SSO.

Vulnerability

Bills Would Ban Federal Use of Facial Recognition

Legislation introduced in both the House and Senate would ban the use of facial recognition systems by federal entities.

Privacy

New Bill Takes Direct Aim at Encrypted Devices and Services

The Lawful Access to Encrypted Data Act introduced this week would require device makers and service providers to create exceptional access to encrypted data at rest and in motion.

Government, Encryption

Decipher Podcast: Melanie Ensign on Security Communications

Melanie Ensign, CEO and founder of Discernible Communications, joins Dennis Fisher to talk about what effective security and privacy communications look like.

Podcast

Evil Corp Deploys New WastedLocker Ransomware

The Evil Corp group responsible for the Dridex malware is using a new ransomware called WastedLocker that targets cloud services and backups.

Ransomware

Password Spraying Leads to Compromise of Cloud Identities

The Holmium threat group has been using password spraying attacks against Office 365 to gain access to corporate networks.

Microsoft

Unnamed Web Host Hit With DDoS Attack

Attackers launched a massive distributed denial-of-service against a specific website hosted by a hosting provider in early June. Not only was the 1.44 terabit-per-second DDoS attack the largest Akamai has seen to date, it was also one of the most complex to resolve.

Ddos, Cloud

Enterprise, Embedded Devices at Risk From Ripple20 Bugs

Hundreds of millions of embedded and enterprise devices are vulnerable to a long list of flaws in the Treck TCP/IP stack.

Iot Security

Pandemic-Related Malware Activity Falling Off

Malware and phishing campaigns preying on interest in the COVID-19 crisis have spiked but are now falling off in many places.

Microsoft, Malware

Intel to Add Hardware Defense Against Subtle Attacks

Intel's new Control-Flow Enforcement Technology will be built into its forthcoming Tiger Lake processors and integrated with Windows 10.

Intel, Microsoft