SEARCH
All Articles
Give IT a Break from Software Updates
Microsoft said it will pause non-security Windows updates beginning in May as part of its plan to reduce the update pressure on IT and security teams, as they are busy keeping organizations operational during the COVID-19 pandemic. Other software companies are adjusting their release schedules, recognizing that IT and security teams are currently stretched thin.
APT41 Campaign Targeted Companies in 20 Countries
APT41, an attack group connected to China, has been running a broad campaign using public exploits and flaws to target companies in 20 countries.
California, NY Consumer Privacy Laws Protect Data from Misuse
Organizations collecting and maintaining personal information about California and New York residents should be paying attention as the data security element of New York's SHIELD Act goes into effect and the California Attorney General releases a second set of modifications on regulations on implementing CCPA.
Buffer Overflow in Memcached Fixed
A buffer overflow in the memcached tool has been patched after a public disclosure of the details and proof-of-concept exploit code.
Insurers See Ransomware Claims More Than Double
Ransomware attacks are on the rise, and the in-house breach investigations team at insurance company Beazley Group said there were 131 percent more ransomware attacks against its customers in 2019 than was in 2018. The spike in attacks were most evident in healthcare, professional services, and financial services.
Decipher Podcast: Wade Baker and David Severski
Wade Baker and David Severski of the Cyentia Institute join Dennis Fisher to discuss the findings from their new Information Risk Insights Study into the risk and cost of security breaches across industries.
Unpatched Windows Flaws Under Active Attack
Two new Windows vulnerabilities related to the Adobe Type Manager library are being exploited in targeted attacks.
New Security Tools Added to Google’s Advanced Protection
Google is turning on its Play Protect app scanning feature automatically and changing which apps can be installed on Android devices associated with Advanced Protection Program accounts.
Use Data, Not Magical Thinking
Many security leaders rely on a cost-per-record metric to calculate the costs of a security incident. The latest research from Cyentia Institute using Advisen data shows estimates based on that metric are frequently inaccurate.
For Ransomware, Nighttime is the Right Time
Ransomware attackers tend to deploy their payloads at night and on weekends, when IT resources are scarce and security teams may be less active.
Decipher Podcast: Jo Van Bulck
Jo Van Bulck of KU Leuven joins Dennis Fisher to discuss the new load value injection attacks on processors.
Security Norms Must Shift in a Crisis
With so many employees and contractors working remotely, security teams and CISOs grapple with the job of continuing to protect networks, systems, data, and people. One challenge: recognizing clues that something is wrong when nothing looks normal.
VMware Patches Critical Flaw That Allows Guest Escape
A critical flaw in VMware Fusion and Workstation could allow an attacker to run arbitrary code on the host from the guest.
GitHub’s npm Acquisition Will Boost JavaScript Security
The security of the JavaScript software ecosystem will get a significant boost with GitHub acquiring npm, which hosts and maintains the Node package manager and the package registry. GitHub has the resources to invest in robust and stable infrastructure, thorough vetting of software packages, and integration into GitHub's other services.
EARN IT Act Casts a Long Shadow on Encrypted Services
More senators are expressing support for the EARN IT Act despite its serious threat to encrypted services and user privacy.