Security news that informs and inspires

All Articles

1736 articles:

Labs Presents: What’s Happening With RFID Blocking Gear?

With all the reports about criminals lifting information off credit cards, access cards, and even passports, does it make sense to buy one of those RFID-blocking sleeves and wallets? Duo Labs finds out in this Decipher report.

Labs Research, Rfid, Hardware

What Defenders Need to Know About the Latest Struts Flaw

It hasn’t even been a year since the Equifax breach was made public, and Apache has fixed yet another another critical vulnerability in the Struts web application framework. Does your incident response plan include assessing the risk exposure and deploying defenses on top of patch management?

Patching, Vulnerability, Java, Incident Response

Set of Serious Bugs Haunts Ghostscript

A Google security researcher has discovered a series of sandbox bypass vulnerabilities in the Ghostscript interpreter that threaten many Linux servers.

Linux

Microsoft Targets Fancy Bear Hacking Group

Microsoft has taken over six domains associated with a Russian-backed hacking group known to have targeted U.S. political campaigns and candidates.

Microsoft

How Android P Upgrades User and Device Security

Security in Android P is significantly different than in previous versions, as Google has added many new defensive measures.

Android, Google

NIST Act to Improve SMB Security Becomes Law

Under the newly minted law NIST Small Business Cybersecurity Act, NIST will have a year to release guidance and resources to help small businesses improve their security posture.

Legislation, Government

Clarity Needed Over New Rules on Use of Cyber Weapons

The White House has rescinded the directive that restricted how United States could respond to online attacks. Will this act as deterrence or escalate breaches and attacks into armed conflict?

Government

What IT Needs to Know About Foreshadow

Foreshadow/L1TF refer to a group of vulnerabilities that can be exploited in modern Intel chips using speculative execution attacks to bypass security protections and harvest sensitive information.

Vulnerability, Hardware, Spectre

Microsoft Fixed Multi-factor Authentication Bypass Flaw

The flaw in Microsoft's Active Directory Federation Services lets an attacker use the same second factor to bypass multi-factor authentication for any account running on the same service. Microsoft has patched the flaw.

Microsoft, 2fa, Mfa

More Details on Google’s Shielded VMs

Google’s new Shielded VMs help enterprises protect their Google Cloud workloads from attacks against the hardware and firmware.

Google, Virtualization, Cloud

Trailblazer Hunts Credential Abuse in AWS

A particularly vexing challenge in authentication is finding cases where credentials have been compromised or when login attempts are not legitimate. Netflix has open-sourced an internal tool called Trailblazer that uses AWS CloudTrail to help tackle this challenge in a scalable way.

Cloud, Aws

Facebook Hands Out Research Grants for Defensive Technologies

Facebook has given academic researchers more than $800,000 to pursue proposals for new defensive techniques.

Facebook

The Mafia Doesn’t Control Cybercrime

Just because cybercriminals are organized doesn’t mean they are part of organized crime such as the Mafia, an Oxford University researcher said at Black Hat.

Black Hat, Cybercrime

‘Everyone Who Cares About User Security Needs to Collaborate’

As the world's dependence on technology continues to increase, the need for collaboration on defensive projects is becoming more acute, as well.

Security, Black Hat

Decipher Podcast: Black Hat Preview

Decipher editors Dennis Fisher and Fahmida Rashid preview this year's Black Hat USA conference in the first episode of the podcast.

Podcast