Security news that informs and inspires

All Articles

2324 articles:

Networked Devices Will Stop Working As Root Certificates Expire

As the original root certificates begin to expire, more and more networked devices, including smart devices and internet of things, will stop working. They won't be able to connect online to services unless they are updated, and that is easier said than done.

Certificate Authority

FBI Warns of Increase in Banking Trojan Attacks

The FBI is warning of a potential spike in mobile banking app attacks resulting from a drop in the number of people visiting physical bank branches.

2fa

Critical Flaw Patched in Windows SMB

Microsoft fixed a critical remote code execution flaw in the SMBv1 protocol in many of the current Windows versions.

Microsoft

Flaw in Plug-and-Play Protocol Exposes Devices to Data Theft, DDoS Attacks

Billions of network-connected devices, such as printers, routers, smart TVs, and video game consoles, are open to attack via the CallStranger vulnerability in the Universal Plug and Play (UPnP) protocol.

Networking, Vulnerability

IBM Releases Open Source Encryption Toolkit

Protecting data while in use is a challenge. IBM released an open source toolkit to help developers implement fully homomorphic encryption in their applciations.

Encryption, Open Source

Google Adds WebAuthn Support for Security Keys on iOS

People enrolled in Google's Advanced Protection Program can now use hardware keys that support WebAuthn with their iOS devices.

Google, 2fa

Into the Great Wide Open With CVE-2020-0688

Hundreds of thousands of Exchange servers are still vulnerable to a dangerous flaw (CVE-2020-0688) four months after Microsoft released a patch for it.

Microsoft

Many Exim Servers Remain Vulnerable to Year-Old Flaw

New data shows that hundreds of thousands of Exim servers are still running versions vulnerable to flaws disclosed and patched last year.

Exim

iOS 13.5.1 Fixes Kernel Zero Day

Apple has patched, for the second time, a vulnerability in the iOS kernel that has been used in jailbreak tools.

Apple, Ios

NSA Warns Russian Attackers are Exploiting Old Exim Flaw

The Sandworm team, associated with the Russian GRU, is exploiting a flaw in the Exim mail transfer agent, the NSA warned in a new advisory.

Vulnerability, Government

Decipher Podcast: Alex Pinto

Alex Pinto from Verizon Enterprise joins Dennis Fisher to discuss the findings of the 2020 Data Breach Investigations Report.

Podcast

Malware Infects NetBeans Projects In Software Supply Chain Attack

The Octopus Scanner malware compromised 26 open source projects hosted on GitHub in a new supply chain attack targeting NetBeans projects, GitHub Security Lab said.

Supply Chain, Appdev, Github

OpenSSH Will Deprecate SHA-1

OpenSSH will soon deprecate the use of SHA-1 because of the risk of specific attacks against the algorithm.

SSH, Cryptography

Analysis of DNS Traffic Uncovers DDoS Attacks

Internet usage in 2020 is shaping up to be very different from how it was at the end of 2019. New DNS research from Farsight Security shows where people have been spending their time online and uncovered previously unknown distributed denial of service attacks.

Ddos, DNS

Stolen Credentials Behind Supercomputing Attacks

Compromised credentials and empty SSH passphrases led to the string of attacks on academic supercomputing sites in recent weeks.

Supercomputers