Security news that informs and inspires

All Articles

2324 articles:

Two Years of GDPR Changed Privacy Landscape

Two years may have passed since enforcement of the European Union’s General Data Protection Regulation began, but regulators are just wrapping up the first wave of investigations. Change comes slowly in the realm of data privacy, and it is still too soon to try to improve the regulation.

GDPR, Privacy

Hacker Allegedly Connected to Collection 1 Credential Dump Arrested

Authorities in Ukraine arrested a suspect they say is Sanix, a hacker connected to the sale of the huge Collection 1 credential database.

Cybercrime

Most Applications Contain Vulnerable Open Source Libraries

Modern software development relies on open source libraries, even for those applications that are sold commercially and aren’t open source. A pair of reports from Veracode and Synopsys illustrate how these components are introducing vulnerabilities into these applications.

Open Source, Application Security, Javascript

Decipher Podcast: Ping Look

Ping Look, senior director of Microsoft's Detection and Response Team, joins Dennis Fisher to talk about her team's work helping enterprises recover from intrusions, the spike in ransomware infections, and understanding attacker behavior.

Podcast, Microsoft

Google Makes DNS Over HTTPS Default in Chrome

Chrome 83 introduces default support for DNS over HTTPS to protects users' DNS queries from surveillance.

Encryption

Attacks Based on Credential Theft On The Rise, DBIR Says

In the 13th Data Breach Investigations Report, Verizon researchers found that attackers are relying less on malware and more on stolen or lost credentials to carry out their attacks.

Data Breaches

Supercomputer Sites Still Struggling After Attacks

The attacks that hit numerous academic supercomputing sites have kept the powerful clusters offline for a week.

Supercomputers

Attacks Knock Supercomputing Sites Offline

A series of possibly related incidents has forced supercomputing site ARCHER in the UK and several others in Germany offline in the past few days.

Critical Infrastructure Security

Microsoft’s RDP Patch Isn’t a Complete Fix

Microsoft's February security update fixes the vulnerability that can result in reverse RDP attacks in the built-in Windows RDP client, but third-party RDP clients are still vulnerable, Check Point said.

Microsoft, RDP, Patching

Stuxnet’s Legacy Lives on in New Windows Bug

A vulnerability in the Windows print spooler service patched this week echoes a similar one exploited by the Stuxnet worm 10 years ago.

Microsoft

Lawmakers Ask for Cybersecurity Funding for States

A bipartisan group of Congressional lawmakers are trying to drum up support to include money for states and local governments to modernize their IT infrastructure in the next stimulus package.

Government

US Exposes New North Korean Malware Tools

The U.S. government has published details of three new malware tools it says are in use by North Korean state-sponsored attackers.

Malware

Thunderspy Attack Underscores Existing Thunderbolt Security Issues

The new Thunderspy attack highlights a handful of shortcomings in the security model of the Thunderbolt chip used in many PCs.

Hardware Security

GitHub Expands Scanning to Find Security Flaws in Code

The goal for secure software isn’t to never have vulnerabilities, but to be able to find vulnerabilities as soon as possible so that they can be fixed. GitHub has expanded its code scanning capabilities to make it easier for developers to identify flaws in projects that are managed on its platform.

Open Source, Github, Vulnerability, Appdev

Cisco Fixes Kerberos Authentication Bypass Bug in ASA Software

Cisco has patched a dangerous flaw in its Adaptive Security Appliance Software that could allow an attacker to bypass authentication when Kerberos is enabled.

Vulnerability