Security news that informs and inspires

All Articles

2290 articles:

New Security Tools Added to Google’s Advanced Protection

Google is turning on its Play Protect app scanning feature automatically and changing which apps can be installed on Android devices associated with Advanced Protection Program accounts.

Google, Android

Use Data, Not Magical Thinking

Many security leaders rely on a cost-per-record metric to calculate the costs of a security incident. The latest research from Cyentia Institute using Advisen data shows estimates based on that metric are frequently inaccurate.

Risk, Data Breaches, Risk Management

For Ransomware, Nighttime is the Right Time

Ransomware attackers tend to deploy their payloads at night and on weekends, when IT resources are scarce and security teams may be less active.

Ransomware

Decipher Podcast: Jo Van Bulck

Jo Van Bulck of KU Leuven joins Dennis Fisher to discuss the new load value injection attacks on processors.

Podcast

Security Norms Must Shift in a Crisis

With so many employees and contractors working remotely, security teams and CISOs grapple with the job of continuing to protect networks, systems, data, and people. One challenge: recognizing clues that something is wrong when nothing looks normal.

Network Security, CISO

VMware Patches Critical Flaw That Allows Guest Escape

A critical flaw in VMware Fusion and Workstation could allow an attacker to run arbitrary code on the host from the guest.

Vulnerabilities

GitHub’s npm Acquisition Will Boost JavaScript Security

The security of the JavaScript software ecosystem will get a significant boost with GitHub acquiring npm, which hosts and maintains the Node package manager and the package registry. GitHub has the resources to invest in robust and stable infrastructure, thorough vetting of software packages, and integration into GitHub's other services.

Javascript, Github, Appsec

EARN IT Act Casts a Long Shadow on Encrypted Services

More senators are expressing support for the EARN IT Act despite its serious threat to encrypted services and user privacy.

Encryption, Government

Microsoft Releases Emergency Fix for SMBv3 Flaw

Microsoft has issued a security advisory warning of a vulnerability in the Microsoft Server Message Block (SMB) protocol. Until a fix is available, administrators are advised to disable SMBv3 compression on their servers.

Microsoft, SMB Security, Networking

Microsoft DART Finds Six Attack Groups On Customer Network

While helping a customer deal with a state-sponsored attack group which had been stealing data and email for about eight months, Microsoft’s incident response team uncovered five other threat actors operating simultaneously on the network.

Microsoft, Incident Response, APT

Commission Outlines Ways to Overhaul Federal Cybersecurity

The United States needs a top-level cybersecurity coordinator, more powers for CISA, and cybersecurity-specific committees in Congress, the Cyberspace Solarium Commission said in its long-awaited report.

Government, Federal Cybersecurity

Microsoft Disrupts Necurs Botnet

Microsoft has taken over the control infrastructure for the Necurs botnet, disrupting the operations of the notorious spam and malware-distribution network.

Microsoft, Botnet

Yubico Warns of OTP-Replay Issue In Validation Server

The Yubico Validation Server contains a pair of vulnerabilities, one of which allows the replay of one-time passwords.

2fa

DuckDuckGo Releases Tracker Radar Tool

DuckDuckGo's new Tracker Radar tool protects users against pervasive third-party tracking across the web.

Privacy

Internet Standards Emphasize User Privacy At Expense of Enterprise Security

New Internet technologies bring more privacy to the network, but they have the side effect of breaking security in enterprise networks, Internet pioneer Paul Vixie said at RSA Conference 2020.

DNS