Security news that informs and inspires

All Articles

2201 articles:

StrandHogg Bug Plagues Android

Many versions of Android, including Android 10, have a weakness dubbed StrandHogg that can lead to credential phishing and other malicious actions.

Android, Google

NIST Developing Hardware Security Guidelines for Enterprises

The federal government's technical standards body is working on best practices for verifying the security and integrity of hardware, a notoriously difficult problem.

Hardware Security, Government

Contract for Web Can’t Fix Privacy Problems If Security Isn’t Included

As the inventor of the World Wide Web, Tim Berners-Lee proposed the [Contract for the Web](https://contractfortheweb.org/) as a way to address problems such as misinformation, mass surveillance and censorship online, but the list is not a realistic blueprint for action.

Internet, Privacy

Congress Proposes a Promising New Privacy Bill

The ranking Democrat on a Senate Commerce Committee has unveiled a new digital privacy bill that would strengthen the FTC’s enforcement powers over tech companies.

Privacy, Legislation, Government

Fortinet Products Used Hardcoded Encryption Key

Several Fortinet products had a hardcoded encryption key that could allow for passive monitoring of user traffic.

Vulnerability

Q&A: Ron Deibert

The sale and use of surveillance software is largely unregulated and unexamined, but Ron Deibert and his team at the Citizen Lab are working to change that through research into abuses.

Privacy, Surveillance

Decipher Podcast: Brian Donohue

Brian Donohue of Red Canary joins Dennis Fisher to discuss the news and insights from Cyberwarcon.

Podcast

Open Source Flan Scan Combines Nmap with Vulnerability Scanning

Cloudflare has open sourced Flan Scan, a “lightweight” network vulnerability scanner that it uses in-house to help identify vulnerable services running in its vast network. Early reactions suggest that it shouldn’t be the sole vulnerability management tool being used in the network.

Vulnerability, Vulnerability Assessment, Network Security

Hack the Titan M, Get $1 Million

Google is now offering a top bounty of $1 million for a full chain remote code execution exploit that gains persistence on the Titan M chip on Pixel phones.

Android, Google

A Sovereign Internet Will Not Combat Cybercrime

The United Nations General Assembly will vote on a Russia- and China-backed resolution that claims to give governments tools to fight cybercrime. What it will actually do if it becomes a treaty, is allow governments to establish a sovereign Internet where they have full control of their country's Internet and monitor all activities.

Internet, Government, Surveillance

AWS Adds New Protections Against SSRF, Other Web App Attacks

The new AWS IMDSv2 security feature mitigates common attacks that take advantage of SSRF, open WAFs, and open layer 3 firewalls.

AWS Security, Cloud

Decipher Podcast: Ron Deibert

Ron Deibert of Citizen Lab joins Dennis Fisher to discuss his team's work on investigating surveillance vendors and helping victims.

Podcast

Americans Don’t See Benefits of Data Collection

Eight out of every 10 adults in the United States worry they cannot control how information about them is being used, found a new study from the Pew Research Center. A equal number of them don't think the rewards of personalized and customized services are worth it.

Privacy

US Government Has Stopped Warrantless Collection of Phone Data

The Office of the Director of National Intelligence confirmed that the government has stopped collecting phone location data using Section 215 of the Patriot Act.

Privacy, Government

New Variant of ZombieLoad Bypasses Intel Mitigations

Security researchers at Graz University of Technology in Austria discovered the fixes for the ZombieLoad speculative execution attacks on Intel processors were not completely effective. The researchers have disclosed a new variant that works on Intel processors that have hardware mitigations in place.

Hardware, Intel