SEARCH
All Articles
Open Source Flan Scan Combines Nmap with Vulnerability Scanning
Cloudflare has open sourced Flan Scan, a “lightweight” network vulnerability scanner that it uses in-house to help identify vulnerable services running in its vast network. Early reactions suggest that it shouldn’t be the sole vulnerability management tool being used in the network.
Hack the Titan M, Get $1 Million
Google is now offering a top bounty of $1 million for a full chain remote code execution exploit that gains persistence on the Titan M chip on Pixel phones.
A Sovereign Internet Will Not Combat Cybercrime
The United Nations General Assembly will vote on a Russia- and China-backed resolution that claims to give governments tools to fight cybercrime. What it will actually do if it becomes a treaty, is allow governments to establish a sovereign Internet where they have full control of their country's Internet and monitor all activities.
AWS Adds New Protections Against SSRF, Other Web App Attacks
The new AWS IMDSv2 security feature mitigates common attacks that take advantage of SSRF, open WAFs, and open layer 3 firewalls.
Decipher Podcast: Ron Deibert
Ron Deibert of Citizen Lab joins Dennis Fisher to discuss his team's work on investigating surveillance vendors and helping victims.
Americans Don’t See Benefits of Data Collection
Eight out of every 10 adults in the United States worry they cannot control how information about them is being used, found a new study from the Pew Research Center. A equal number of them don't think the rewards of personalized and customized services are worth it.
US Government Has Stopped Warrantless Collection of Phone Data
The Office of the Director of National Intelligence confirmed that the government has stopped collecting phone location data using Section 215 of the Patriot Act.
New Variant of ZombieLoad Bypasses Intel Mitigations
Security researchers at Graz University of Technology in Austria discovered the fixes for the ZombieLoad speculative execution attacks on Intel processors were not completely effective. The researchers have disclosed a new variant that works on Intel processors that have hardware mitigations in place.
Firms Increasingly Affected by Breaches at Other Organizations
The world is more interconnected than ever, and that network of dependencies means when an organization experiences a security incident, so do other downstream organizations in the supply chain, Cyentia Insitute said in its latest analysis.
Decipher Podcast: Chris Wysopal
Chris Wysopal of Veracode joins Dennis Fisher to dive into the company's new State of Software Security report.
TLS Delegated Credentials to Protect Private Keys on Web Servers
Mozilla, Firefox, and Cloudflare team up to tackle a specific TLS security problem: what to do in CDN and large web deployments where the private key has to be installed on every web server. Delegated credentials are short-lived TLS private keys that are generated by the web server.
Macs Storing Copies of Encrypted Messages from Apple Mail
The Apple Mail app on the most recent Macs appear to be storing copies of encrypted emails in plaintext, an Apple IT specialist found. There is a way to turn this off, temporarily.
Microsoft Warns of Possible Further BlueKeep Exploits
BlueKeep exploits have been seen installing a cryptominer, but Microsoft is warning customers that more damaging attacks could be coming.
The Future is Encrypted
The move by Google and Mozilla to implement DNS over HTTPS in their browsers is drawing fire from ISPs, which rely on DNS visibility to gather user data.
Online Privacy Act Would Create Federal Privacy Agency
A new privacy bill in the House of Representatives would create a new Digital Privacy Agency and punish companies for data misuse.