Security news that informs and inspires

All Articles

2264 articles:

Microsoft Targets North Korean Hackers in Domain Takedown

Microsoft took over 50 domains used by threat actors known as Thallium, which the company says are operating from North Korea.

Microsoft, APT

Drupal Patches Arbitrary File Upload Flaw

Drupal has released fixes for a file-upload flaw that could lead to remote code execution.

Vulnerabilities

Apple Opens Up Bug Bounty Program

Apple has opened its bug bounty program up to the broad research community, offering payments of up to $1.5 million.

Apple

BeyondProd Lays Out Security Principles for Cloud-Native Applications

First, it was Beyond Corp, to shift security away from the perimeter and onto individual users and devices. Now it is BeyondProd, to apply zero-trust principles to cloud-native applications and workloads that rely on microservices and communicate primarily over APIs.

Cloud, Containers, Google

Deciphering Die Hard

Zoe Lindsey, Pete Baker, and Dennis Fisher dive into Doe Hard, a modern classic with some interesting security lessons.

Podcast, Hacker Movies

Google to Pay for Security Upgrades in Open Source Projects

Google is amending its patch reward program to provide up-front financial support for open source projects that need money to make security improvements.

Google

Google to Restrict App Access to G Suite Accounts

Google will limit the ability of LSA to access G Suite accounts starting in June, to protect users from account hijacking attempts. The change is to encourage using apps that rely on OAuth 2.0.

Oauth, Multifactor Authentication, Google, Account Security

Decipher Podcast: Kelly Shortridge

Kelly Shortridge of Capsule8 joins Dennis Fisher to discuss the idea of accepting some level of ransomware attacks as necessary and working toward an economic equilibrium with the attackers.

Podcast

New Tactics Emerge as Phishing Evolves

Recent phishing campaigns uncovered by Microsoft are using custom 404 error pages and search result poisoning to fool victims.

Phishing

Time, Not Money, Kills Bugs

The measure of a bug bounty program's success is not how much researchers were paid, but how the organization handled the volume of new reports. GitLab's James Ritchey share some of the lessons learned in the company's first year of the public bug bounty program.

Bug Bounty, Gitlab

Mozilla to Require 2FA for Add-On Developers

Mozilla will soon require add-on developers to enable 2FA for their accounts in an effort to defeat supply chain attacks.

2fa, Mozilla

Microsoft Fixes Windows Bug Under Active Attack

Microsoft patched CVE-2019-1458 in Windows, a privilege escalation bug that is being used in active attacks.

Microsoft

Maze Turns Ransomware Incidents into Data Breaches

Maze ransomware, which infected Pensacola, Florida, exfiltrates the data to a remote server before encrypting the local copies in order to force victims to pay the ransom. The group threatens to publicly release the files if the victims don't pay.

Ransomware, Data Breaches

Chrome Adds Warning for Compromised Passwords

Google has integrated its Password Checkup functionality into Chrome 79 to warn when people use compromised credentials.

Google, Passwords

Signal Working on New Private Group Feature

Signal is developing an updated private group system that provides enhanced capabilities and security for group administrators.

Encryption, Privacy