SEARCH
All Articles
Hardware Security Keys Go Open Source With Solo
The Solo security keys are based on open-source software and hardware designs and work with both desktop and mobile devices for two-factor authentication.
New California Law Requires Strong Passwords for Internet of Things
Thank you California. Gov. Brown has signed into the law that requires manufacturers to give Internet-connected devices unique passwords and not weak passowords like "admin" by default.
Chinese Spies Planted Hardware Backdoors on Servers in Supply Chain Attack
Whether or not Chinese spies actually planted rogue chips into Super Micro servers, this kind of supply chain attack is feasible. This is just the tip of the iceberg.
Russian APTs Turla and Sofacy Sharing Code and Targets
Two Russian-speaking APT teams recently have been seen using shared code and targeting the same organizations.
Toward Dynamic Profiling of Adversaries
Creating static profiles of APT groups has limited value as tactics and tools shift constantly. So some researchers are advocating a move to dynamic profiles of adversaries.
After Account Breach, Attackers Can Use Single Sign-On to Take Over More Accounts
Facebook revoked its session tokens after the massive breach. A team of researchers from the University of Illinois at Chicago lay out what attackers could do with those session tokens if they hadn't been reset.
New KRACK Attacks Appear
A research team from KU Leuven in Belgium has disclosed new key reinstallation attacks against WiFi networks.
Understanding the Defense Department’s New Cyber Strategy
Will adversaries think twice about going after U.S. networks knowing that the Department of Defense now considers offensive tactics as part of its arsenal? Scythe's Bryson Bort and Endgame's Andrea Limbago discuss the shift towards offensive cyber operations and what it means for deterrence.
Cloudflare Starts Security Focused Domain Registrar
The Cloudflare Registrar will offer organizations wholesale domain pricing and a number of free security and privacy tools.
Attackers Take Over 50 Million Accounts in Facebook Breach
Attackers exploited vulnerabilities in Facebook's code to gain access to at least 50 million Facebook user accounts. Those accounts could have been used for information gathering campaigns, as attackers had full access to the user's profile, friends list, and usage history.
Don’t Skip User Authentication on MDM Even With Apple’s DEP
Duo Labs researchers discovered that Apple was using serial numbers to authenticate devices with its Device Enrollment Program (DEP). If organizations treat DEP as a trust broker and assume DEP-registered devices are trusted, they expose themselves to a variety of risks, including rogue devices receiving internal network configuration settings.
Researchers Identify New Phishing Tactics on Android Devices
A team of researchers has developed several new phishing techniques that can be used against Android devices, leveraging issues with some password managers.
Getting Closer to a Surveillance-Free Internet
Cloudflare has been working with the likes of Google, Mozilla, Fastly and Apple to make it harder for ISPs and other network operators from being able to see what sites users are visiting. Cloudflare has rolled out ESNI on its systems to see how well the experimental technical specification works to hide user activity online.
Google Chrome Sign-in Change is Surprising. Is It a Deal-Breaker?
The privacy questions raised by Google's recent changes in how Chrome handles user login, but that doesn't necessarily mean the changes are nefarious.
Mozilla Rolls Out Firefox Monitor Service for Breach Notifications
The Firefox Monitor service uses data from the Have I Been Pwned database to alert people to compromises.