Security news that informs and inspires

All Articles

2327 articles:

Senators Propose Cybersecurity Coordinators for Every State

A bipartisan group of Senators are interested in establishing a cybersecurity leader for each state in order to increase the states' abilities to respond to cyberattacks.

Government, Incident Response, Ransomware, Legislation

New Tool Detects Indicators of Compromise for Citrix Systems

Citrix and FireEye Mandiant have released a scanner that can detect some indicators of compromise related to the CVE-2019-19781 vulnerability.

Citrix

Ransomware Attacks Factory Honeypot

The latest investigation by Trend Micro Research observed multiple instances of fraud and ransomware attacks on networks with industrial control systems. For these organizations, sophisticated malware like Stuxnet and Triton aren't their biggest headaches.

Manufacturing Security, Critical Infrastructure Security

Unpatched IE Vulnerability Under Active Attack

A new Internet Explorer vulnerability (CVE-2020-0674) is being used in targeted attacks and Microsoft does not have a patch available right now.

Microsoft

Decipher Podcast: Kenn White on the Windows Crypto Bug

Kenn White joins Dennis Fisher to discuss the details of the CVE-2020-0601 Windows crypto vulnerability that the NSA disclosed to Microsoft.

Podcast

Kubernetes Launches Bug Bounty

Kubernetes has launched a public bug bounty program with support from Google.

Kubernetes

Citrix ADC Exploits Appear With No Patch Available Yet

Exploits for the CVE-2019-19781 Citrix ADC vulnerability are available on GitHub while patches are still a week away.

Citrix

Microsoft Patches Flaw in Windows Cryptography Component

Microsoft fixed a vulnerability in a cryptography component used by Windows 10 and Windows Server. If exploited, attackers would be able to pass off malicious software as legitimate, thus undermining digital trust.

Patch, Microsoft

Industry Groups Don’t Like Commerce Department’s Supply Chain Security Rules

Multiple business groups have pushed back on the Department of Commerce's proposed supply chain rules on information and communications technology supply chain security due to vague language and undefined scope.

Supply Chain, Government

‘We Can’t Be Complacent’ About the Crypto Debate

The encryption debate is as old as the Internet, and Jennifer Granick warns that giving ground now could have serious long-term effects.

Encryption, Privacy

Microsoft Mines Events Logs for RDP Brute-Force Attacks

Microsoft looked at Windows Events Log to understand what RDP brute-force attacks looked like in the enterprise, and found that attackers frequently space out the login attempts over several days to avoid detection.

RDP, Malware, Remote Access Attacks

Lawmakers Ask FCC to Do Something About SIM Swapping

Criminals can bypass two-factor authentication and hijack user accounts by simply convincing a mobile carrier to swap SIM cards for a phone number. A group of Senators and Representatives are asking the FCC to protect consumers from these kinds of scams.

Government, Mobile Security

Mozilla Patches Firefox Zero Day Under Active Attack

Mozilla has released an emergency fix for a vulnerability in Firefox that attackers are actively exploiting.

Mozilla

MITRE Adds ICS-Specific Techniques to ATT&CK Framework

MITRE adds information about threat groups, malware, and techniques used by adversaries in attacks against industrial control systems in its ATT&CK framework.

Critical Infrastructure Security

SHA-1 ‘Fully and Practically Broken’ By New Collision

A chosen prefix collision in SHA-1 has demonstrated a new issue with the venerable hash function developed by the NSA.

Cryptography