SEARCH
All Articles
Maze Turns Ransomware Incidents into Data Breaches
Maze ransomware, which infected Pensacola, Florida, exfiltrates the data to a remote server before encrypting the local copies in order to force victims to pay the ransom. The group threatens to publicly release the files if the victims don't pay.
Chrome Adds Warning for Compromised Passwords
Google has integrated its Password Checkup functionality into Chrome 79 to warn when people use compromised credentials.
Signal Working on New Private Group Feature
Signal is developing an updated private group system that provides enhanced capabilities and security for group administrators.
Buggy Ryuk Tool Corrupts Data Files After Ransomware Infection
A bug in the Ryuk ransomware’s decryptor tool means some files get corrupted during the recovery process. The victim doesn’t get all the files back, even after paying the ransom demand.
Linux Flaw Allows VPN Hijacking
A vulnerability in many Linux distributions, as well as Android and iOS, can allow an attacker to hijack VPN connections in some cases.
New ZeroCleare Wiper Malware Used in Targeted Attacks
The new ZeroCleare malware has been used in destructive attacks against energy companies in the Middle East.
StrandHogg Bug Plagues Android
Many versions of Android, including Android 10, have a weakness dubbed StrandHogg that can lead to credential phishing and other malicious actions.
NIST Developing Hardware Security Guidelines for Enterprises
The federal government's technical standards body is working on best practices for verifying the security and integrity of hardware, a notoriously difficult problem.
Contract for Web Can’t Fix Privacy Problems If Security Isn’t Included
As the inventor of the World Wide Web, Tim Berners-Lee proposed the [Contract for the Web](https://contractfortheweb.org/) as a way to address problems such as misinformation, mass surveillance and censorship online, but the list is not a realistic blueprint for action.
Congress Proposes a Promising New Privacy Bill
The ranking Democrat on a Senate Commerce Committee has unveiled a new digital privacy bill that would strengthen the FTC’s enforcement powers over tech companies.
Fortinet Products Used Hardcoded Encryption Key
Several Fortinet products had a hardcoded encryption key that could allow for passive monitoring of user traffic.
Q&A: Ron Deibert
The sale and use of surveillance software is largely unregulated and unexamined, but Ron Deibert and his team at the Citizen Lab are working to change that through research into abuses.
Decipher Podcast: Brian Donohue
Brian Donohue of Red Canary joins Dennis Fisher to discuss the news and insights from Cyberwarcon.
Open Source Flan Scan Combines Nmap with Vulnerability Scanning
Cloudflare has open sourced Flan Scan, a “lightweight” network vulnerability scanner that it uses in-house to help identify vulnerable services running in its vast network. Early reactions suggest that it shouldn’t be the sole vulnerability management tool being used in the network.
Hack the Titan M, Get $1 Million
Google is now offering a top bounty of $1 million for a full chain remote code execution exploit that gains persistence on the Titan M chip on Pixel phones.