Security news that informs and inspires

All Articles

2327 articles:

DHS Warns of New North Korean Government Malware Hoplight

The DHS and FBI say North Korean-backed attackers are using a powerful new piece of malware known as Hoplight to infiltrate target machines.

Malware

Supply Chain Security Requires Knowing Who to Avoid

There are many ways to share threat indicators and vulnerability details, but no good way to share concerns about untrustworthy suppliers and vendors in the supply chain. That needs to change.

Supply Chain

WhatsApp Suit Against NSO Group Marks Beginning of an Era

The WhatsApp lawsuit against NSO Group may be a turning point in the way technology companies deal with surveillance vendors.

Privacy

Fancy Bear Attackers Target Anti-Doping and Sports Groups

The Russian attack group known as fancy Bear has been targeting anti-doping and sports organizations in advance of the 2020 Summer Olympics.

Microsoft, APT

Johannesburg Hit With Major Ransomware Attack

The City of Johannesburg was hit with a ransomware attack that has compromised many of its municipal services.

Ransomware

Older Bugs in Software Add to Security Debt

In the rush to fix newer vulnerabilities, the older ones are left unaddressed. The resulting security debt increases the organization's risk of a breach, Veracode warned.

Application Security, Appdev, Appsec, Software Security, Software Development

Updated Gustuff Android Trojan Changes Tactics

A new version of the Gustuff Android banking trojan has emerged, this time with new communications capabilities and more credential-theft features.

Android

Malwarebytes Connects Magecart Group to Carbanak

Researchers have linked the Magecart group known for its supply-chain attacks to Cabanak, an advanced threat group.

Website Security, Supply Chain, Magecart

Firefox Now Blocks Social Media Trackers

In Firefox 70, Mozilla has added the ability to block trackers from Facebook, Twitter, and other social networks, as well as other new privacy enhancements.

Firefox

FTC to Developers: Get Consent

The FTC action against a developer of "stalking" apps emphasized that installing an app that hid its presence on the device and didn't notify the user what it was doing was against the law.

Privacy, Government, Appdev

Microsoft’s Secured-core PC Takes Aim at Firmware Attacks

Microsoft's Secured-core PC initiative is a partnership with OEM partners (including HP and Dell), silicon vendors (such as Intel, AMD, and Qualcomm) to provide deeply integrated hardware, firmware and software that can withstand firmware-based attacks.

Hardware, Windows, Microsoft, Firmware Security

Russian Attackers Used Iranian Infrastructure and Tools Against Multiple Targets

Investigations by the NSA and Uk's NCSC found that the Russian Turla attack group was using compromised C2 infrastructure and tools belonging to an Iranian APT group in several operations.

Malware

Decipher Podcast: James Plouffe

James Plouffe, a former technical adviser for Mr. Robot, joins Dennis Fisher to talk about the show's cultural legacy.

Podcast

Prices for Attack Tools on Dark Web Forums Remain Stagnant

Flashpoint analysts look at Dark Web marketplaces and see that prices have not changed all that much in two years.

Cybercrime

Wyden Introduces Tough New Privacy Bill

Sen. Ron Wyden has introduced a new privacy measure that would allow the FTC to assess huge fines for corporations that misuse consumer data--and mean jail time for executives who lie about their companies' policies.

Privacy, Government