Security news that informs and inspires

All Articles

2327 articles:

Serious New Bug Emerges in Exim

A newly discovered buffer overflow in the Exim mail server can be used to cause a denial-of-service and possibly remote code execution.

Vulnerability

eGobbler Malvertising Campaign Targets Safari, Chrome Users

eGobbler Malvertising Campaign Targets Safari, Chrome Users

Browser Security, Vulnerability, Malvertising

Senate Bill Creates DHS Threat Hunting Teams

The Senate has passed a measure that creates threat hunting and response teams to help government agencies and enterprises respond to major cybersecurity incidents.

Government, Ransomware

Magecart’s Evolving Tactics Target Routers

One of the prominent Magecart threat groups, Magecart Group 5 (MG5) appears to be trying to compromise the routers used by airports, cafes, and other public buildings to provide users with public WiFi.

Magecart, Payment Card Breach, Ecommerce Security

Attackers Combine Attacks Against RDP with Ransomware

Attacks using Remote Desktop Protocol continue to be tremendously successful. It turns out many attackers are combining RDP attacks with ransomware.

Ransomware, RDP

Enterprises Lack Clear Security Guidance for 5G

Enterprises need guidance on how to get ready for 5G networks, but the current fear-mongering about Huawei doesn't give enterprises the information they need to make sure the applications are secure.

Networking, Wireless Security, Internet, 5g, Critical Infrastructure Security

New Tortoiseshell Campaign Targets Veterans

A fake hiring site for veterans is the latest tool deployed by the Tortoiseshell attack group.

Malware

Microsoft Issues Emergency Fix for Critical IE Flaw

Microsoft has pushed out an emergency patch for a critical remote code execution bug in Internet Explorer that has been exploited.

Microsoft

Cloudflare Fights Bots With Tech, Trees

Cloudflare's new "bot fight mode" protects enterprises against malicious bots with tar-pit techniques and the company pledges to plant trees to offset the carbon costs.

Botnet

GitHub Beefs Up Code Scanning With Semmle

Keeping software secure isn't just the developer's job. GitHub is strengthening its ecosystem with tools for developers, researchers, and project maintainers to identify and fix software vulnerabilities.

Application Security, Open Source, Vulnerability

‘We Have to Stop Selling Fear’

CISA Director Christopher Krebs urged the security community to move past selling based on fear.

Government

Emotet Malware Reawakens

The Emotet malware has come back to life after several months of inactivity over the summer.

Malware

Tortoiseshell Targets IT Providers in Supply Chain Attack

Supply chain attacks violate the trust organizations have in their suppliers and providers. A newly discovered attack group is brazen, compromising IT providers in order to get to their final targets.

Supply Chain, Attacker

Working Group Attempts Consensus on Encryption, Lawful Access

The "debate" over how law enforcement can have lawful access to encrypted messages is anything but civil. The Encryption Working Group attempted to find common ground and made some proposals, but no agreement on how messages can be viewed without undermining encryption.

Encryption, Government

LastPass Fixes Bug That Leaked User Credentials

A flaw in the LastPass browser extension for Chrome and Opera could leak the credential used on the previous site.

Privacy