Security news that informs and inspires

All Articles

2262 articles:

Amazon Unveils Security Hub, Control Tower to Aid AWS Security

At AWS re:Inforce, Amazon introduced two new security tools--Control Tower and Security Hub--to help ease the process of securely configuring AWS environments.

Cloud Security

Thieves Switching to Shimmers to Steal from ATMs

As chip-based payment cards become the norm, criminals are shifting tactics to use shimmers rather than skimmers to steal money from automated teller machines, Flashpoint said.

Finance

CISA Warns Iranian Attackers Use Wiper Malware

The United States Department of Homeland Security warned that Iranian nation-state attackers could lob malware capable of wiping hard drives and physically destroying machines against U.S. targets as the two countries remain locked in a political game of one-upmanship.

Malware, Government

Dashboard Act Would Force Companies to Tell Users What Their Data is Worth

The DASHBOARD Act, introduced in the Senate Monday, would require social media companies to tell people what the economic value of their personal data is.

Government, Privacy

Dell Patches Bug in Powerful SupportAssist Utility

Dell has fixed a serious bug in the SupportAssist utility that is preinstalled on millions of PCs and could give an attacker control of a target machine.

Vulnerability

Firefox 0-Day Used to Deliver Netwire Mac Malware

A new vulnerability in Firefox has been used in targeted attacks, one of which has delivered the Netwire OS X malware.

Firefox

Phishing Kit Developers Operate Like Regular Software Shops

Phishing is a numbers game—and the longer a kit remains hidden and active, the longer the attack can run and net more victims. The developers behind popular phishing kits are adopting best practices from the business world to streamline operations and make money.

Phishing, Phishing Kits

MongoDB Moves Encryption Out of the Server

MongoDB engineers spent the last two years developing field-level encryption, a scheme that would reduce the damage after a data breach.

Database, Mongodb

Seeking Validation in a Hostile World

The domain control validation process relies on protocols and systems that are susceptible to compromise, so Cloudflare is hoping to fix that with a new service that validates certificates from multiple points.

DNS Security

The League of Entropy Forms to Offer Acts of Public Randomness

Cloudflare and several other members have formed the League of Entropy to offer a quorum of public randomness beacons.

Cryptography

Linux Worm Hits Unpatched Exim Servers

It took only a few days for a Linux worm to start exploiting the vulnerability in the Exim mail transfer agent. Microsoft said some Azure customers have already been affected.

Linux, Malware, Microsoft

Most DNS Traffic Passes Through Just a Few Name Servers

This is not the decentralized network we were promised. The majority of the world’s DNS transactions pass through authoritative name servers operated by less than 10 organizations, DNS Observatory found.

DNS Security, Internet

New Echobot Malware Adds Exploits, Targets Enterprise Apps

A newly discovered version of the Echobot malware, which is tied to the Mirai botnet, contains eight new exploits and targets enterprise applications as well as consumer devices.

Malware, Botnet

Application Attacks Rule the Web

Akamai's State of the Internet security report shows that SQL injection attacks make up more than two-thirds of application layer attacks against organizations.

Application Security

Encryption, Privacy in the Internet Trends Report

This is the single most important stat in venture capitalist Mary Meeker’s massive Internet Trends report: 87 percent of Web traffic is now encrypted. Oh, and use of secure messaging apps are on the rise.

Technology, Privacy, Security