Security news that informs and inspires

All Articles

2234 articles:

Sea Turtle Attackers Play Shell Game With DNS

A group of attackers has been running a DNS hijacking campaign known as Sea Turtle that targets energy, intelligence, and military organizations.

DNS Security

Microsoft Drafts Security Configuration Framework for Windows 10

Security professionals struggling with securely configuring Windows 10 devices can look at Microsoft's new security configuration framework.

Microsoft, Windows 10 Security

Single Actor Behind Recent WordPress Plugin Attacks

Wordfence researchers are "confident" the same actor is responsible for a wave of attacks that have hit thousands of WordPress sites over the past month by targeting vulnerabilities in WordPress plugins.

Wordpress, Website Security

Google Adds Better Transport Security for Gmail

Google has turned on support for the MTA-STS security standard in Gmail, providing better transport security for domain owners.

Google, Gmail Security

Scary Hardware Attacks Aren’t The Biggest Risks

Supply chain attacks are scary, but there are plenty of other hardware-based issues organizations should be worrying about before they have to panic about the complex malicious implants in their servers.

Hardware, China

Mirai Malware Expands Reach to New Processors

Researchers have uncovered a new version of the Mirai malware that targets several different processor architectures, including OpenRISC.


Mozambique’s Scheme to End SIM Swap Fraud

Mobile payments are very popular in African companies and SIM card fraud is a massive problem. At the Kaspersky Security Analyst Summit, CERT Mozambique discussed how the banks and mobile operators worked together to ensure thieves didn't loot customer accounts just by stealing phone number.

Fraud, Mobile Security, 2fa, Finance Security

Amazon Increases Security For CloudFront Domains

Amazon CloudFront now requires domain owners to have an SSL certificate for alternate domain names to help prove ownership.


Chamois: The Big Botnet You Didn’t Hear About

The Android security team was busy battling the Chamois malware family on Google Play starting in 2016. Android security engineer Maddie Stone outlined the steps Google has taken to reduce the number of devices infected with this technically complex malware.

Android, Botnet, Google, Fraud

Marketplace Sells Digital Fingerprints for Credit Card Fraud

Criminals can buy digital fingerprints such as user behavior, cookies, and device information on the Genesis marketplace to fool banks' anti-fraud systems and conduct credit card fraud.

Fraud, Identity Theft, Cybercrime

Decipher Podcast: Patrick Wardle

Mac security researcher Patrick Wardle joins Dennis Fisher to discuss his research and Mac malware.


Apache Patches Serious Privilege Escalation Flaw

Apache has fixed a root privilege escalation vulnerability in its popular web server software, which runs on millions of servers.


Criminals Sell Stolen Data on Social Media

There's no need to go to underground forums and criminal marketplaces to trade crimeware tools and buy/sell stolen information when it's all on social media, such as Facebook.

Phishing, Crimeware, Facebook

Facebook Stops Asking for Email Passwords

In a bizarre series of events, Facebook decided to ask some users to provide the passwords to their email accounts when signing up for new Facebook accounts. When asked, the company agreed to stop.

Facebook, Passwords

U.S.-Based Malware Hosting Setup Possibly Tied to Necurs Botnet

Bromium researchers have been tracking a phishing and malware campaign, possibly linked to the Necurs botnet, that uses infrastructure in the U.S.