SEARCH
All Articles
Facebook Stops Asking for Email Passwords
In a bizarre series of events, Facebook decided to ask some users to provide the passwords to their email accounts when signing up for new Facebook accounts. When asked, the company agreed to stop.
U.S.-Based Malware Hosting Setup Possibly Tied to Necurs Botnet
Bromium researchers have been tracking a phishing and malware campaign, possibly linked to the Necurs botnet, that uses infrastructure in the U.S.
Cloudflare Warp VPN Aims to Bring Security to Mobile Connections
Cloudflare is rolling out a new mobile VPN service called Warp that's built on top of its 1.1.1.1 DNS resolver.
Some Data Breach Victims Don’t Hear From the FBI Right Away
Many organizations are unaware of the intrusion in their networks until the FBI comes calling. An Inspector General audit found that poor record keeping means some organizations don't hear from the FBI, or hear too late to do anything about it.
Critical Magento Flaw Puts Commerce Sites at Risk
A SQL injection flaw in the Magento platform could open up many commerce sites to attack.
Microsoft Got 99 Domains Used to Phish Someone
Microsoft has taken over 99 domains used by the Phosphorus attack group, which has ties to the Iranian government.
Researchers Still Unraveling LockerGoga Ransomware
Researchers are still trying to figure out how LockerGoga infects its targets, and what the group behind this damaging ransomware variant really wants. Can't be just money.
FTC Questions Broadband Providers on Data Collection and Privacy Policies
The FTC sent letters to the major U.S. broadband providers asking for information on exactly what customer data they collect and how they handle it.
Utah Privacy Law Protects Data From Government
Absent any move on the federal level for a consumer data privacy law, states have passed their own laws. Utah is about to have a law that would require government to have a warrant to get any consumer data stored by third-party providers.
iOS 12.2 Fixes Serious SMS, Kernel Flaws
In iOS 12.2 Apple has patched many serious flaws, including an SMS bug that allows code execution with one click.
Q&A: Joe FitzPatrick
Hardware security researcher Joe FitzPatrick explains how non-experts should assess claims of hardware implants and backdoors.
Decipher Podcast: Joe FitzPatrick
Dennis Fisher speaks with hardware security researcher Joe FitzPatrick about finding and verifying hardware implants.
DHS Warns Implanted Medical Devices Can Be Modified Wirelessly
The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency warned in an advisory that cardio defibrillators from medical device company Medtronic can be modified while still implanted in patients. Without access control, the defibs can't differentiate between authorized and unauthorized instructions.
Into the Pandora’s Box of Hardware Implants
Joe FitzPatrick, one of the small number of hardware security experts, says security teams and operators need to ask hard questions when they see claims of malicious hardware implants.
Scanning for Active IPv6 Hosts With UPnP
Security researchers and enterprise defenders have many Internet-wide scanning tools at their disposal. Researchers at Cisco Talos have developed a way to scan for hosts with IPv6 addresses using the UPnP protocol.