All Articles

Browse by Category:

Browse by Tag:

Government Podcast Privacy Microsoft Malware Ransomware Vulnerability Data Breaches Google Encryption Apple Phishing 2fa Hardware Iot Security Apt Android Ciso Supply Chain Cybercrime Cloud Solarwinds Hacker Movies Internet Black Hat Facebook Labs Research Botnet Cisa Linux Patching Government Agencies Vulnerabilities Log4j Windows Patch Vpn Software Security Apache Open Source Legislation Bug Bounty Networking Gdpr Critical Infrastructure Security Mobile Mozilla Magecart Disinformation Vmware

2327 articles:

Decipher Podcast: Joseph Menn

Joseph Menn, author of a new book on the Cult of the Dead Cow hacking group, joins Dennis Fisher to discuss the group, its influence, and why he thinks the cDc has survived so long.

Podcast

New York Considers Its Own GDPR-Style Data Law

New York’s lawmakers are on the brink of passing a data security law that will give New Yorkers more information about how their data is being used and when it has been compromised.

Government, Data Breach Notification

GitHub Brings Automated Fixes With Dependabot

GitHub rolled out several new features designed to help developers write secure code at its recent GitHub Satellite conference last week in Berlin.

Software Security, Appsec, Microsoft

Researcher Finds Mac Gatekeeper Bypass

The OS X Gatekeeper security system can be bypassed with a new technique developed by researcher Filippo Cavallarin.

Apple

Docker Bug Allows Root Access to Host File System

A vulnerability in all versions of the Docker platform can give an attacker full read and write access to the host file system.

Docker

New Bills Would Require Warrants for Border Device Searches

Bills in the House and Senate would prevent warrantless searches of Americans' devices at the border.

Privacy, Government

Do Not Track Act Would Give Users More Power

The Do Not Track Act introduced by Sen. Josh Hawley would establish a single, enforceable mechanism for people to prevent data collection and online tracking.

Privacy

Moody’s Revises Equifax Outlook Post-Breach

Data breaches can be costly, both in terms of recovery, lost productivity, and regulatory fines. Moody’s revising its outlook on Equifax proves a breach breach can be detrimental to the company’s financial future.

Data Breaches, Risk

Attackers Are Signing Malware With Valid Certificates

There used to be a time when malware signed with a legitimate certificate was the mark of a sophisticated, nation-state-backed attacker. Now anyone can have signed malware.

Malware, Certificate Authority

Google Stored Some G Suite Passwords in Plain Text

Some Google G Suite customers' passwords were stored in plain text on the company's network since 2005.

Google

Firefox Now Blocks Cryptominers and Fingerprinters

In Firefox 67, Mozilla has moved to block cryptominers and browser fingerprinters, which track users across the web.

Privacy

Security Basics Prove Highly Effective at Stopping Account Takeovers

New Google research on account takeovers found that basic account hygiene can defeat the vast majority of attacks.

Social Engineering, 2fa

Stack Overflow Updates Breach Advisory With More Details

Kudos to Stack Overflow, for promptly notifying users as soon as it identified a breach and posting an update with more details as it learns them.

Data Breaches, Incident Response

Code Repository Companies Pledge to Share Attack Data

Atlassian, GitHub, and GitLab pledged to continue the information sharing relationship they started while investigating the origins of the recent ransomware incident which affected BitBucket, GitHub, and GitLab users.

Data Breaches, Information Sharing

Attackers Are Hiding By Tampering With Encrypted Web Traffic

Attackers are increasing their use of "cipher stunting," a technique that randomizes their SSL/TLS signatures, to obscure the malicious web traffic and make it harder to detect.

TLS, Bot