Security news that informs and inspires

All Articles

2324 articles:

Decipher Podcast: Yonathan Klijnsma

Yonathan Klijnsma of RiskIQ has been researching the Magecart skimming group for several years and speaks with Dennis Fisher about Group 4's tactics and targets.

Podcast, Magecart

Huawei and the 5G Conundrum

The U.S. and Chinese company Huawei have been butting heads over the upcoming 5G rollouts, with the U.S. citing national security concerns. However, banning Huawei equipment could have an impact on when 5G will be available in certain parts of the world.

5g, Networking

Privacy, Policy, and the Illusion of Control

Congress seems intent on passing federal data privacy legislation, but simply giving consumers more control won't be enough.

Privacy

Deciphering Sneakers

Sneakers isn't just one of the best hacker movies of all time, it's a spiritual successor to WarGames and one of the most entertaining movies ever. Full stop.

Podcast, Hacker Movies

ICANN Warns of ‘Ongoing and Significant’ Threat to DNS

A series of DNS-hijacking campaigns against government agencies and other organizations has led ICANN to call for full deployment of DNSSEC and other protective measures.

DNS Security

A Traveler’s Guide to OPSEC

Traveling can be a lot of fun, but it can also present myriad challenges when it comes to keeping your information and devices secure. A few simple steps and a little advance planning can go a long way to increasing your operational security.

OPSEC, Rsac2019

BIND 9 Contains Serious Memory Leak

Some versions of BIND 9 contain a severe memory leak that can exhaust the memory resources on a vulnerable server.

BIND

19-Year-Old Bug Haunts WinRAR

A bug that can grant arbitrary code execution has been lurking in the WinRAR compression utility since 2000.

Vulnerabilities

Brushaloader Threat Evolves and Adapts Quickly

The Brushaloader malware threat, which often loads the Danabot banking trojan, is expanding its target base and refining its tactics.

Malware

Attackers Move Quickly, Defenders Need to Keep Up

Enterprise defenders have a very narrow window of opportunity to detect a compromise before attackers spread out through the network and cause more damage. For nation-state attackers, that breakout time is a handful of hours.

Hacking, Data Breaches

Crafting Policies With Panache

There are obvious differences between government policy and organizational policy, but when it comes to crafting information security policies, there are several elements that apply to both sides. Here are some of them.

CISO, Security Policy

Software Alone Can’t Fix Spectre-Class Flaws

Speculative execution enhanced microprocessor performance, but also made them more susceptible to side-channel attacks. The final fix won’t be via software updates.

Hardware, Spectre

Brutal Hacks Teach Hard Disaster Recovery Lessons

The hack of VFEmail, a hosted email provider, can be a reminder of how disaster recovery planning can be a life saver.

Disaster Recovery

Google Rejecting More Harmful, Suspicious Apps From Play Store

Google has increased the number of apps rejected from the Play Store by 55 percent, thanks to new policies and technology to identify potentially harmful apps.

Google, Android

Government Shutdown Highlights Importance of Planning Ahead

Parts of the government is still spinning back up after spending 35 days offline as part of the recent partial government shutdown. For security teams with long to-do lists, that's a lot of time they need to regain.

Government, Incident Response