Security news that informs and inspires

All Articles

2322 articles:

Tackling Twitter Bots With Biometrics

Twitter CEO Jack Dorsey said using biometrics on mobile devices could help weed out some of the bots on the platform.

Twitter, Authentication

Flaw in APT Utility Allows Malicious Package Installation

A vulnerability in the APT package manager in Debian and Ubuntu allows an attacker to install malicious packages in some circumstances.

Linux

France CNIL Fines Google, Forced Consent Violates GDPR

GDPR told companies that regulators would be reviewing their data collection and usage practices, and if they don't like what they find, the fines are coming. France is taking the first step against Google.

GDPR, Privacy

Criminals Stole SEC Filings in Insider Trading Scheme

The Securities and Exchange Commission’s civil complaint outlining the details of an international insider trading scheme is an object lesson in how cybercriminals can monetize _any_ information, not just customer records or intellectual property.

Data Breaches, Finance Security, Insiders

When Privacy Goes to Washington

A new bill by Sen. Marco Rubio and a push for regulation of data brokers by Apple's Tim Cook has put privacy up front during the government shutdown.

Privacy, Apple, Government

Decipher Podcast: Nate Cardozo

Dennis Fisher talks with Nate Cardozo of the EFF about the UK's proposal to add an invisible third party to encrypted communications.

Podcast

Magecart Targets Advertising Supply Chain in New Attack

Magecart Group 12 was able to compromise a French online advertising provider to spread a skimmer to hundreds of victim sites.

Cybercrime, Magecart

Decades-Old Flaws Found in SCP Clients

Several SCP clients, including OpenSSH, are vulnerable to a set of bugs that can allow an attacker to download arbitrary files.

Vulnerability

Researchers Uncover Serious Flaws in Access Management System

Tenable Security researchers have found a series of flaws in the PremiSys access management system that can allow admin access to the application.

Vulnerabilities

The Unholy Alliance of Emotet, TrickBot and the Ryuk Ransomware

Researchers have been tracking a group using the Emotet and TrickBot malware to install the Ryuk ransomware in enterprises.

Ransomware

Decipher Podcast: Stefan Tanase

Dennis Fisher talks with Stefan Tanase about the creeping problem of Internet Balkanization.

Podcast

Bringing Security to USB Type-C, or More Limitations?

The USB Type-C Authentication Program will attempt to address the very real dangers of USB-based attacks, such as USB devices loaded with malicious payloads to compromise the host system and counterfeit cables that can deliver too much (or too little!) power and damage the system.

Hardware

Yubico Adds NFC-Enabled and Lightning Security Keys

Yubico is bringing hardware-based 2FA to mobile devices with two new security keys, including one that has NFC support.

2fa

Phishing Frameworks and Toolkits Continue to Mature

New tools such as Modlishka and frameworks such as Gophish enable organizations to test their awareness and resilience to phishing campaigns.

Phishing, 2fa

BlackBerry Turns Focus to IoT Security

BlackBerry is offering a new set of services for IoT manufacturers to help them build more secure devices.

Iot Security