Security news that informs and inspires

All Articles

2327 articles:

Google Data Shows Tiny Fraction of Android Devices Run Malicious Apps

A new transparency report on Android security shows that far less than one percent of all devices have a potentially harmful app running on them.

Android

U.S. Cyber Command is Making Foreign Malware Tools Public

A group within the U.S. Cyber Command is now contributing malware samples to VirusTotal, part of a broader strategy to put pressure on foreign adversaries.

Government

Google Expands Automated OSS-Fuzz Program

Google's OSS-Fuzz open source fuzzing project has identified more than 9,000 bugs in less than two years and is now expanding.

Google

NIST Looking at AI to Calculate Bug Severity

IBM has been touting the potential of using Watson to help security analysts analyze large volumes of security data and make security decisions. The National Institutes of Standards and Technology may be considering using AI to help determine the severity of software vulnerabilities.

Nist, Vulnerability

Apache Warns of Critical Flaw in Struts 2 Framework

There is a serious flaw in the file upload component in the Struts 2.3.x framework that can lead to remote code execution on vulnerable apps.

Apache

Crypto Implementation Flaws Found in Popular Solid-State Drives

Researchers at Radboud University have uncovered a number of serious weaknesses in self-encrypting solid-state drives.

Encryption

New Bluetooth Bugs Let Attackers Take Over Wi-Fi Networks

The likelihood of a successful attack using a pair of vulnerabilities in some wireless access points with Bluetooth Low Energy chips against an enterprise network is currently low, but the fact that such an attack can bypass network segmentation is worrying.

Hardware, Bluetooth Security

Wyden Proposes Severe Fines, Jail Time for Corporate Privacy Violations

Sen. Ron Wyden is circulating a draft of a bill that would punish corporate privacy violations with massive fines and potential jail time for executives.

Privacy

Google Boosts Account Security

Google has added some new protections designed to help users detect or recover from account compromises.

Google

Pay or Not Pay a Ransom? It’s Not That Simple

What does dumping toxic waste in the the Chicago River and paying cyber extortionist have in common? Quite a lot, actually. Risk management expert Tony Martin-Vegue looks at the factors that drive the decision to pay or not pay the ransom after an attack.

Ransomware

Netflix Releases Stethoscope Desktop App to Check Device Health

Netflix has released a desktop version of its open source Stethoscope security health check tool, which provides detailed information on how to fix security issues on a device.

Open Source

Straight Talk with Real CISOs: Security Politics

In this Straight Talk with Real CISOs video for Decipher, Wendy Nather (director of Advisory CISOs at Duo), Chad Loder (CEO and co-founder of Habitu8), and Manju Mude ("Paranoid" Security Leader at Oath) discuss how CISOs have to establish relationships within their organization to be able to

CISO

Google reCAPTCHA v3 Finds Bots With No User Interaction

Google's new reCAPTCHA v3 system uses a risk analysis system to build a score of how suspicious a user's traffic is.

Google

Cryptomining Malware Targets Poorly Configured Docker Instances

A wave of attacks is using exposed Docker APIs to install cryptomining malware on compromised hosts.

Malware

FDA Wants to See a Bill of Materials for Medical Devices

The Food and Drug Administration outlines what manufacturers have to do to develop secure medical devices on the draft of its premarket guidance. The FDA laid out recommendations on what information to provide when submitting the devices for premarket approval.

Government, Medical Devices, Iot Security, Iot Vulnerabilities