Security news that informs and inspires

All Articles

2258 articles:

Microsoft Targets Fancy Bear Hacking Group

Microsoft has taken over six domains associated with a Russian-backed hacking group known to have targeted U.S. political campaigns and candidates.

Microsoft

How Android P Upgrades User and Device Security

Security in Android P is significantly different than in previous versions, as Google has added many new defensive measures.

Android, Google

NIST Act to Improve SMB Security Becomes Law

Under the newly minted law NIST Small Business Cybersecurity Act, NIST will have a year to release guidance and resources to help small businesses improve their security posture.

Legislation, Government

Clarity Needed Over New Rules on Use of Cyber Weapons

The White House has rescinded the directive that restricted how United States could respond to online attacks. Will this act as deterrence or escalate breaches and attacks into armed conflict?

Government

What IT Needs to Know About Foreshadow

Foreshadow/L1TF refer to a group of vulnerabilities that can be exploited in modern Intel chips using speculative execution attacks to bypass security protections and harvest sensitive information.

Vulnerability, Hardware, Spectre

Microsoft Fixed Multi-factor Authentication Bypass Flaw

The flaw in Microsoft's Active Directory Federation Services lets an attacker use the same second factor to bypass multi-factor authentication for any account running on the same service. Microsoft has patched the flaw.

Microsoft, 2fa, MFA

More Details on Google’s Shielded VMs

Google’s new Shielded VMs help enterprises protect their Google Cloud workloads from attacks against the hardware and firmware.

Google, Virtualization, Cloud

Trailblazer Hunts Credential Abuse in AWS

A particularly vexing challenge in authentication is finding cases where credentials have been compromised or when login attempts are not legitimate. Netflix has open-sourced an internal tool called Trailblazer that uses AWS CloudTrail to help tackle this challenge in a scalable way.

Cloud, AWS

Facebook Hands Out Research Grants for Defensive Technologies

Facebook has given academic researchers more than $800,000 to pursue proposals for new defensive techniques.

Facebook

The Mafia Doesn’t Control Cybercrime

Just because cybercriminals are organized doesn’t mean they are part of organized crime such as the Mafia, an Oxford University researcher said at Black Hat.

Black Hat, Cybercrime

‘Everyone Who Cares About User Security Needs to Collaborate’

As the world's dependence on technology continues to increase, the need for collaboration on defensive projects is becoming more acute, as well.

Security, Black Hat

Decipher Podcast: Black Hat Preview

Decipher editors Dennis Fisher and Fahmida Rashid preview this year's Black Hat USA conference in the first episode of the podcast.

Podcast

Facebook Open Sources Fizz For TLS 1.3 Deployments

TLS 1.3 has been approved, and Facebook has open sourced Fizz, a TLS 1.3 library, to help developers and server operators deploy TLS 1.3 for their mobile apps, services, and appliances such as load balancers

Facebook, TLS

New Tool Enables Detection of Twitter Bots at Scale

Two researchers have developed a model that can detect bot accounts on Twitter at a massive scale and with a high degree of accuracy.

Twitter, Black Hat

Dennis Has Some Questions About…Passwords

People love to hate passwords and most of us aren't very good at creating and remembering them. But we still need them so here's how to create strong passwords.