Security news that informs and inspires

All Articles

901 articles:

CISA Issues Final Order on Federal Vulnerability Disclosure, But Questions Remain

Federal agencies must publish a vulnerability disclosure policy by March 1, per a new CISA directive, but there is no provision for maturity assessments or resources to build a bug handling process.

Government, Bug Bounty

UK Says Children’s Apps Must Have Built-in Privacy

New rules from the United Kingdom's Information Commissioner's took effect requiring office apps, social media platforms and online games specifically targeted at children to be designed with privacy in mind. Violators will be fined 4 percent of total revenue.

Privacy, Gdpr

Gartner Warns CEOs Will be Personally Liable for Breaches by 2024

By 2024, 75 percent of CEOs will be held personally responsible and accountable for cyber-physical security incidents, research firm Garner said.

Internet of Things, Data Breaches, Risk

Notarized Malware Slips Into Mac App Store

A piece of malware made its way into the macOS app store after being accidentally notarized by Apple, allowing it to run on victims' Macs.

Apple, Malware

Cisco Warns of Exploits Against IOS XR Flaws

Attackers are actively trying to exploit a memory exhaustion vulnerability (CVE-2020-3566) in Cisco's IOS XR royter software.

Vulnerability

Bug Allows Theft of Local Files Via Safari

An issue with the Safari Web Share API can allow an attacker to steal local files from a victim in some circumstances.

Apple

CISA Releases 5G Security Strategy

The United States Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has released the National Strategy to Secure 5G for securely deploying 5G networks in the United States.

Government

Medical Data Leaks Linked to Hardcoded Credentials in Code

Data of more than 150,000 to 200,000 patient were exposed in at least nine GitHub repositories—the result of improper access controls and hardcoded credentials in source code, according to a DataBreaches.net.

Data Breaches, Credentials, Access Controls

Serious DoS Bug Patched in BIND 9

A vulnerability in several versions of BIND 9 can allow an attacker to knock vulnerable name servers offline.

Bind

EU Delays GDPR Decision in Twitter Case

Irish privacy regulators are still working with other European Union data protection authorities to hammer out the final decision of its GDPR case against Twitter over a 2018 security incident.

Gdpr

GDPR Lawsuit Targets Oracle, Salesforce Use of AdTech Cookies

A consumer privacy campaign group, The Privacy Collective, has filed a lawsuit in Amsterdam against Salesforce and Oracle for allegedly violating the European Union’s General Data Protection Regulation over the companies' use of cookies and real-time bidding.

Gdpr

Researchers Develop Attacks Targeting End-to-End Encryption in Emails

A group of academic researchers have developed practical attacks targeting two widely used end-to-end encryption schemes for email, which could lead to man-in-the-middle decryption attacks and exfiltration of private keys.

Encryption, End to End Encryption

Cryptomining Botnet Steals AWS Credentials

TeamTNT, a crypto-mining botnet, is stealing Amazon Web Services credentials from infected Docker and Kubernetes servers.

Cryptomining

EmoCrash Exploit Helped Slow the Spread of Emotet for Months

The EmoCrash exploit took advantage of a flaw in the Emotet trojan's code to help defenders stop the malware for more than six months.

Emotet, Malware

Decipher Podcast: Jennifer Leggio

Dennis Fisher is joined by Jennifer Leggio, CMO of Claroty, to talk about her career path from journalist to executive and the challenges of learning the intricacies of security in OT environments.

Podcast