Security news that informs and inspires

All Articles

658 articles:

US Government Has Stopped Warrantless Collection of Phone Data

The Office of the Director of National Intelligence confirmed that the government has stopped collecting phone location data using Section 215 of the Patriot Act.

Privacy, Government

New Variant of ZombieLoad Bypasses Intel Mitigations

Security researchers at Graz University of Technology in Austria discovered the fixes for the ZombieLoad speculative execution attacks on Intel processors were not completely effective. The researchers have disclosed a new variant that works on Intel processors that have hardware mitigations in place.

Hardware, Intel

Firms Increasingly Affected by Breaches at Other Organizations

The world is more interconnected than ever, and that network of dependencies means when an organization experiences a security incident, so do other downstream organizations in the supply chain, Cyentia Insitute said in its latest analysis.

Supply Chain, Risk Management

Decipher Podcast: Chris Wysopal

Chris Wysopal of Veracode joins Dennis Fisher to dive into the company's new State of Software Security report.

L0pht, Podcast

TLS Delegated Credentials to Protect Private Keys on Web Servers

Mozilla, Firefox, and Cloudflare team up to tackle a specific TLS security problem: what to do in CDN and large web deployments where the private key has to be installed on every web server. Delegated credentials are short-lived TLS private keys that are generated by the web server.

TLS, SSL

Macs Storing Copies of Encrypted Messages from Apple Mail

The Apple Mail app on the most recent Macs appear to be storing copies of encrypted emails in plaintext, an Apple IT specialist found. There is a way to turn this off, temporarily.

MacOS, Apple

Microsoft Warns of Possible Further BlueKeep Exploits

BlueKeep exploits have been seen installing a cryptominer, but Microsoft is warning customers that more damaging attacks could be coming.

Microsoft

The Future is Encrypted

The move by Google and Mozilla to implement DNS over HTTPS in their browsers is drawing fire from ISPs, which rely on DNS visibility to gather user data.

Privacy

Online Privacy Act Would Create Federal Privacy Agency

A new privacy bill in the House of Representatives would create a new Digital Privacy Agency and punish companies for data misuse.

Privacy

Google Unveils OpenTitan Secure Chip Project

The OpenTitan chip project launched by Google and several partners will produce open-source designs for secure root of trust hardware.

Google, Hardware

Nikkei Hit By BEC Scam As Payments Get Larger

Japanese media conglomerate Nikkei is the latest victim of BEC scams, as companies continue to fall for this form of fraud.

Social Engineering, Phishing

DHS Warns of New North Korean Government Malware Hoplight

The DHS and FBI say North Korean-backed attackers are using a powerful new piece of malware known as Hoplight to infiltrate target machines.

Malware

Supply Chain Security Requires Knowing Who to Avoid

There are many ways to share threat indicators and vulnerability details, but no good way to share concerns about untrustworthy suppliers and vendors in the supply chain. That needs to change.

Supply Chain

WhatsApp Suit Against NSO Group Marks Beginning of an Era

The WhatsApp lawsuit against NSO Group may be a turning point in the way technology companies deal with surveillance vendors.

Privacy

Fancy Bear Attackers Target Anti-Doping and Sports Groups

The Russian attack group known as fancy Bear has been targeting anti-doping and sports organizations in advance of the 2020 Summer Olympics.

Microsoft, APT