Security news that informs and inspires

All Articles

722 articles:

Cisco Fixes CDP Flaws in Routers, Switches

Cisco has patched five serious vulnerabilities that affect routers, switches, and IP phones and cameras with the Cisco Discovery Protocol enabled.

Cisco

Web Shell Attacks Continue to Cause Problems

Web shell attacks have been on the rise in recent months, as many APT groups employ them against enterprises.

Microsoft

Sudo Flaw Grants Root Privileges

A flaw in the sudo utility could allow a local user to gain root privileges if the pwfeedback option is enabled.

Linux

Maybe FCC Will Punish Mobile Carriers That Sold Location Data

While FCC chairman Ajit Pai said at least one wireless carrier sold location data in violation of federal law, it is far from clear whether the offending entity will face any penalties.

Government, Privacy, Geolocation

Make It Harder to Phish One-Time Passcodes Sent Over SMS

A proposal that would standardize the format of SMS messages being used in two-factor authentication schemes has a simple goal: make users relying on those one-time passcodes less susceptible to phishing attacks.

SMS, Sms 2fa, 2 Factor Authentication, 2FA, Browser Security, Phishing

For Whom the Bill Tolls: Encryption

A proposed bill by Sen. Lindsey Graham to prevent online child exploitation imagery could have a disastrous effect on end-to-end encryption.

Government, Encryption

Enterprise Laptops Still Vulnerable to Memory Attacks

Attackers can exploit vulnerabilities in how laptops use memory to force the machine to execute unauthorized code while it is booting up, giving them unauthorized privileges and access to information, researchers said.

Hardware

The Growing Overlap of Disinformation and Security

Disinformation campaigns and cyber operations are intersecting more and more often, as actors become more sophisticated in their use of both tactics in their operations.

Disinformation

Mozilla, Google Crack Down on Malicious Browser Extensions

Google and Mozilla over the past few weeks have taken steps to remove problematic extensions and add-ons that steal user data and execute remote code.

Browser Security

New CacheOut Attack Impacts Latest Intel Chips

Researchers have identified yet another speculative execution attack method against Intel processors.

Hardware, Intel, Spectre

Better Privacy Through Collaboration

Improving online privacy for users will require a mix of technical, legislative, and regulatory approaches.

Privacy

Interpol Arrests Possible Magecart Attackers in Indonesia

Three people arrested in Indonesia for using web skimmers to steal payment card details from websites may be linked to one of the groups operating under the Magecart umbrella.

Magecart

Experts Worry Crypto War Two May Go the Other Way

If the US government moves to weaken strong encryption, it could have severe consequences for users around the world, experts say.

Encryption, Privacy

Citrix Releases Patches for ADC Flaw

Citrix has released patches for the CVE-2019-19781 vulnerability in its ADC and Gateway appliances.

Citrix

Emotet Sets Sights on Military and Government Targets

A recent Emotet malware campaign is homing in on victims in the military and government sectors.

Emotet, Malware