Security news that informs and inspires

All Articles

570 articles:

Persistent Cookies Can Prove Troublesome for AWS

A researcher found that some AWS authentication cookies remain valid for up to 12 hours even after a user has changed the password and logged out.

2FA, Cloud

Moody’s Says Regulation Would Benefit Gas Pipeline Operators

Credit rating agency Moody's weighed in on the security of natural gas pipeline operators, urging that mandatory cybersecurity standards would harden the sector against potential attacks.

Critical Infrastructure Security, Regulation

Deciphering Spy Game

Zoe Lindsey, Dennis Fisher and Pete Baker break down the espionage classic Spy Game.

Podcast

Privacy Group Asks FTC to Investigate Zoom

EPIC, a privacy rights organization, has filed a complaint asking the FTC to look into Zoom's actions after the disclosure of several vulnerabilities in its Mac client.

Privacy

Mayors Pledge No More Ransom Payments

The United States Conference of Mayors unanimously agreed to not pay any more ransoms following ransomware attacks against municipal networks.

Ransomware, Data Breaches, Disaster Recovery, Backup and Restore

Apple Removes Zoom Web Server From Macs

Zoom executives promise to improve their security response process as Apple pushes a silent update to remove the Zoom web server from Macs.

Apple, Vulnerability

GDPR Impact Lies in Big Fines, Process Changes

While European regulators are showing they are serious about the new privacy and data security regulations as they slap hefty fines against Marriott and British Airways for not properly safeguarding consumer data, fines aren’t the only way GDPR has changed how organizations view online privacy and data security.

Data Privacy, Regulation, General Data Protection Regulation

Zoom Bug Allowed Access to Mac Webcam

A vulnerability in the Zoom client for Macs allowed an attacker to force a victim join a meeting with video enabled.

Vulnerability

iMessage Flaw Can Brick iPhones

A bug in iOS can allow an attacker to brick an iPhone by sending one malicious iMessage.

Ios, Apple

US Cyber Command Warns of Targeted Attacks On Old Outlook Flaw

Attackers are exploiting a Microsoft Outlook flaw from 2017 in targeted attacks.

Malware

Researchers Uncover Long-Term Facebook Malware Campaign

A malware campaign that used dozens of fake Facebook profiles and target Libyans has been uncovered and dismantled.

Facebook

OpenPGP Certificate Attack Worries Experts

A certificate flooding attack on OpenPGP keyservers is causing problems and raising questions about the system's resilience.

Encryption

No Public BlueKeep Exploit Yet, But Clock is Ticking

A public exploit for BlueKeep has not yet been released, but a number of researchers have developed proofs-of-concept exploiting the Remote Desktop Protocol (RDP) vulnerability. Time may be running out for organizations that have still not applied Microsoft's patch.

Patching, Microsoft, Malware, Windows

Return of the Mack: Exploit Kits Back on the Scene

Recent campaigns using the GreenFlash Sundown and Spelevo exploit kits have served as reminders that these kits are still active and dangerous, despite a dip in usage recently.

Exploit Kits

Google Cloud Takes Chronicle, Future of VirusTotal Murky

Google is bringing Chronicle back home and will integrate the enterprise security startup into its Google Cloud security portfolio. Whether VirusTotal will remain as a stand-alone service is currently unknown.

Google, Enterprise Security