SEARCH
All Articles
Senators Propose Cybersecurity Coordinators for Every State
A bipartisan group of Senators are interested in establishing a cybersecurity leader for each state in order to increase the states' abilities to respond to cyberattacks.
New Tool Detects Indicators of Compromise for Citrix Systems
Citrix and FireEye Mandiant have released a scanner that can detect some indicators of compromise related to the CVE-2019-19781 vulnerability.
Unpatched IE Vulnerability Under Active Attack
A new Internet Explorer vulnerability (CVE-2020-0674) is being used in targeted attacks and Microsoft does not have a patch available right now.
Ransomware Attacks Factory Honeypot
The latest investigation by Trend Micro Research observed multiple instances of fraud and ransomware attacks on networks with industrial control systems. For these organizations, sophisticated malware like Stuxnet and Triton aren't their biggest headaches.
Decipher Podcast: Kenn White on the Windows Crypto Bug
Kenn White joins Dennis Fisher to discuss the details of the CVE-2020-0601 Windows crypto vulnerability that the NSA disclosed to Microsoft.
Kubernetes Launches Bug Bounty
Kubernetes has launched a public bug bounty program with support from Google.
Citrix ADC Exploits Appear With No Patch Available Yet
Exploits for the CVE-2019-19781 Citrix ADC vulnerability are available on GitHub while patches are still a week away.
Microsoft Patches Flaw in Windows Cryptography Component
Microsoft fixed a vulnerability in a cryptography component used by Windows 10 and Windows Server. If exploited, attackers would be able to pass off malicious software as legitimate, thus undermining digital trust.
Industry Groups Don’t Like Commerce Department’s Supply Chain Security Rules
Multiple business groups have pushed back on the Department of Commerce's proposed supply chain rules on information and communications technology supply chain security due to vague language and undefined scope.
‘We Can’t Be Complacent’ About the Crypto Debate
The encryption debate is as old as the Internet, and Jennifer Granick warns that giving ground now could have serious long-term effects.
Microsoft Mines Events Logs for RDP Brute-Force Attacks
Microsoft looked at Windows Events Log to understand what RDP brute-force attacks looked like in the enterprise, and found that attackers frequently space out the login attempts over several days to avoid detection.
Mozilla Patches Firefox Zero Day Under Active Attack
Mozilla has released an emergency fix for a vulnerability in Firefox that attackers are actively exploiting.
Lawmakers Ask FCC to Do Something About SIM Swapping
Criminals can bypass two-factor authentication and hijack user accounts by simply convincing a mobile carrier to swap SIM cards for a phone number. A group of Senators and Representatives are asking the FCC to protect consumers from these kinds of scams.
MITRE Adds ICS-Specific Techniques to ATT&CK Framework
MITRE adds information about threat groups, malware, and techniques used by adversaries in attacks against industrial control systems in its ATT&CK framework.
SHA-1 ‘Fully and Practically Broken’ By New Collision
A chosen prefix collision in SHA-1 has demonstrated a new issue with the venerable hash function developed by the NSA.