SEARCH
All Articles
EmoCrash Exploit Helped Slow the Spread of Emotet for Months
The EmoCrash exploit took advantage of a flaw in the Emotet trojan's code to help defenders stop the malware for more than six months.
Cryptomining Botnet Steals AWS Credentials
TeamTNT, a crypto-mining botnet, is stealing Amazon Web Services credentials from infected Docker and Kubernetes servers.
Apache Warns of Serious Flaw in Struts
A vulnerability in Apache Struts (CVE-2019-0230) can lead to remote code execution in some circumstances.
Decipher Podcast: Jennifer Leggio
Dennis Fisher is joined by Jennifer Leggio, CMO of Claroty, to talk about her career path from journalist to executive and the challenges of learning the intricacies of security in OT environments.
NSA and FBI Detail Russian Use of Drovorub Linux Malware
The NSA and FBI have exposed a previously unknown malware tool called Drovorub that the agencies say has been deployed by APT28.
US and EU May Try for Another Privacy Shield
The United States is trying to hammer out another data transfer agreement with the European Union after the EU Court of Justice struck down the EU-US Privacy Shield framework last month for “inadequate” privacy protections.
Microsoft Patches Zero Days Used in Targeted Attacks
Microsoft on Tuesday patched flaws in Internet Explorer an Windows that have been used in active attacks.
Amazon Fixes Five Flaws in AWS Encryption Client
Amazon has patched five vulnerabilities in its AWS Encryption Client, including a CBC padding oracle flaw.
Google Rolls Out SameSite Cookie Changes to Chrome
Google has finished its rollout of the changes to the SameSite cookie in its Chrome web browser. Site owners need to explicitly label third-party cookies with `SameSite=None; Secure` in order to use them on other sites.
Facebook Releases Static Code Analysis Tool for Python
Facebook has open-sourced Python Static Analyzer, an internally-developed static code analyzer for finding and fixing flaws in Python code. Pysa analyzes how data flows through the application to identify security issues that result when data winds up in an area of the application is shouldn't be able to reach.
Decipher Podcast: Robert Hansen
Dennis Fisher is joined by Robert Hansen, CTO of Bit Discovery, to talk about finding forgotten network assets, breaking things, and building a business.
When Going in Reverse Moves You Forward
Reverse engineering to find the root cause of vulnerabilities can be a frustrating task, but even the analyses that go wrong can produce lessons and new skills.
Decipher Podcast: Black Hat 2020
Dennis Fisher is joined by Brian Donohue, Chris Brook, and Mike Mimoso to discuss the experience of watching the Black Hat talks online this year and what progress the industry has made in keeping people secure.
Hacking Medical Devices to Hijack Secure Facilities
Security researchers have demonstrated in the past how implanted medical devices such as insulin pumps and pacemakers can be compromised. A team from Virginia Polytechnic Institute and State University investigated how these devices could be used to compromise secure facilities used to work on classified information.
The DoH Continues to Rise
Adoption of DNS over HTTPS (DoH) continues to rise, but so do concerns about network visibility and centralization of DNS services.