SEARCH
All Articles
The Hidden Joys of Security Through Obscurity
Security through obscurity isn't always a bad thing, at least in the esoteric world of ICS security.
Decipher Podcast: Wendy Nather
Wendy Nather, head of advisory CISOs at Duo, joins Dennis Fisher to discuss her RSA keynote speech on democratizing security and making security more usable and collaborative.
‘Building Side Doors Is Not Going to Help’
Encryption back doors will make matters worse, not better, crypto pioneers say.
Review Finds Downgrade Attack in Solokey Firmware
A review of the SoloKey firmware found a serious downgrade attack flaw, which an attacker could use to install an older, vulnerable version. The bug has been fixed.
Decipher Podcast: Rick Altherr
Rick Altherr of Eclypsium joins Dennis Fisher to talk about the company's new research on unsigned device firmware.
Changes in Kernel Code Created New Security Bugs in Android Devices
Code changes intended to prevent attacks can wind up creating even more security issus, Google Project Zero warned.
Ransomware Attack Hit Gas Pipeline Facility
A gas compression facility was the victim of a ransomware attack that took its operations offline for two days and required replacement equipment.
OpenSSH Adds Support for U2F Hardware Keys
OpenSSH has added support for hardware security keys that implement the U2F standard.
Microsoft Pulls Buggy UEFI Security Update
Microsoft has removed the Windows security update addressing issues with third-party boot managers after users complained the updates caused their systems to stop working.
Senate Bill Would Create Data Protection Agency
Sen. Kirsten Gillibrand has introduced a new bill that would establish a federal Data Protection Agency with privacy oversight.
Sale of Corp.com Can Expose Corporate Data
Depending on who winds up buying corp.com, administrators with Active Directory in their networks may wind up with sensitive information unexpectedly leaving the network. Now is the time to check the configuration to make sure they are not using the domain internally.
Extensive Fraud Network Found Using Malicious Chrome Extensions
A long-running ad fraud campaign that was using more than 500 malicious Google Chrome extensions has been identified and halted by researchers.
Decipher Podcast: Riana Pfefferkorn
Riana Pfefferkorn of the Center for Internet and Society at Stanford University joins Dennis Fisher to discuss encryption, privacy, and the draft of the EARN IT Act.
FBI Says BEC Scam Losses Dwarf Ransomware
The FBI IC3 Internet Crime Report shows more than $1.7 billion in looses from BEC scams, far more than from any other kind of cybercrime activity it tracks.
Browsers Will Block Sites Using Old Versions of TLS
Starting in March 2020, all the major web browsers—Firefox, Chrome, Safari, and Edge—will display warnings when users visit websites that only support Transport Layer Security (TLS) versions 1.0 or 1.1. Users will be unable to visit those sites.