Security news that informs and inspires

All Articles

984 articles:

A Traveler’s Guide to OPSEC

Traveling can be a lot of fun, but it can also present myriad challenges when it comes to keeping your information and devices secure. A few simple steps and a little advance planning can go a long way to increasing your operational security.

Opsec, Rsac2019

BIND 9 Contains Serious Memory Leak

Some versions of BIND 9 contain a severe memory leak that can exhaust the memory resources on a vulnerable server.

Bind

19-Year-Old Bug Haunts WinRAR

A bug that can grant arbitrary code execution has been lurking in the WinRAR compression utility since 2000.

Vulnerabilities

Brushaloader Threat Evolves and Adapts Quickly

The Brushaloader malware threat, which often loads the Danabot banking trojan, is expanding its target base and refining its tactics.

Malware

Attackers Move Quickly, Defenders Need to Keep Up

Enterprise defenders have a very narrow window of opportunity to detect a compromise before attackers spread out through the network and cause more damage. For nation-state attackers, that breakout time is a handful of hours.

Hacking, Data Breaches

Software Alone Can’t Fix Spectre-Class Flaws

Speculative execution enhanced microprocessor performance, but also made them more susceptible to side-channel attacks. The final fix won’t be via software updates.

Hardware, Spectre

Crafting Policies With Panache

There are obvious differences between government policy and organizational policy, but when it comes to crafting information security policies, there are several elements that apply to both sides. Here are some of them.

Ciso, Security Policy

Brutal Hacks Teach Hard Disaster Recovery Lessons

The hack of VFEmail, a hosted email provider, can be a reminder of how disaster recovery planning can be a life saver.

Disaster Recovery

Google Rejecting More Harmful, Suspicious Apps From Play Store

Google has increased the number of apps rejected from the Play Store by 55 percent, thanks to new policies and technology to identify potentially harmful apps.

Google, Android

Government Shutdown Highlights Importance of Planning Ahead

Parts of the government is still spinning back up after spending 35 days offline as part of the recent partial government shutdown. For security teams with long to-do lists, that's a lot of time they need to regain.

Government, Incident Response

APT Groups Moving Down the Supply Chain

A recent intrusion at Norwegian MSP Visma that researchers attribute to APT10 demonstrates the changing tactics of some advanced attack groups.

Apt

Root Code Execution Flaw Threatens Container Platforms

A flaw in runC, the underlying container runtime for many platforms, can give an attacker root access to vulnerable hosts.

Containers, Linux

Wyden, Rubio Ask CISA to Assess Threat From Foreign VPN Services

Two senators have asked the director of the Cybersecurity and Infrastructure Security Agency to look into the national security threat from foreign-based VPNs.

Government

Q&A: David Scott Lewis

David Scott Lewis was the model for the David Lightman character in WarGames, a true hacker classic.

Hacking

Safari Removing Do Not Track Support

Apple is eliminating the Do Not Track feature from its Safari browser in version 12.1 and making several other security and privacy changes, as well.

Apple, Privacy