Cisco Talos researchers have discovered an Android trojan called GPlayed that mimics the Google Play store and can morph once it's installed.
Senators and law enforcement officials warned that cyberattacks by foreign adversaries are reaching a critical point.
People expect the personal VPN to hide or otherwise obscure what they are doing on the Internet. Some are better than others, but it is difficult to evaluate them on technical merits. Duo Labs provides guidelines on how to pick a personal VPN that matches your threat model.
In a small update to iOS, Apple has fixed two bugs that allowed someone to bypass the passcode on a locked iPhone.
The Solo security keys are based on open-source software and hardware designs and work with both desktop and mobile devices for two-factor authentication.
Thank you California. Gov. Brown has signed into the law that requires manufacturers to give Internet-connected devices unique passwords and not weak passowords like "admin" by default.
Two Russian-speaking APT teams recently have been seen using shared code and targeting the same organizations.
Whether or not Chinese spies actually planted rogue chips into Super Micro servers, this kind of supply chain attack is feasible. This is just the tip of the iceberg.
Creating static profiles of APT groups has limited value as tactics and tools shift constantly. So some researchers are advocating a move to dynamic profiles of adversaries.
A research team from KU Leuven in Belgium has disclosed new key reinstallation attacks against WiFi networks.
Facebook revoked its session tokens after the massive breach. A team of researchers from the University of Illinois at Chicago lay out what attackers could do with those session tokens if they hadn't been reset.
Will adversaries think twice about going after U.S. networks knowing that the Department of Defense now considers offensive tactics as part of its arsenal? Scythe's Bryson Bort and Endgame's Andrea Limbago discuss the shift towards offensive cyber operations and what it means for deterrence.
The Cloudflare Registrar will offer organizations wholesale domain pricing and a number of free security and privacy tools.
Attackers exploited vulnerabilities in Facebook's code to gain access to at least 50 million Facebook user accounts. Those accounts could have been used for information gathering campaigns, as attackers had full access to the user's profile, friends list, and usage history.
Duo Labs researchers discovered that Apple was using serial numbers to authenticate devices with its Device Enrollment Program (DEP). If organizations treat DEP as a trust broker and assume DEP-registered devices are trusted, they expose themselves to a variety of risks, including rogue devices receiving internal network configuration settings.