Security news that informs and inspires

All Articles

930 articles:

Google Chrome Sign-in Change is Surprising. Is It a Deal-Breaker?

The privacy questions raised by Google's recent changes in how Chrome handles user login, but that doesn't necessarily mean the changes are nefarious.

Google, Privacy

Patching All The Things May Not Be The Best Strategy

Armchair risk analysis frequently defaults to "patch all the things," but the data shows that trying to chase after every vulnerability isn't always the best strategy for a CISO. How should CISOs look at Kenna Security and Cyentia Institute's research on what kind of patching model works best?

Ciso, Patching

Yubico, Microsoft Accelerate Retirement Plans for Passwords

Adoption and support for two-factor authentication continues to expand, as Yubico and Microsoft introduce new products designed to make passwords a thing of the past.

2fa, Microsoft

Magecart Group Refines Attacks, Nabs More Sites

The list of Magecart victims gets longer as the attack group optimizes its attack code and modifies its methods to steal payment card information from unsuspecting shoppers. What's a website owner to do?

Data Breaches, Website Security, Supply Chain, Magecart

Ransomware is the Present, But Cryptojacking is the Future

Cybercrime gangs are still making hay with ransomware, but a new report from Europol shows that malicious cryptomining is gaining momentum.

Ransomware, Cryptomining

That Email is Not From the CEO, It’s a BEC Scam

A Business Email Compromise (BEC) scam is a type of financial fraud designed to steal money from businesses and individuals. If the email from the CEO says to transfer money ASAP, it's time to call IT, not the bank.

Phishing, Finance Security

Wyden Warns Foreign Attackers Targeting Senators’ Personal Accounts

Sen. Ron Wyden says foreign hackers are targeting the personal accounts of senators and is introducing legislation to help protect those accounts.

Government

One Year After Equifax: New Credit Freezes

A year after the massive data breach rocked Equifax, there has been some incremental changes: new state regulations and a federal law for credit freezes. What more needs to happen to get significant improvements in data security and digital privacy?

Data Breaches, Finance Security

Attackers Prefer Cheap and Easy-to-Find RDP Attack Tools

For many criminals, the fact that they can just buy remote desktop protocol (RDP) credentials means they don’t need to spend the time trying to develop their own attacks. With RDP, the network is their oyster.

Windows Security, Remote Access Attacks

Facebook Brings Bug Bounty to Developer Ecosystem

Facebook is expanding its bug bounty program to third-party apps and websites that might expose user tokens improperly.

Facebook, Bug Bounty

Cloudflare Makes InterPlanetary File System Globally Accessible

Cloudflare has released a gateway and browser extension to make the distributed IPFS network easily and securely accessible.

Encryption

Senators Question Lack of MFA at State Department

Five lawmakers have asked the Secretary of State for answers about his agency's failure to implement MFA despite a federal requirement to do so.

2fa

No Sleep for Computers: Cold Boot Attacks are Back

F-Secure researchers found that modifying the hardware on modern computers make them susceptible to “cold boot” attacks where passwords and encryption keys can be harvested from memory. Hibernate or power off. Don't put the computer in sleep mode.

Hardware, Vulnerability

BA Breach Another Step in Magecart Group’s Evolution

The attack group known as Magecart has been stealing payment information from sites for several years and is showing signs of maturation with the BA breach.

Data Breaches, Magecart

Decipher Podcast: Richard Bejtlich

Security strategist, adviser, and author Richard Bejtlich joins the podcast to talk about the evolution of incident response and how the security community has changed over the last 20 years.

Podcast