Security news that informs and inspires

All Articles

983 articles:

After Account Breach, Attackers Can Use Single Sign-On to Take Over More Accounts

Facebook revoked its session tokens after the massive breach. A team of researchers from the University of Illinois at Chicago lay out what attackers could do with those session tokens if they hadn't been reset.

Data Breaches, Sso

Understanding the Defense Department’s New Cyber Strategy

Will adversaries think twice about going after U.S. networks knowing that the Department of Defense now considers offensive tactics as part of its arsenal? Scythe's Bryson Bort and Endgame's Andrea Limbago discuss the shift towards offensive cyber operations and what it means for deterrence.

Federal, Government

Cloudflare Starts Security Focused Domain Registrar

The Cloudflare Registrar will offer organizations wholesale domain pricing and a number of free security and privacy tools.

Privacy

Attackers Take Over 50 Million Accounts in Facebook Breach

Attackers exploited vulnerabilities in Facebook's code to gain access to at least 50 million Facebook user accounts. Those accounts could have been used for information gathering campaigns, as attackers had full access to the user's profile, friends list, and usage history.

Data Breaches, Facebook, Identity Theft

Don’t Skip User Authentication on MDM Even With Apple’s DEP

Duo Labs researchers discovered that Apple was using serial numbers to authenticate devices with its Device Enrollment Program (DEP). If organizations treat DEP as a trust broker and assume DEP-registered devices are trusted, they expose themselves to a variety of risks, including rogue devices receiving internal network configuration settings.

Apple, Labs Research, Mdm

Researchers Identify New Phishing Tactics on Android Devices

A team of researchers has developed several new phishing techniques that can be used against Android devices, leveraging issues with some password managers.

Phishing, Android

Getting Closer to a Surveillance-Free Internet

Cloudflare has been working with the likes of Google, Mozilla, Fastly and Apple to make it harder for ISPs and other network operators from being able to see what sites users are visiting. Cloudflare has rolled out ESNI on its systems to see how well the experimental technical specification works to hide user activity online.

Internet, Https

Mozilla Rolls Out Firefox Monitor Service for Breach Notifications

The Firefox Monitor service uses data from the Have I Been Pwned database to alert people to compromises.

Data Breaches, Mozilla

Google Chrome Sign-in Change is Surprising. Is It a Deal-Breaker?

The privacy questions raised by Google's recent changes in how Chrome handles user login, but that doesn't necessarily mean the changes are nefarious.

Google, Privacy

Patching All The Things May Not Be The Best Strategy

Armchair risk analysis frequently defaults to "patch all the things," but the data shows that trying to chase after every vulnerability isn't always the best strategy for a CISO. How should CISOs look at Kenna Security and Cyentia Institute's research on what kind of patching model works best?

Ciso, Patching

Yubico, Microsoft Accelerate Retirement Plans for Passwords

Adoption and support for two-factor authentication continues to expand, as Yubico and Microsoft introduce new products designed to make passwords a thing of the past.

2fa, Microsoft

Ransomware is the Present, But Cryptojacking is the Future

Cybercrime gangs are still making hay with ransomware, but a new report from Europol shows that malicious cryptomining is gaining momentum.

Ransomware, Cryptomining

Magecart Group Refines Attacks, Nabs More Sites

The list of Magecart victims gets longer as the attack group optimizes its attack code and modifies its methods to steal payment card information from unsuspecting shoppers. What's a website owner to do?

Data Breaches, Website Security, Supply Chain, Magecart

Wyden Warns Foreign Attackers Targeting Senators’ Personal Accounts

Sen. Ron Wyden says foreign hackers are targeting the personal accounts of senators and is introducing legislation to help protect those accounts.

Government

That Email is Not From the CEO, It’s a BEC Scam

A Business Email Compromise (BEC) scam is a type of financial fraud designed to steal money from businesses and individuals. If the email from the CEO says to transfer money ASAP, it's time to call IT, not the bank.

Phishing, Finance Security