Security news that informs and inspires

All Articles

620 articles:

Personality Types May Be Useful in Security Training

Research suggests that people’s personality types can influence whether they would be more likely to fall for social engineering attacks or be less likely to click on phishing links.

Security Training

Many HTTP/2 Servers Vulnerable to DoS Bugs

A number of HTTP/2 server implementations are vulnerable to eight newly disclosed denial-of-service flaws.

2

Two New BlueKeep-Like Flaws Emerge in Windows

Microsoft has fixed two new remotely exploitable vulnerabilities in Windows that are similar to the BlueKeep bug and could be exploited by a worm.

Microsoft

Phishers Play on Emotions to Fool Victims

New research from Google and the University of Florida shows that attackers use a variety of emotional triggers to trick victims into falling for their schemes.

Phishing, Blackhat

Project Zero Wants You To Help Make 0-Day Hard

The Google Project Zero team is encouraging public attack research teams to form a coalition to collaborate and share data.

Black Hat

Ill Communication: Improving Security By Talking It Out

Improving communication between security teams and the rest of the organization can greatly improve an enterprise's security posture.

Black Hat

Include Deepfakes in Incident Response Plans

Deepfakes aren't just weird political videos. Enterprises should be concerned about how deepfakes could impact their reputation and financial health and include them in incident response plans.

Incident Response, Disinformation

New Weaknesses Found in WPA3

Researchers have discovered two new flaws in the Dragonfly handshake in the WPA3 WiFi security standard.

Encryption

Demand for Cyber Insurance Is High, and So Are the Risks

As organizations grapple with soaring costs of cyberattacks, many are asking insurance companies for help reducing risks. But insurance providers are also hedging their bets because cyber insurance is so risky.

Cybersecurity Insurance

Capital One Breach Does Not Mean the Cloud is Insecure

Financial services organizations and many other enterprises have hesitated to go all in the cloud, citing concerns about depending on a third-party to protect the data, and the Capital One breach may encapsulate their fears. But the fact is, the cloud provides security benefits, so long as proper controls are put in place.

Cloud, Data Breaches

Capital One Breach Highlights Challenges of Insider Threats

The breach of Capital One data on Amazon Web Services is a insider threat story. Defending from malicious insiders is a different ballgame than from outsiders.

Insider Threat, Data Breaches

Enterprises May Not Know Which Devices Have URGENT/11 Flaws

VxWorks is the operating system no one has ever heard of, but it is widely used in industrial control systems, robotics and automation, industrial control systems, and Internet of Things. The URGENT/11 group of vulnerabilities in these devices can be exploited remotely.

Vulnerability, Internet of Things, Patching, Critical Infrastructure Security

Being on the Latest Windows Version Can Thwart Zero Days

Zero day vulnerabilities exploited in the wild is never good news, but if the user's machine is running the latest version of the operating system, the chances are good that the attack won't be successful against that machine, according to a Microsoft security engineer.

Microsoft, Vulnerability, Windows, Software Security

BlueKeep Exploit on Sale, Now We Wait

What a week for BlueKeep watchers. Chinese-language slide deck appears on GitHub with details on how to use the BlueKeep vulnerability, Immunity includes a working exploit in its penetration testing kit, and the WatchBog cryptocurrency-mining botnet now has a scanner looking for vulnerable Windows machines with Remote Desktop enabled.

Malware, Exploit Sales

Kazakhstan HTTPS Interception a ‘Dangerously Misguided Policy’

The Kazakhstan government's efforts to intercept HTTPS connections and eavesdrop on secure traffic is a dangerous policy, experts say.

Privacy