Security news that informs and inspires

All Articles

842 articles:

Decipher Podcast: Jeremy Oddo

Jeremy Oddo of Hollywood visualization studio The Third Floor joins Dennis Fisher to discuss the company's security challenges when moving to a fully remote workforce.

Podcast

Decipher Podcast: David Brumley

David Brumley of Carnegie Mellon University and ForAllSecure joins Dennis Fisher to talk about securing the software supply chain.

Podcast, Software Security

Understanding Asset Mix for Effective Vulnerability Management

Which platform is the riskiest: Windows, Mac, Linux, Unix, or a networking device? Latest research from Kenna Security and Cyentia Institute shows that CISOs have to consider both the number of vulnerabilities and how issues are addressed in order to determine risk.

Risk, Risk Management, Ciso

Two iOS Zero Days Used in Limited Attacks

Two vulnerabilities affecting the Mail app in iOS have been used in targeted attacks and one of the flaws requires no user interaction for exploitation.

Apple, Ios

Four Zero Days Found in IBM Data Risk Manager

A security researcher discovered four zero day flaws in IBM's Data Risk Manager product that can lead to remote code execution.

Ibm

CISA Urges Resetting Active Directory After Patching VPN

Vulnerabilities need to be patched, but security doesn’t stop with updates since the attackers may already be inside the network. Additional steps may be necessary, such as resetting passwords and looking for evidence of other types of infection or compromise.

Vpn, Patching

Supreme Court to Review CFAA For First Time

The US Supreme Court has agreed to review a case related to the Computer Fraud and Abuse Act (CFAA) for the first time ever, a move that could have long-term effects on security research.

Government, Cfaa

DHS Urges Vigilance on North Korean Attackers

The US government is warning of continued attacks from groups associated with the North Korean government.

Apt

VMware Bug Can Lead to Authentication Bypass

The VMware vCenter Server vulnerability (CVE-2020-3952) patched last week can lead to an authentication bypass as well as information disclosure.

Vmware

Managing Vulnerabilities by Crowd-Sourcing Threat Details

Thousands of software vulnerabilities are made public each year, leaving IT and security teams to sift out irrelevant issues from the bugs that need to be fixed. Rapid7's Attacker Knowledge Base brings crowd-sourced feedback to enterprise defenders to help them figure out which flaws to pay attention to.

Ciso, Vulnerability Assessment, Patching

Microsoft Patches Three Windows Zero Days

Microsoft has fixed three flaws that attackers were using in targeted attacks for several weeks.

Microsoft

Deciphering Ferris Bueller’s Day Off

Life moves pretty fast. If you don't stop and look around once in a while, you could miss it. Ferris Bueller is a master of social engineering and possibly the witness protection identity of David Lightman from WarGames.

Podcast

Tracking By Any Name Is Still A Privacy Concern

Google and Apple are teaming up on a contact-tracing framework, but even with the privacy safeguards they have promised, there are still concerns over how this kind of data collection impacts user privacy.

Privacy, Surveillance

RDP Drawing Unwanted Attention

The shift to remote work has caused a spike in the number of RDP servers exposed to the Internet, along with an increase in the number of scans for those servers.

Rdp, Microsoft

Keeping Up With Chrome, Firefox Browser Updates

Google and Mozilla have released multiple versions of their web browsers over the past few days to roll back certain features and to fix high-severity vulnerabilities.

Browser Security, Patching, Firefox, Google Chrome