Security news that informs and inspires

All Articles

959 articles:

Botnet Report Calls for IoT Security, More Awareness

The long-awaited report from the Departments of Commerce and Homeland Security called on the industry to improve IoT security, to develop better anti-DDoS technologies, and educate users about botnets. Regulation is not mentioned...yet.

Government, Iot Security

Roll With the New: Continuous Security Delivery

Capsule8 is working to change the way enterprises think about attack detection and response.

Network Security

TIC. TIC. Time is running out for TIC

Trusted Internet Connection (TIC) is the federal equivalent to DMZ. Dramatic changes in IT led by cloud adoption and mobile means we need to rethinking TIC.

Hacker History: The Time Charlie and Chris Hacked a Jeep Cherokee

Let's go back to 2015 in this animated Hacker History, when hackers Charlie Miller and Chris Valasek teamed up to show the world how the latest infotainment features in automobiles can be used to remotely hijack the car.

Hacker History, Car Hacking, Security Research

Facebook Simplifies 2FA Process for Users

Facebook has changed the way people can use two-factor authentication to protect their accounts, adding authenticator apps.

Facebook, 2fa

Expect More Spectre, Meltdown Variants Until Updated Chips Arrive

After Meltdown and Spectre, many researchers warned that increased scrutiny on side-channel meant more attacks will be found, so the discovery of "Variant 4" is not a surprise. More variants will be found as chip makers update their designs over the next few years to fix the issues.

Hardware, Security Processor, Vulnerability

Time, and the LØpht, March On

Twenty years after their famous Senate hearing, four members of the L0pht hacker group came together this week to talk about where things stand.

L0pht

FireEye Releases PwnAuth, an OAuth Attack Testing Platform

FireEye has released PwnAuth, an open source tool designed to help security professionals test their organization's ability to detect and respond to attacks abusing OAuth.

Network Security, Cloud, Tools, Oauth Phishing

YubiKeys Now Work With iOS

Yubico has released an SDK that will enable iOS app developers to support hardware-based 2FA.

2fa, Yubico

The Business of America is Surveillance

The FCC is looking into a website flaw that allowed the real-time tracking of anyone with just a mobile phone number.

Government, Surveillance

Exposed AWS Resources Leaked Sensitive Data

Amazon S3 buckets aren't the only data repositories that can leak data because of the organization's configuration errors. Other cloud services on the AWS platform are often found accessible by anyone on the Internet.

Aws Security, Cloud

Google Puts Plaintext HTTP Out to Pasture

Google Chrome will mark all HTTP pages as not secure in the coming months, a major milestone in the overdue death of plaintext connections.

Google, Encryption

Cybersecurity Czar Job to Remain Vacant

The White House plans to leave the cybersecurity coordinator job open, while lawmakers have introduced a bill to establish a new cybersecurity office.

Cybersecurity, Government

Predict Which Security Flaws Will be Exploited, Patch Those Bugs

How do enterprises figure out which security flaws to fix first? Research shows common vulnerability management and remediation strategies are no better than random guesses. Trying to predict which flaws will be exploited and fixing those is a better use of the security teams's time.

Vulnerability, Patch

Google’s Android P Confirms Humans Still at the Helm

The new Android Protected Confirmation API in Android P ensures that a human, not malware, is engaging with the app.

Mobile, Android