Security news that informs and inspires

All Articles

755 articles:

Lawmakers Ask FCC to Do Something About SIM Swapping

Criminals can bypass two-factor authentication and hijack user accounts by simply convincing a mobile carrier to swap SIM cards for a phone number. A group of Senators and Representatives are asking the FCC to protect consumers from these kinds of scams.

Government, Mobile Security

MITRE Adds ICS-Specific Techniques to ATT&CK Framework

MITRE adds information about threat groups, malware, and techniques used by adversaries in attacks against industrial control systems in its ATT&CK framework.

Critical Infrastructure Security

SHA-1 ‘Fully and Practically Broken’ By New Collision

A chosen prefix collision in SHA-1 has demonstrated a new issue with the venerable hash function developed by the NSA.

Cryptography

Government Officials Warn of Potential Iranian Cyberattacks

The Iranian government has a lot of options to consider in its response after the United States military killed Qassem Soleimani, the chief of Iran’s Quds Force. Government officials in the United States are warning organizations that cyberattacks are possible, and to step up monitoring.

Government

Firefox to Allow Users to Delete Telemetry Data

As CCPA goes into effect, Mozilla is making a change that will allow people to request the deletion of any telemetry data collected by Firefox.

Privacy, Firefox

CISA Seeks Comments on How Government Should Handle Vulnerability Reports

There is still time for security professionals in and out of government to weigh in on CISA's soon-to-be-released directive on how federal agencies should handle vulnerability reports.

Government, Vulnerability Disclosure

Microsoft Targets North Korean Hackers in Domain Takedown

Microsoft took over 50 domains used by threat actors known as Thallium, which the company says are operating from North Korea.

Microsoft, Apt

Drupal Patches Arbitrary File Upload Flaw

Drupal has released fixes for a file-upload flaw that could lead to remote code execution.

Vulnerabilities

Apple Opens Up Bug Bounty Program

Apple has opened its bug bounty program up to the broad research community, offering payments of up to $1.5 million.

Apple

BeyondProd Lays Out Security Principles for Cloud-Native Applications

First, it was Beyond Corp, to shift security away from the perimeter and onto individual users and devices. Now it is BeyondProd, to apply zero-trust principles to cloud-native applications and workloads that rely on microservices and communicate primarily over APIs.

Cloud, Containers, Google

Deciphering Die Hard

Zoe Lindsey, Pete Baker, and Dennis Fisher dive into Doe Hard, a modern classic with some interesting security lessons.

Podcast

Google to Pay for Security Upgrades in Open Source Projects

Google is amending its patch reward program to provide up-front financial support for open source projects that need money to make security improvements.

Google

Google to Restrict App Access to G Suite Accounts

Google will limit the ability of LSA to access G Suite accounts starting in June, to protect users from account hijacking attempts. The change is to encourage using apps that rely on OAuth 2.0.

Oauth, Multifactor Authentication, Google, Account Security

Decipher Podcast: Kelly Shortridge

Kelly Shortridge of Capsule8 joins Dennis Fisher to discuss the idea of accepting some level of ransomware attacks as necessary and working toward an economic equilibrium with the attackers.

Podcast

New Tactics Emerge as Phishing Evolves

Recent phishing campaigns uncovered by Microsoft are using custom 404 error pages and search result poisoning to fool victims.

Phishing