Security news that informs and inspires

All Articles

984 articles:

Visa Reports POS Malware Infected Two Hospitality Companies

Two hospitality merchants in North America were compromised by point-of-sale malware in May and June of this year, Visa said in a recent technical report.

Data Breaches, Malware, Payment Card Breach

China-Linked Hackers Found Using UEFI Rootkit

The newly discovered MosaicRegressor framework has been used by attackers linked to China to deliver a UEFI rootkit in some targets.

Apt

House Version of EARN IT Act Introduced

The EARN IT Act has now made its was into the House of Representatives, with a key change from the Senate version's stance on encryption.

Encryption, Government

GitHub Releases Integrated Code Scanning Feature

GitHub has released a new code-scanning feature for both public and private repositories that finds security flaws before they make it into a codebase.

Software Security

ESET Identifies 11 Latin American Malware Families

There are multiple distinct banking Trojan families in Latin America, rather than one large group as has been previously believed, ESET researchers said at the Virus Bulletin 2020 conference.

Malware, Banking Trojans

Decipher Podcast: Larry Cashdollar

Larry Cashdollar, a senior security researcher at Akamai, joins Dennis Fisher to talk about 20 years of vulnerability research and the many different ways that things can go sideways.

Podcast

Universal Health Services Network Knocked Offline

A security incident at Universal Health Services has taken the network of the large health system offline.

Ransomware

Framework Outlines How Companies Should Talk About Breaches

Organizations are increasingly developing incident response playbooks to plan out in advance what steps to take in case of a security breach—such as an employees accessing files without authorization, a lost computer, or a server compromised by outside attackers. A team of academics from the UK's University of Kent and University of Warwick outlined a comprehensive playbook on how organizations should communicate after a security incident.

Data Breaches, Incident Response

Attackers Actively Targeting Zerologon Flaw, Microsoft Warns

The Zerologon vulnerability Microsoft patched in Windows Server last month is actively being exploited in several attacks, Microsoft warned.

Patch, Microsoft

Compromised Credentials Used in Attack Against Federal Agency

An intruder breached a federal agency’s internal network and accessed data files using compromised credentials and custom malware, the Cybersecurity and Infrastructure Security Agency said in an Analysis Report.

Government, Data Breaches

LokiBot Activity Spikes, CISA Warns

CISA alerted administrators that activity from the LokiBot information stealing trojan has been increasingly sharply since July.

Malware

SAFE DATA Act Joins Crowded Field of Privacy Bills

The SAFE DATA Act is the latest attempt to pass a national privacy law, but it relies on notice-and-consent and does not apply to federal agencies.

Privacy

CISA Orders Agencies to Patch Zerologon Flaw

Federal agencies have until the end of Monday to install fixes for a recently-fixed elevation of privilege vulnerability in Windows which could be used to take control of the entire network, CISA said in an emergency directive.

Patch, Windows, Government

MITRE Releases FIN6 Emulation Plan

MITRE’s latest project is a public library of detailed plans replicating tactics and techniques used by known attack groups. The first set of adversary emulation plans released this week describe the behavior of cybercrime group FIN6.

Cybercrime, Attacker, Attack Simulations

Tech, Privacy Groups Urge Senators to Oppose EARN IT Act

A large coalition of privacy and civil liberty groups have sent a letter urging senators to oppose the EARN IT Act.

Privacy, Encryption