Security news that informs and inspires

All Articles

842 articles:

Steal This Fingerprint

Research shows that attackers can bypass fingerprint sensors on some devices with as high as an 80 percent success rate.

Biometrics, 2fa

Kinsing Malware Targets Docker

An attacker is exploiting open Docker API ports to gain a foothold and install a piece of malware called Kinsing that tries to mine Bitcoin.

Malware

Too Many Exchange Servers Remain Unpatched

A security vulnerability in Microsoft Exchange that was fixed in February is still unpatched on hundreds of thousands of Exchange servers.

Microsoft, Exchange, Patching

Mozilla Fixes Two Firefox Flaws Under Active Attack

Attackers are exploiting two use-after-free bugs in Firefox and Mozilla has released emergency patches for the vulnerabilities.

Mozilla

Decipher Library: First Edition

We've put together a list of security and privacy related book recommendations from people across the industry, from technical manuals to histories to cyberpunk fiction.

Books, Ciso, Privacy

Magecart Sets Sights on the SMB

The prolific Magecart group continues to evolve its attack techniques as it uses new skimmer code to steal payment card numbers from the websites of small- and medium-sized businesses, RiskIQ researchers found.

Magecart, Cybercrime, Ecommerce Security

Long Campaign Compromises MS-SQL Servers by the Thousands

An attacker based in China has been compromising thousands of MS-SQL servers for nearly two years.

Microsoft

Washington Is First State to Regulate Facial Recognition

As the first state with with a law regulating how government agencies can use facial recognition software, Washington provides other states with a blueprint on how—and how not to—tackle the security and privacy questions around the technology.

Facial Recognition, Privacy

Cloudflare Releases Warp Beta for Windows and macOS

The Cloudflare Warp security service is now available in beta for Windows and macOS, a year after the app became available for iOS and Android.

Vpn

Decipher Podcast: Rich Mogull

Rich Mogull, CEO of Securosis and a longtime paramedic and disaster medic, joins Dennis Fisher to discuss the mindsets required to prepare for and respond to both physical disasters and security incidents.

Podcast

Marriott Discloses New Data Breach

Marriott says 5.2 million customers may be affected by a new data breach disclosed today.

Data Breaches

WireGuard VPN Added to Linux Kernel

The WireGuard VPN is now a default part of the Linux 5.6 kernel.

Privacy, Linux

EFF Says Privacy Loopholes Remain in CCPA

California is expected to begin enforcing its new consumer privacy law starting July 1, but the Electronic Frontier Foundation is concerned about all the loopholes that still remain.

Privacy, Government

The Short, Unhappy Lives of Five Zero Days

Google's Threat Analysis Group discovered one attacker exploiting five separate zero days in several applications last year, a highly unusual attack pattern.

Google, Phishing

Give IT a Break from Software Updates

Microsoft said it will pause non-security Windows updates beginning in May as part of its plan to reduce the update pressure on IT and security teams, as they are busy keeping organizations operational during the COVID-19 pandemic. Other software companies are adjusting their release schedules, recognizing that IT and security teams are currently stretched thin.

Appsec, Application Security, Appdev, Ciso, Patch