Security news that informs and inspires

All Articles

620 articles:

Researchers Uncover Long-Term Facebook Malware Campaign

A malware campaign that used dozens of fake Facebook profiles and target Libyans has been uncovered and dismantled.

Facebook

OpenPGP Certificate Attack Worries Experts

A certificate flooding attack on OpenPGP keyservers is causing problems and raising questions about the system's resilience.

Encryption

No Public BlueKeep Exploit Yet, But Clock is Ticking

A public exploit for BlueKeep has not yet been released, but a number of researchers have developed proofs-of-concept exploiting the Remote Desktop Protocol (RDP) vulnerability. Time may be running out for organizations that have still not applied Microsoft's patch.

Patching, Microsoft, Malware, Windows

Google Cloud Takes Chronicle, Future of VirusTotal Murky

Google is bringing Chronicle back home and will integrate the enterprise security startup into its Google Cloud security portfolio. Whether VirusTotal will remain as a stand-alone service is currently unknown.

Google, Enterprise Security

Return of the Mack: Exploit Kits Back on the Scene

Recent campaigns using the GreenFlash Sundown and Spelevo exploit kits have served as reminders that these kits are still active and dangerous, despite a dip in usage recently.

Exploit Kits

The Curious Case of Silexbot

The Silexbot malware is compromising IoT devices and destroying their file systems and rebooting them, in an apparent attempt to stop botnet controllers from owning them.

Malware, IoT Security

Google Makes Encrypted DNS Generally Available

The “general availability” of Google’s Public DNS-over-HTTPS service brings us closer to a world where all online communications, including DNS requesoverare encrypted by default.

DNS Security, Internet

Decipher Podcast: Michael Coates

Dennis Fisher speaks with Michael Coates of Altitude Networks about his security philosophy and the challenge of protecting hundreds of millions of users at Mozilla and Twitter.

Podcast

Amazon Unveils Security Hub, Control Tower to Aid AWS Security

At AWS re:Inforce, Amazon introduced two new security tools--Control Tower and Security Hub--to help ease the process of securely configuring AWS environments.

Cloud Security

Thieves Switching to Shimmers to Steal from ATMs

As chip-based payment cards become the norm, criminals are shifting tactics to use shimmers rather than skimmers to steal money from automated teller machines, Flashpoint said.

Finance

Dashboard Act Would Force Companies to Tell Users What Their Data is Worth

The DASHBOARD Act, introduced in the Senate Monday, would require social media companies to tell people what the economic value of their personal data is.

Government, Privacy

CISA Warns Iranian Attackers Use Wiper Malware

The United States Department of Homeland Security warned that Iranian nation-state attackers could lob malware capable of wiping hard drives and physically destroying machines against U.S. targets as the two countries remain locked in a political game of one-upmanship.

Malware, Government

Dell Patches Bug in Powerful SupportAssist Utility

Dell has fixed a serious bug in the SupportAssist utility that is preinstalled on millions of PCs and could give an attacker control of a target machine.

Vulnerability

Firefox 0-Day Used to Deliver Netwire Mac Malware

A new vulnerability in Firefox has been used in targeted attacks, one of which has delivered the Netwire OS X malware.

Firefox

Phishing Kit Developers Operate Like Regular Software Shops

Phishing is a numbers game—and the longer a kit remains hidden and active, the longer the attack can run and net more victims. The developers behind popular phishing kits are adopting best practices from the business world to streamline operations and make money.

Phishing, Phishing Kits