Security news that informs and inspires

All Articles

755 articles:

Mozilla to Require 2FA for Add-On Developers

Mozilla will soon require add-on developers to enable 2FA for their accounts in an effort to defeat supply chain attacks.

2fa, Mozilla

Time, Not Money, Kills Bugs

The measure of a bug bounty program's success is not how much researchers were paid, but how the organization handled the volume of new reports. GitLab's James Ritchey share some of the lessons learned in the company's first year of the public bug bounty program.

Bug Bounty, Gitlab

Microsoft Fixes Windows Bug Under Active Attack

Microsoft patched CVE-2019-1458 in Windows, a privilege escalation bug that is being used in active attacks.

Microsoft

Maze Turns Ransomware Incidents into Data Breaches

Maze ransomware, which infected Pensacola, Florida, exfiltrates the data to a remote server before encrypting the local copies in order to force victims to pay the ransom. The group threatens to publicly release the files if the victims don't pay.

Ransomware, Data Breaches

Chrome Adds Warning for Compromised Passwords

Google has integrated its Password Checkup functionality into Chrome 79 to warn when people use compromised credentials.

Google, Passwords

Signal Working on New Private Group Feature

Signal is developing an updated private group system that provides enhanced capabilities and security for group administrators.

Encryption, Privacy

Buggy Ryuk Tool Corrupts Data Files After Ransomware Infection

A bug in the Ryuk ransomware’s decryptor tool means some files get corrupted during the recovery process. The victim doesn’t get all the files back, even after paying the ransom demand.

Ransomware

Linux Flaw Allows VPN Hijacking

A vulnerability in many Linux distributions, as well as Android and iOS, can allow an attacker to hijack VPN connections in some cases.

Linux

New ZeroCleare Wiper Malware Used in Targeted Attacks

The new ZeroCleare malware has been used in destructive attacks against energy companies in the Middle East.

Malware

StrandHogg Bug Plagues Android

Many versions of Android, including Android 10, have a weakness dubbed StrandHogg that can lead to credential phishing and other malicious actions.

Android, Google

NIST Developing Hardware Security Guidelines for Enterprises

The federal government's technical standards body is working on best practices for verifying the security and integrity of hardware, a notoriously difficult problem.

Hardware Security, Government

Contract for Web Can’t Fix Privacy Problems If Security Isn’t Included

As the inventor of the World Wide Web, Tim Berners-Lee proposed the [Contract for the Web](https://contractfortheweb.org/) as a way to address problems such as misinformation, mass surveillance and censorship online, but the list is not a realistic blueprint for action.

Internet, Privacy

Congress Proposes a Promising New Privacy Bill

The ranking Democrat on a Senate Commerce Committee has unveiled a new digital privacy bill that would strengthen the FTC’s enforcement powers over tech companies.

Privacy, Legislation, Government

Fortinet Products Used Hardcoded Encryption Key

Several Fortinet products had a hardcoded encryption key that could allow for passive monitoring of user traffic.

Vulnerability

Q&A: Ron Deibert

The sale and use of surveillance software is largely unregulated and unexamined, but Ron Deibert and his team at the Citizen Lab are working to change that through research into abuses.

Privacy, Surveillance