Security news that informs and inspires

All Articles

658 articles:

Deciphering Blackhat

Dennis Fisher, Peter Baker, and Zoe Lindsey try to make heads or tails of Blackhat, the movie that envisions hackers as international assassins and spies.

Podcast

Hacking for Good: The Cult of the Dead Cow and the Rise of Hacker Culture

Members of the Cult of the Dead Cow are joined by fellow hackers and security leaders Dug Song, Katie Moussouris, and Heather Adkins to trace the origins of hacker culture and its lasting influence.

Video, Black Hat

Backdoor Found in Webmin Utility

Last year, an attacker was able to compromise the build system used for Webmin development and inserted a backdoor into the code, which was only revealed this week.

Webmin

Coordinated Ransomware Attack Hits Texas Government Agencies

More than 20 Texas agencies have been compromised in a widespread ransomware attack.

Ransomware

AWS Promises to Scan for Misconfigured Servers

Amazon Web Services will now scan customer environments for potentially misconfigured servers in the wake of Capital One's data breach. Even though many of these cloud-based data breaches weren't the fault of cloud service providers, many are stepping up to detect problems before they become security incidents.

Cloud, Amazon

New Attack Exposes Serious Bluetooth Weakness

The KNOB attack exploits a weakness in how Bluetooth devices negotiate the encryption key, allowing eavesdropping and decryption of communications.

Bluetooth Security

Chrome and Firefox Removing EV Certificate Indicators

In the coming months, Google and Mozilla will remove the Extended Validation security indicators from the browser address bars.

Google, Mozila

Proposal to Make HTTPS Certificate Expire Yearly Back on the Table

The question about shortening the validity period for TLS certificates is back in front of the CA/Browser Forum again. CAs still oppose it and browser makers are still for it.

SSL Certificates, Certificate Authority, Browser Security, Cryptography

Personality Types May Be Useful in Security Training

Research suggests that people’s personality types can influence whether they would be more likely to fall for social engineering attacks or be less likely to click on phishing links.

Security Training

Many HTTP/2 Servers Vulnerable to DoS Bugs

A number of HTTP/2 server implementations are vulnerable to eight newly disclosed denial-of-service flaws.

2

Two New BlueKeep-Like Flaws Emerge in Windows

Microsoft has fixed two new remotely exploitable vulnerabilities in Windows that are similar to the BlueKeep bug and could be exploited by a worm.

Microsoft

Phishers Play on Emotions to Fool Victims

New research from Google and the University of Florida shows that attackers use a variety of emotional triggers to trick victims into falling for their schemes.

Phishing, Blackhat

Project Zero Wants You To Help Make 0-Day Hard

The Google Project Zero team is encouraging public attack research teams to form a coalition to collaborate and share data.

Black Hat

Ill Communication: Improving Security By Talking It Out

Improving communication between security teams and the rest of the organization can greatly improve an enterprise's security posture.

Black Hat

New Weaknesses Found in WPA3

Researchers have discovered two new flaws in the Dragonfly handshake in the WPA3 WiFi security standard.

Encryption