Security news that informs and inspires

All Articles

842 articles:

Attackers Target Home Routers With DNS-Changing Hack

Attackers are compromising home routers and changing the DNS settings to redirect victims to a site serving malware.

Malware

California, NY Consumer Privacy Laws Protect Data from Misuse

Organizations collecting and maintaining personal information about California and New York residents should be paying attention as the data security element of New York's SHIELD Act goes into effect and the California Attorney General releases a second set of modifications on regulations on implementing CCPA.

Data Privacy

APT41 Campaign Targeted Companies in 20 Countries

APT41, an attack group connected to China, has been running a broad campaign using public exploits and flaws to target companies in 20 countries.

Apt

Buffer Overflow in Memcached Fixed

A buffer overflow in the memcached tool has been patched after a public disclosure of the details and proof-of-concept exploit code.

Vulnerabilities

Insurers See Ransomware Claims More Than Double

Ransomware attacks are on the rise, and the in-house breach investigations team at insurance company Beazley Group said there were 131 percent more ransomware attacks against its customers in 2019 than was in 2018. The spike in attacks were most evident in healthcare, professional services, and financial services.

Ransomware, Cybersecurity Insurance

Decipher Podcast: Wade Baker and David Severski

Wade Baker and David Severski of the Cyentia Institute join Dennis Fisher to discuss the findings from their new Information Risk Insights Study into the risk and cost of security breaches across industries.

Podcast

Unpatched Windows Flaws Under Active Attack

Two new Windows vulnerabilities related to the Adobe Type Manager library are being exploited in targeted attacks.

Microsoft

Use Data, Not Magical Thinking

Many security leaders rely on a cost-per-record metric to calculate the costs of a security incident. The latest research from Cyentia Institute using Advisen data shows estimates based on that metric are frequently inaccurate.

Risk, Data Breaches, Risk Management

New Security Tools Added to Google’s Advanced Protection

Google is turning on its Play Protect app scanning feature automatically and changing which apps can be installed on Android devices associated with Advanced Protection Program accounts.

Google, Android

For Ransomware, Nighttime is the Right Time

Ransomware attackers tend to deploy their payloads at night and on weekends, when IT resources are scarce and security teams may be less active.

Ransomware

Decipher Podcast: Jo Van Bulck

Jo Van Bulck of KU Leuven joins Dennis Fisher to discuss the new load value injection attacks on processors.

Podcast

VMware Patches Critical Flaw That Allows Guest Escape

A critical flaw in VMware Fusion and Workstation could allow an attacker to run arbitrary code on the host from the guest.

Vulnerabilities

Security Norms Must Shift in a Crisis

With so many employees and contractors working remotely, security teams and CISOs grapple with the job of continuing to protect networks, systems, data, and people. One challenge: recognizing clues that something is wrong when nothing looks normal.

Network Security, Ciso

GitHub’s npm Acquisition Will Boost JavaScript Security

The security of the JavaScript software ecosystem will get a significant boost with GitHub acquiring npm, which hosts and maintains the Node package manager and the package registry. GitHub has the resources to invest in robust and stable infrastructure, thorough vetting of software packages, and integration into GitHub's other services.

Javascript, Github, Appsec

EARN IT Act Casts a Long Shadow on Encrypted Services

More senators are expressing support for the EARN IT Act despite its serious threat to encrypted services and user privacy.

Encryption, Government