Security news that informs and inspires

All Articles

904 articles:

Lawmakers Ask for Cybersecurity Funding for States

A bipartisan group of Congressional lawmakers are trying to drum up support to include money for states and local governments to modernize their IT infrastructure in the next stimulus package.

Government

US Exposes New North Korean Malware Tools

The U.S. government has published details of three new malware tools it says are in use by North Korean state-sponsored attackers.

Malware

Thunderspy Attack Underscores Existing Thunderbolt Security Issues

The new Thunderspy attack highlights a handful of shortcomings in the security model of the Thunderbolt chip used in many PCs.

Hardware Security

GitHub Expands Scanning to Find Security Flaws in Code

The goal for secure software isn’t to never have vulnerabilities, but to be able to find vulnerabilities as soon as possible so that they can be fixed. GitHub has expanded its code scanning capabilities to make it easier for developers to identify flaws in projects that are managed on its platform.

Open Source, Github, Vulnerability, Appdev

Cisco Fixes Kerberos Authentication Bypass Bug in ASA Software

Cisco has patched a dangerous flaw in its Adaptive Security Appliance Software that could allow an attacker to bypass authentication when Kerberos is enabled.

Vulnerability

Thousands of SaltStack Servers Patched, But Many Still Vulnerable

The number of servers vulnerable to the CVE-2020-11651 SaltStack flaw has dropped considerably, but several thousand are still unpatched.

Cloud

CISA Warnings Highlight Myriad Security Threats

Over the past few days, the Cybersecurity and Infrastructure Security Agency has issued several alerts warning about nation-state actors targeting healthcare and medical research organizations, as well as ways organizations should protect their remote workforce.

Government

GoDaddy Reports Breach of Customer Hosting Accounts

An attacker was able to access an undisclosed number of GoDaddy customers' hosting accounts using SSH connections.

Data Breaches

SaltStack Flaw Used in Numerous Attacks

Attackers are exploiting the CVE-2020-11651 flaw in SaltStack Salt to install coinmining scripts on exposed servers.

Cloud

Senators Plan COVID-19 Data Protection Bill

Four senators are planning to introduce the COVID-19 Data Protection Act to regulate the collection, use, and transfer of health and location data related to virus infections.

Privacy

Decipher Podcast: Andy Ellis

Akamai CSO Andy Ellis joins Dennis Fisher to talk about the security implications of moving thousands of employees worldwide to remote work.

Podcast, Ciso

RDP Stays in Attackers’ Sights

There has been a sharp increase in scans for exposed RDP servers recently as attackers try to take advantage of the move to remote work.

Microsoft

Banner Health Settles Data Breach Lawsuit

A judge has approved the deal settling all claims related to Banner Health’s 2016 data breach, which includes stipulations for how the hospital operator must improve its information security.

Data Breaches, Healthcare

No Rest For the Wicked as Ransomware Attacks Persist

Ransomware operators have begun using long-held positions inside corporate networks to deploy ransomware.

Ransomware

Spyware for Targeted APT Campaign Sneak into Google Play

Kaspersky researchers discuss how a targeted campaign against Android users in Southeast Asia relied on spyware apps that snuck onto official app marketplaces such as Google Play.

Apt