Security news that informs and inspires

All Articles

2202 articles:

Software Supply Chain Woes Afflict DockerHub, Too

Threat analysis firm Prevasio scanned the entire DockerHub and found that 51 percent of all container images had at least one critical vulnerability and 13 percent had at least one high-severity vulnerability. Researchers also identified 6,433 images that were malicious or potentially harmful.

Containers, Docker

The Painful Calculus of Ransomware Payments

Ransomware gangs have added data theft to their tactics, bringing another variable into the pay or don't pay equation.

Ransomware

Home Depot Settles With States Over 2014 Data Breach

The home improvement giant reached a $17.5 million settlement with 46 states and Washington, DC to resolve the investigation into the data breach that compromised the payment information of 40 million customers who used self-checkout terminals at its stores in the United States and Canada.

Data Breaches

New Signed Version of Old Bandook Malware Emerges

New variants of the Bandook malware that are digitally signed have been used in a recent wave of attacks on organizations in many industries.

Malware

Interpol Arrests Three in BEC Scam

The Nigeria Police Force, in partnership with Interpol and Group-IB, has arrested three men suspected of being part of a cybercriminal gang that specialized in business-email-compromise scams.

Phishing

VMware Warns of Critical Zero Day in Workspace One

A critical command injection vulnerability (CVE-2020-4006) with no fix available has been discovered in VMware Workspace One.

Vmware

Europol Arrests Two for Running Malware Crypter Services

European law enforcement officials have arrested two suspects for allegedly running a pair of crypter services that help malware slip past security software.

Cybercrime

FBI Guidance Evolves on Ransomware Payments

The FBI has always advised victims not to pay ransomware groups, but its thinking has evolved as attacks have proliferated and worsened.

Government, Ransomware

Public Exploits Give Attackers a Head Start

The latest research out of Kenna Security and Cyentia Institute compared how quickly defenders could remediate vulnerabilities and how quickly attackers could exploit the vulnerability in the wild.

Vulnerability, Exploit Defense

Congress Passes IoT Security Law

Congress has unanimously passed the bipartisan IoT Cybersecurity Improvement Act, which would set minimum security requirements for developing, patching, and configuring Internet of Things.

Government, Iot Security

Firefox Adds HTTPS-Only Mode

Firefox 83 includes an option to force HTTPS connections to any site that offers them.

Firefox

Civil Liberties Groups Decry Calls for Encryption Backdoors

A coalition of civil liberties groups from the U.S. and Europe is warning about the potential consequences of backdoors in encryption systems.

Encryption

Security Leaders Uneasy CISA Chief May be Fired

The Cybersecurity and Infrastructure Security Agency’s role goes beyond national security and securing elections. Any shakeup at CISA’s leadership level would affect the work the agency has been doing with privacy sector organizations.

Government

Google Patches Two More Chrome Zero Days Used by Attackers

Google has fixed two vulnerabilities in Chrome that have been targeted by attackers in recent days.

Google

Deciphering Johnny Mnemonic

Zoe Lindsey, Pete Baker, and Dennis Fisher break down the delightfully goofy and moderately incoherent 1995 film Johnny Mnemonic.

Podcast, Hacker Movies