Microsoft fixed a critical remote code execution flaw in the SMBv1 protocol in many of the current Windows versions.
Billions of network-connected devices, such as printers, routers, smart TVs, and video game consoles, are open to attack via the CallStranger vulnerability in the Universal Plug and Play (UPnP) protocol.
Protecting data while in use is a challenge. IBM released an open source toolkit to help developers implement fully homomorphic encryption in their applciations.
People enrolled in Google's Advanced Protection Program can now use hardware keys that support WebAuthn with their iOS devices.
Hundreds of thousands of Exchange servers are still vulnerable to a dangerous flaw (CVE-2020-0688) four months after Microsoft released a patch for it.
New data shows that hundreds of thousands of Exim servers are still running versions vulnerable to flaws disclosed and patched last year.
Apple has patched, for the second time, a vulnerability in the iOS kernel that has been used in jailbreak tools.
The Sandworm team, associated with the Russian GRU, is exploiting a flaw in the Exim mail transfer agent, the NSA warned in a new advisory.
Alex Pinto from Verizon Enterprise joins Dennis Fisher to discuss the findings of the 2020 Data Breach Investigations Report.
The Octopus Scanner malware compromised 26 open source projects hosted on GitHub in a new supply chain attack targeting NetBeans projects, GitHub Security Lab said.
Internet usage in 2020 is shaping up to be very different from how it was at the end of 2019. New DNS research from Farsight Security shows where people have been spending their time online and uncovered previously unknown distributed denial of service attacks.
OpenSSH will soon deprecate the use of SHA-1 because of the risk of specific attacks against the algorithm.
Compromised credentials and empty SSH passphrases led to the string of attacks on academic supercomputing sites in recent weeks.
Two years may have passed since enforcement of the European Union’s General Data Protection Regulation began, but regulators are just wrapping up the first wave of investigations. Change comes slowly in the realm of data privacy, and it is still too soon to try to improve the regulation.
Authorities in Ukraine arrested a suspect they say is Sanix, a hacker connected to the sale of the huge Collection 1 credential database.