Security news that informs and inspires

All Articles

2324 articles:

Microsoft Patches Zero Days Used in Targeted Attacks

Microsoft on Tuesday patched flaws in Internet Explorer an Windows that have been used in active attacks.

Microsoft

US and EU May Try for Another Privacy Shield

The United States is trying to hammer out another data transfer agreement with the European Union after the EU Court of Justice struck down the EU-US Privacy Shield framework last month for “inadequate” privacy protections.

Privacy

Amazon Fixes Five Flaws in AWS Encryption Client

Amazon has patched five vulnerabilities in its AWS Encryption Client, including a CBC padding oracle flaw.

AWS Security

Google Rolls Out SameSite Cookie Changes to Chrome

Read about Google’s SameSite update, which changes how the Chrome web browser handles third-party cookies for improved security.

Browser Security, Privacy

Decipher Podcast: Robert Hansen

Dennis Fisher is joined by Robert Hansen, CTO of Bit Discovery, to talk about finding forgotten network assets, breaking things, and building a business.

Podcast

Facebook Releases Static Code Analysis Tool for Python

Facebook has open-sourced Python Static Analyzer, an internally-developed static code analyzer for finding and fixing flaws in Python code. Pysa analyzes how data flows through the application to identify security issues that result when data winds up in an area of the application is shouldn't be able to reach.

Application Security, Python

When Going in Reverse Moves You Forward

Reverse engineering to find the root cause of vulnerabilities can be a frustrating task, but even the analyses that go wrong can produce lessons and new skills.

Black Hat

Decipher Podcast: Black Hat 2020

Dennis Fisher is joined by Brian Donohue, Chris Brook, and Mike Mimoso to discuss the experience of watching the Black Hat talks online this year and what progress the industry has made in keeping people secure.

Podcast

Hacking Medical Devices to Hijack Secure Facilities

Security researchers have demonstrated in the past how implanted medical devices such as insulin pumps and pacemakers can be compromised. A team from Virginia Polytechnic Institute and State University investigated how these devices could be used to compromise secure facilities used to work on classified information.

Black Hat, Medical Devices

The DoH Continues to Rise

Adoption of DNS over HTTPS (DoH) continues to rise, but so do concerns about network visibility and centralization of DNS services.

DNS, Black Hat

The Hacker Movie Sequels You Didn’t Know You Needed

Dennis Fisher, Zoe Lindsey, and Pete Baker got tired of waiting for Hollywood to make sequels to some of our favorite hacker movies, so we came up with some pitches for the sequels we'd like to see.

Podcast

Lawmakers Ask FTC to Investigate Data Brokers

A group of Congressional lawmakers urged the Federal Trade Commission to investigate ad-tech companies and data brokers who collect and sell consumers’ personal information.

FTC, Data Privacy

DHS Exposes Chinese Malware Tools

The US government has published a detailed analysis of the Taidoor trojan it says is used by the Chinese government in network compromises.

Malware

Criminals Find a Way to Clone EMV Cards

The shift from payment cards with magnetic stripes to EMV chips was supposed to stomp out card cloning, except cybercriminals appear to have figured out a workaround.

Finance, Bank Security, PCI DSS

Microsoft to Remove Windows Updates Using SHA-1 Hash

Microsoft strikes another nail in the SHA-1 coffin with the announcement that all updates that had been signed using SHA-1 hash will be removed from the Microsoft Download Center.

Cryptography