Security news that informs and inspires

All Articles

2324 articles:

Flaw in GRUB 2 Boot Loader Threatens Many Linux Systems

A buffer overflow (CVE-2020-10713) in the GRUB 2 boot loader can allow an attacker to gain code execution on many Linux systems and possibly some Windows computers.

Linux, Vulnerability

How Ransomware is Invading the Enterprise

Decipher editors Fahmida Y. Rashid and Dennis Fisher are joined by a panel of security experts to discuss the evolution of ransomware attacks and how groups are now focusing on enterprise targets.

Video

FBI Warns of DDoS Attacks Abusing Network Protocols

The Federal Bureau of Investigation warned in a “private industry notification” last week that attackers are increasingly using amplification techniques in distributed denial-of-service attacks. There has been an uptick in attack attempts since February, the agency’s Cyber Division said in the alert.

Ddos

Wyden: EARN IT Act a ‘Horrendous Effort’ to Regulate Speech

The EARN IT Act would create a flood of state laws regulating Internet use and curtail the use of encrypted services, Sen. Ron Wyden says.

Government, Encryption

Decipher Podcast: Katie Moussouris Returns

Katie Moussouris, hacker and CEO of Luta Security, joins Dennis Fisher for a long overdue conversation about vulnerability management, bug bounty programs, and assessing risk.

Podcast

MATA Cross-Platform Malware Framework Tied to Lazarus Group

A malware framework known as MATA that targets Windows, Linux, and macOS machines has been attributed to the Lazarus group tied to North Korea.

APT

EU Court Strikes Down Privacy Shield

The European Union’s Court of Justice ruling to strike down Privacy Shield means non-European companies must provide privacy controls that align with European data protection laws for European users regardless of where that information is stored or transferred.

Privacy

Deciphering The Conversation

Zoe Lindsey and Peter Baker join Dennis Fisher to break down the 1974 Francis Ford Coppola paranoid classic The Conversation, a film that predicted today's surveillance culture and is a master class is social engineering and hacking.

Podcast, Hacker Movies

Russian Attackers Target COVID-19 Vaccine Research

US and UK intelligence agencies say a Russian attack group known as APT29 is targeting organizations associated with COVID-19 vaccine research.

APT, Russia

Google Debuts Confidential VMs to Protect Cloud Data in Use

Google Cloud Confidential VMs, now in beta, allows customers to run workloads in the cloud on data that is encrypted while it's in use.

Google, Cloud

SAP Patches Critical Flaw Across Product Line

A vulnerability in a NetWeaver component (CVE-2020-6287) that can be exploited by a remote unauthenticated attacker has been patched by SAP.

SAP

Wormable Flaw in Windows DNS Server Can Take Over IT Networks

DNS issues are bad news, and SigRed is among the worst: Microsoft fixes a flaw in Windows DNS Server which has a severity rating of 10 and is believed to be wormable.

Windows, DNS, Vulnerability, Patch

Mozilla to Cut TLS Certificate Lifespan Nearly in Half

Mozilla will reduce the valid lifespan of TLS certificates in its root store to 398 days in a move to limit exposure for keys and certificates.

Mozilla, Encryption

Google Releases Tsunami Vulnerability Scanner

Google's Tsunami scanner is designed specifically to find critical vulnerabilities in large-scale enterprise networks.

Google

Lab Presents: What Data Brokers Know About Users

Under California’s data privacy law, consumers can ask companies for data that has been collected about them. However, this Duo Labs research reveals how the complex web of data sharing and partnerships makes it very difficult for consumers to know who has their data, let alone what is being collected.

Labs Research, Privacy, Location Data, CCPA