<![CDATA[Decipher]]> decipher.sc Decipher is an independent editorial site that takes a practical approach to covering information security. Through news analysis and in-depth features, Decipher explores the impact of the latest risks and provides informative and educational material for readers curious about how security affects our world. Mon, 19 Nov 2018 00:00:00 -0500 en-us info@decipher.sc Copyright 2018 3600 <![CDATA[U.S. Says Russia, Other Nations, Are Uncooperative on Cybercrime Investigations]]> dennis@decipher.sc(Dennis Fisher) https://duo.com/decipher/us-says-russia-other-nations-are-uncooperative-on-cybercrime-investigations https://duo.com/decipher/us-says-russia-other-nations-are-uncooperative-on-cybercrime-investigations Mon, 19 Nov 2018 00:00:00 -0500

A deputy U.S. attorney general said that Russia and other nations stonewall cybercrime investigations and called for international cooperation.]]>
<![CDATA[AWS Adds Feature to Block Public Access to S3 Buckets]]> dennis@decipher.sc(Dennis Fisher) https://duo.com/decipher/aws-adds-feature-to-block-public-access-to-s3-buckets https://duo.com/decipher/aws-adds-feature-to-block-public-access-to-s3-buckets Fri, 16 Nov 2018 00:00:00 -0500

Amazon's AWS cloud platform now has a security feature that will block all public access to S3 data storage buckets.]]>
<![CDATA[Firefox to Warn Users When They Visit Breached Sites]]> dennis@decipher.sc(Dennis Fisher) https://duo.com/decipher/firefox-to-warn-users-when-they-visit-breached-sites https://duo.com/decipher/firefox-to-warn-users-when-they-visit-breached-sites Thu, 15 Nov 2018 00:00:00 -0500

In the coming weeks, Firefox will begin to warn users when they visit a site that has been part of a data breach.]]>
<![CDATA[ICT Task Force Meets to Set Supply Chain Standards]]> fahmida@decipher.sc(Fahmida Y. Rashid) https://duo.com/decipher/ict-task-force-meets-to-set-supply-chain-standards https://duo.com/decipher/ict-task-force-meets-to-set-supply-chain-standards Thu, 15 Nov 2018 00:00:00 -0500

Attacks on the global supply chain—sabotaging hardware components, installing malware or backdoors in software—are stuff security nightmares are made of. The ICT Task Force, formed by the Department of Homeland Security, meets to help companies manage their risk.]]>
<![CDATA[Congress Votes to Create New Federal Cybersecurity Agency]]> dennis@decipher.sc(Dennis Fisher) https://duo.com/decipher/congress-votes-to-create-new-federal-cybersecurity-agency https://duo.com/decipher/congress-votes-to-create-new-federal-cybersecurity-agency Wed, 14 Nov 2018 00:00:00 -0500

A bill that passed the House Tuesday will create the new Cybersecurity and Infrastructure Security Agency to handle the government's cybersecurity responsibilities. ]]>
<![CDATA[Chip-Based Credit Cards Did Not Stop Payment Card Fraud]]> fahmida@decipher.sc(Fahmida Y. Rashid) https://duo.com/decipher/chip-based-credit-cards-did-not-stop-payment-card-fraud https://duo.com/decipher/chip-based-credit-cards-did-not-stop-payment-card-fraud Mon, 12 Nov 2018 00:00:00 -0500

Three years ago, the United States shifted to chip-enabled credit and debit cards. The big promise was that chip cards would reduce payment card fraud. While that is mostly true, millions of chip-cards are still getting stolen because some merchants haven't made the switch.]]>
<![CDATA[The Deep, Dark Reach of the Magecart Group]]> dennis@decipher.sc(Dennis Fisher) https://duo.com/decipher/the-deep-dark-reach-of-the-magecart-group https://duo.com/decipher/the-deep-dark-reach-of-the-magecart-group Mon, 12 Nov 2018 00:00:00 -0500

The Magecart group has been compromising web stores and skimming card numbers from them for several years, and security researchers are exposing much of the group's techniques and tactics.]]>
<![CDATA[Congress May Consider a U.S. Version of GDPR]]> fahmida@decipher.sc(Fahmida Y. Rashid) https://duo.com/decipher/congress-may-consider-a-us-version-of-gdpr https://duo.com/decipher/congress-may-consider-a-us-version-of-gdpr Fri, 09 Nov 2018 00:00:00 -0500

Despite high-profile data breaches, increased scrutiny of how consumer data is used, and several hearings, there hasn’t been a lot of movement on privacy legislation out of Congress. That may change if lawmakers decide to pass the U.S. version of the European Union's data privacy law.]]>
<![CDATA[Google Data Shows Tiny Fraction of Android Devices Run Malicious Apps]]> dennis@decipher.sc(Dennis Fisher) https://duo.com/decipher/google-data-shows-tiny-fraction-of-android-devices-run-malicious-apps https://duo.com/decipher/google-data-shows-tiny-fraction-of-android-devices-run-malicious-apps Fri, 09 Nov 2018 00:00:00 -0500

A new transparency report on Android security shows that far less than one percent of all devices have a potentially harmful app running on them.]]>
<![CDATA[U.S. Cyber Command is Making Foreign Malware Tools Public]]> dennis@decipher.sc(Dennis Fisher) https://duo.com/decipher/us-cyber-command-is-making-foreign-malware-tools-public https://duo.com/decipher/us-cyber-command-is-making-foreign-malware-tools-public Thu, 08 Nov 2018 00:00:00 -0500

A group within the U.S. Cyber Command is now contributing malware samples to VirusTotal, part of a broader strategy to put pressure on foreign adversaries.]]>
<![CDATA[Google Expands Automated OSS-Fuzz Program]]> dennis@decipher.sc(Dennis Fisher) https://duo.com/decipher/google-expands-automated-oss-fuzz-program https://duo.com/decipher/google-expands-automated-oss-fuzz-program Wed, 07 Nov 2018 00:00:00 -0500

Google's OSS-Fuzz open source fuzzing project has identified more than 9,000 bugs in less than two years and is now expanding.]]>
<![CDATA[NIST Looking at AI to Calculate Bug Severity ]]> fahmida@decipher.sc(Fahmida Y. Rashid) https://duo.com/decipher/nist-looking-at-ai-to-calculate-bug-severity https://duo.com/decipher/nist-looking-at-ai-to-calculate-bug-severity Wed, 07 Nov 2018 00:00:00 -0500

IBM has been touting the potential of using Watson to help security analysts analyze large volumes of security data and make security decisions. The National Institutes of Standards and Technology may be considering using AI to help determine the severity of software vulnerabilities.]]>
<![CDATA[Apache Warns of Critical Flaw in Struts 2 Framework]]> dennis@decipher.sc(Dennis Fisher) https://duo.com/decipher/apache-warns-of-critical-flaw-in-struts-2-framework https://duo.com/decipher/apache-warns-of-critical-flaw-in-struts-2-framework Tue, 06 Nov 2018 00:00:00 -0500

There is a serious flaw in the file upload component in the Struts 2.3.x framework that can lead to remote code execution on vulnerable apps.]]>
<![CDATA[Crypto Implementation Flaws Found in Popular Solid-State Drives]]> dennis@decipher.sc(Dennis Fisher) https://duo.com/decipher/crypto-implementation-flaws-found-in-popular-solid-state-drives https://duo.com/decipher/crypto-implementation-flaws-found-in-popular-solid-state-drives Mon, 05 Nov 2018 00:00:00 -0500

Researchers at Radboud University have uncovered a number of serious weaknesses in self-encrypting solid-state drives.]]>
<![CDATA[New Bluetooth Bugs Let Attackers Take Over Wi-Fi Networks]]> fahmida@decipher.sc(Fahmida Y. Rashid) https://duo.com/decipher/latest-bluetooth-flaws-let-attackers-take-over-wi-fi-networks https://duo.com/decipher/latest-bluetooth-flaws-let-attackers-take-over-wi-fi-networks Fri, 02 Nov 2018 00:00:00 -0400

The likelihood of a successful attack using a pair of vulnerabilities in some wireless access points with Bluetooth Low Energy chips against an enterprise network is currently low, but the fact that such an attack can bypass network segmentation is worrying.]]>
<![CDATA[Wyden Proposes Severe Fines, Jail Time for Corporate Privacy Violations]]> dennis@decipher.sc(Dennis Fisher) https://duo.com/decipher/wyden-proposes-severe-fines-jail-time-for-corporate-privacy-violations https://duo.com/decipher/wyden-proposes-severe-fines-jail-time-for-corporate-privacy-violations Fri, 02 Nov 2018 00:00:00 -0400

Sen. Ron Wyden is circulating a draft of a bill that would punish corporate privacy violations with massive fines and potential jail time for executives.]]>
<![CDATA[Google Boosts Account Security]]> dennis@decipher.sc(Dennis Fisher) https://duo.com/decipher/google-ups-account-security https://duo.com/decipher/google-ups-account-security Thu, 01 Nov 2018 00:00:00 -0400

Google has added some new protections designed to help users detect or recover from account compromises.]]>
<![CDATA[Pay or Not Pay a Ransom? It's Not That Simple]]> fahmida@decipher.sc(Fahmida Y. Rashid) https://duo.com/decipher/pay-or-not-pay-ransom-its-not-that-simple https://duo.com/decipher/pay-or-not-pay-ransom-its-not-that-simple Thu, 01 Nov 2018 00:00:00 -0400

What does dumping toxic waste in the the Chicago River and paying cyber extortionist have in common? Quite a lot, actually. Risk management expert Tony Martin-Vegue looks at the factors that drive the decision to pay or not pay the ransom after an attack.]]>
<![CDATA[Netflix Releases Stethoscope Desktop App to Check Device Health]]> dennis@decipher.sc(Dennis Fisher) https://duo.com/decipher/netflix-releases-stethoscope-desktop-app-to-check-device-health https://duo.com/decipher/netflix-releases-stethoscope-desktop-app-to-check-device-health Wed, 31 Oct 2018 00:00:00 -0400

Netflix has released a desktop version of its open source Stethoscope security health check tool, which provides detailed information on how to fix security issues on a device.]]>
<![CDATA[Straight Talk with Real CISOs: Security Politics]]> wnather@duo.com(Wendy Nather) https://duo.com/decipher/straight-talk-with-real-cisos-security-politics https://duo.com/decipher/straight-talk-with-real-cisos-security-politics Wed, 31 Oct 2018 00:00:00 -0400

In this Straight Talk with Real CISOs video for Decipher, Wendy Nather (director of Advisory CISOs at Duo), Chad Loder (CEO and co-founder of Habitu8), and Manju Mude ("Paranoid" Security Leader at Oath) discuss how CISOs have to establish relationships within their organization to be able to]]>