Security news that informs and inspires

All Articles

2376 articles:

GDPR Lawsuit Targets Oracle, Salesforce Use of AdTech Cookies

A consumer privacy campaign group, The Privacy Collective, has filed a lawsuit in Amsterdam against Salesforce and Oracle for allegedly violating the European Union’s General Data Protection Regulation over the companies' use of cookies and real-time bidding.

GDPR

Researchers Develop Attacks Targeting End-to-End Encryption in Emails

A group of academic researchers have developed practical attacks targeting two widely used end-to-end encryption schemes for email, which could lead to man-in-the-middle decryption attacks and exfiltration of private keys.

Encryption, End to End Encryption

Cryptomining Botnet Steals AWS Credentials

TeamTNT, a crypto-mining botnet, is stealing Amazon Web Services credentials from infected Docker and Kubernetes servers.

Cryptomining

EmoCrash Exploit Helped Slow the Spread of Emotet for Months

The EmoCrash exploit took advantage of a flaw in the Emotet trojan's code to help defenders stop the malware for more than six months.

Emotet, Malware

Apache Warns of Serious Flaw in Struts

A vulnerability in Apache Struts (CVE-2019-0230) can lead to remote code execution in some circumstances.

Apache

Decipher Podcast: Jennifer Leggio

Dennis Fisher is joined by Jennifer Leggio, CMO of Claroty, to talk about her career path from journalist to executive and the challenges of learning the intricacies of security in OT environments.

Podcast

NSA and FBI Detail Russian Use of Drovorub Linux Malware

The NSA and FBI have exposed a previously unknown malware tool called Drovorub that the agencies say has been deployed by APT28.

Government

Microsoft Patches Zero Days Used in Targeted Attacks

Microsoft on Tuesday patched flaws in Internet Explorer an Windows that have been used in active attacks.

Microsoft

US and EU May Try for Another Privacy Shield

The United States is trying to hammer out another data transfer agreement with the European Union after the EU Court of Justice struck down the EU-US Privacy Shield framework last month for “inadequate” privacy protections.

Privacy

Amazon Fixes Five Flaws in AWS Encryption Client

Amazon has patched five vulnerabilities in its AWS Encryption Client, including a CBC padding oracle flaw.

AWS Security

Google Rolls Out SameSite Cookie Changes to Chrome

Read about Google’s SameSite update, which changes how the Chrome web browser handles third-party cookies for improved security.

Browser Security, Privacy

Decipher Podcast: Robert Hansen

Dennis Fisher is joined by Robert Hansen, CTO of Bit Discovery, to talk about finding forgotten network assets, breaking things, and building a business.

Podcast

Facebook Releases Static Code Analysis Tool for Python

Facebook has open-sourced Python Static Analyzer, an internally-developed static code analyzer for finding and fixing flaws in Python code. Pysa analyzes how data flows through the application to identify security issues that result when data winds up in an area of the application is shouldn't be able to reach.

Application Security, Python

When Going in Reverse Moves You Forward

Reverse engineering to find the root cause of vulnerabilities can be a frustrating task, but even the analyses that go wrong can produce lessons and new skills.

Black Hat

Decipher Podcast: Black Hat 2020

Dennis Fisher is joined by Brian Donohue, Chris Brook, and Mike Mimoso to discuss the experience of watching the Black Hat talks online this year and what progress the industry has made in keeping people secure.

Podcast