Security news that informs and inspires

All Articles

2376 articles:

iOS 13.5.1 Fixes Kernel Zero Day

Apple has patched, for the second time, a vulnerability in the iOS kernel that has been used in jailbreak tools.

Apple, Ios

NSA Warns Russian Attackers are Exploiting Old Exim Flaw

The Sandworm team, associated with the Russian GRU, is exploiting a flaw in the Exim mail transfer agent, the NSA warned in a new advisory.

Vulnerability, Government

Decipher Podcast: Alex Pinto

Alex Pinto from Verizon Enterprise joins Dennis Fisher to discuss the findings of the 2020 Data Breach Investigations Report.

Podcast

Malware Infects NetBeans Projects In Software Supply Chain Attack

The Octopus Scanner malware compromised 26 open source projects hosted on GitHub in a new supply chain attack targeting NetBeans projects, GitHub Security Lab said.

Supply Chain, Appdev, Github

OpenSSH Will Deprecate SHA-1

OpenSSH will soon deprecate the use of SHA-1 because of the risk of specific attacks against the algorithm.

SSH, Cryptography

Analysis of DNS Traffic Uncovers DDoS Attacks

Internet usage in 2020 is shaping up to be very different from how it was at the end of 2019. New DNS research from Farsight Security shows where people have been spending their time online and uncovered previously unknown distributed denial of service attacks.

Ddos, DNS

Stolen Credentials Behind Supercomputing Attacks

Compromised credentials and empty SSH passphrases led to the string of attacks on academic supercomputing sites in recent weeks.

Supercomputers

Two Years of GDPR Changed Privacy Landscape

Two years may have passed since enforcement of the European Union’s General Data Protection Regulation began, but regulators are just wrapping up the first wave of investigations. Change comes slowly in the realm of data privacy, and it is still too soon to try to improve the regulation.

GDPR, Privacy

Hacker Allegedly Connected to Collection 1 Credential Dump Arrested

Authorities in Ukraine arrested a suspect they say is Sanix, a hacker connected to the sale of the huge Collection 1 credential database.

Cybercrime

Most Applications Contain Vulnerable Open Source Libraries

Modern software development relies on open source libraries, even for those applications that are sold commercially and aren’t open source. A pair of reports from Veracode and Synopsys illustrate how these components are introducing vulnerabilities into these applications.

Open Source, Application Security, Javascript

Decipher Podcast: Ping Look

Ping Look, senior director of Microsoft's Detection and Response Team, joins Dennis Fisher to talk about her team's work helping enterprises recover from intrusions, the spike in ransomware infections, and understanding attacker behavior.

Podcast, Microsoft

Google Makes DNS Over HTTPS Default in Chrome

Chrome 83 introduces default support for DNS over HTTPS to protects users' DNS queries from surveillance.

Encryption

Attacks Based on Credential Theft On The Rise, DBIR Says

In the 13th Data Breach Investigations Report, Verizon researchers found that attackers are relying less on malware and more on stolen or lost credentials to carry out their attacks.

Data Breaches

Supercomputer Sites Still Struggling After Attacks

The attacks that hit numerous academic supercomputing sites have kept the powerful clusters offline for a week.

Supercomputers

Attacks Knock Supercomputing Sites Offline

A series of possibly related incidents has forced supercomputing site ARCHER in the UK and several others in Germany offline in the past few days.

Critical Infrastructure Security