All Articles

Browse by Category:

Browse by Tag:

Government Podcast Privacy Microsoft Malware Ransomware Vulnerability Data Breaches Google Encryption Apple Phishing 2fa Hardware Iot Security Apt Android Ciso Supply Chain Cybercrime Cloud Solarwinds Hacker Movies Internet Black Hat Facebook Labs Research Botnet Cisa Linux Patching Government Agencies Vulnerabilities Log4j Windows Patch Vpn Software Security Apache Open Source Legislation Bug Bounty Networking Gdpr Critical Infrastructure Security Mobile Mozilla Magecart Disinformation Vmware

2376 articles:

Decipher Podcast: Michael Bailey

Michael Bailey of FireEye joins Dennis Fisher to discuss his analysis of the Carbanak backdoor source code.

Podcast

The Dark Web is Small, Criminal Threats Are Not

While it’s intriguing that the Dark Web may be smaller than perceived, it was never the biggest threat to enterprises.

Cybercrime, Dark Web

Executive Order Asks a Lot Out of DHS

On paper, the executive order seems to have some good ideas on increasing the pool of talented security personnel for the federal IT workforce. Would DHS be able to deliver on these new programs?

Government

MegaCortex Ransomware Targets Corporate Networks

The new MegaCortex ransomware is using stolen domain controller credentials to gain a foothold in corporate networks before spreading.

Ransomware

Mozilla Setting Tight Restrictions for Firefox Add-Ons

Mozilla is going to ban Firefox add-ons with obfuscated code in a major overhaul of its policy.

Firefox

Off With Their Heads!

Calls for jail time for C-suite executives after a data breach are getting louder, but proposed legislation such as the Corporate Executive Accountability Act would not prevent data breaches. Instead, it would will simply result in organizations lawyering up, CISO Advisor Dave Lewis argues.

CISO, Corporate Security, Government

Wipro Breach Looks a Case of Gift Card Fraud

The attack on IT outsourcing giant Wipro appears to have been motivated by gift card fraud, not espionage or a supply-chain attack against another company.

Data Breaches, Fraud

Attackers Using Oracle WebLogic Flaw to Install Sodinokibi Ransomware

The Sodinokibi ransomware is being installed on vulnerable Oracle WebLogic servers that haven't been patched against CVE-2019-2725.

Ransomware, Oracle

Credit Union Sues Fintech Vendor for Security Lapses

Bessemer System Federal Credit Union is suing Fiserv for not fixing the security issues in its banking platform, and says that thousands of small banks and credit union using the same software don’t even know their customer data is also vulnerable.

Finance Security, Third Party Security, Risk

Privacy Advocates Urge Creation of Data Protection Agency

As Congress considers various privacy bills, advocates are pushing for a federal data protection agency to enforce any new law.

Privacy, Government

Docker Hub Breach Can Have a Long Reach

Docker revoked tokens linking GitHub and Bitbucket with Docker Hub accounts after discovering "unauthorized access" in its Hub database. Developers should check their code to ensure no unauthorized changes have been made.

Containers, Docker

New Side-Channel Attack Extracts Private Keys From Some Qualcomm Chips

Researchers from NCC Group developed an attack that can pull private keys from the hardware-backed keystore in some Qualcomm chips.

Hardware

Criminals Hosting Phishing Kits on GitHub

Phishing

DNSpionage Attackers Deploying New Karkoff Backdoor

The DNSpionage attack group is now using a new backdoor called Karkoff, which may have ties to the OilRig leaks as well.

DNS Security, Malware

Microsoft Will No Longer Recommend Forcing Periodic Password Changes

Users who hate having to change their Windows passwords every 60 days can rejoice: Microsoft now agrees that there is no point to forced password changes and will be removing that recommendation from its security recommendations.

Microsoft, Passwords