Security news that informs and inspires

All Articles

2376 articles:

Magecart Targets Advertising Supply Chain in New Attack

Magecart Group 12 was able to compromise a French online advertising provider to spread a skimmer to hundreds of victim sites.

Cybercrime, Magecart

Decades-Old Flaws Found in SCP Clients

Several SCP clients, including OpenSSH, are vulnerable to a set of bugs that can allow an attacker to download arbitrary files.

Vulnerability

Researchers Uncover Serious Flaws in Access Management System

Tenable Security researchers have found a series of flaws in the PremiSys access management system that can allow admin access to the application.

Vulnerabilities

The Unholy Alliance of Emotet, TrickBot and the Ryuk Ransomware

Researchers have been tracking a group using the Emotet and TrickBot malware to install the Ryuk ransomware in enterprises.

Ransomware

Decipher Podcast: Stefan Tanase

Dennis Fisher talks with Stefan Tanase about the creeping problem of Internet Balkanization.

Podcast

Bringing Security to USB Type-C, or More Limitations?

The USB Type-C Authentication Program will attempt to address the very real dangers of USB-based attacks, such as USB devices loaded with malicious payloads to compromise the host system and counterfeit cables that can deliver too much (or too little!) power and damage the system.

Hardware

Yubico Adds NFC-Enabled and Lightning Security Keys

Yubico is bringing hardware-based 2FA to mobile devices with two new security keys, including one that has NFC support.

2fa

Phishing Frameworks and Toolkits Continue to Mature

New tools such as Modlishka and frameworks such as Gophish enable organizations to test their awareness and resilience to phishing campaigns.

Phishing, 2fa

BlackBerry Turns Focus to IoT Security

BlackBerry is offering a new set of services for IoT manufacturers to help them build more secure devices.

Iot Security

Marriott Breach Included 5 Million Passport Numbers

More than five million passport numbers were stolen as part of the Marriott data breach, which the company says affected as many as 383 million people.

Data Breaches

Google Patches Old Chrome Flaw on Android That Disclosed Device Info

Google has patched a three-year0old bug in Chrome on Android that disclosed vital device and firmware information that could be used in attacks.

Google

Deciphering Office Space

Office Space mixes the ennui of the late '90s tech industry and the pain of a dead-end job like no other movie. This is Deciphering Office Space.

Podcast, Hacker Movies

Open Source Software Needs Funding, Not Bug Bounty Programs

Bug bounty programs fill a need, but the European Union's offer to pay bug bounties for vulnerabilities in open source forgets one thing: projects don't need more flaws. Open source projects need people to fix the flaws.

Software Security, Open Source, Bug Bounty

Government Shutdown Impacts Enterprise Security

The government shutdown isn't impacting just security professionals working for the federal government. Corporate security teams have to pay attention to what public services are available and what aren't during this time period.

Government, Enterprise Security, CISO

A Note to All the Holiday IT Folks

The next time you are asked to weigh in on tech questions, turn them into learning opportunities. Share information security awareness over appetizers and privacy knowledge over dessert. Make your corner of the world just a little bit more secure.

Security Awareness, User Education, Security Training