Security news that informs and inspires

All Articles

2376 articles:

Straight Talk with Real CISOs: Security Politics

In this Straight Talk with Real CISOs video for Decipher, Wendy Nather (director of Advisory CISOs at Duo), Chad Loder (CEO and co-founder of Habitu8), and Manju Mude ("Paranoid" Security Leader at Oath) discuss how CISOs have to establish relationships within their organization to be able to

CISO

Google reCAPTCHA v3 Finds Bots With No User Interaction

Google's new reCAPTCHA v3 system uses a risk analysis system to build a score of how suspicious a user's traffic is.

Google

Cryptomining Malware Targets Poorly Configured Docker Instances

A wave of attacks is using exposed Docker APIs to install cryptomining malware on compromised hosts.

Malware

FDA Wants to See a Bill of Materials for Medical Devices

The Food and Drug Administration outlines what manufacturers have to do to develop secure medical devices on the draft of its premarket guidance. The FDA laid out recommendations on what information to provide when submitting the devices for premarket approval.

Government, Medical Devices, Iot Security, Iot Vulnerabilities

Old Flaw in X.org Server Allows Root Access, File Overwrite

A vulnerability in the X.org X Server software allows an authenticated attacker to gain root privileges and the ability to overwrite any files on a target system.

Linux

Apple’s Cook Decries User Surveillance, Calls For U.S. Privacy Law

Apple CEO Tim Cook said the collection of user information has led to a "data industrial complex" and called for a national privacy law.

Apple, Privacy

How WordPress is Eliminating Old Versions From the Internet

The WordPress security team has a tough job: regularly fixing security issues found in the most popular CMS while providing users with the tools to make sure they aren't running older vulnerable code.

Application Security, Wordpress, Patching

How Drop Networks Keep Cybercrime Groups in the Money

Reshippers and drop networks have become a key part of the global cybercrime economy.

Fraud

ICS Networks Plagued By Plaintext Passwords

A new report from CyberX study shows that industrial control systems and industrial internet of things continue to struggle with devices being connected to the internet and legacy protocols exposing passwords.

Iot Security, Manufacturing Security

Applications Using Apache .htaccess at Risk for Attacks

The original vulnerability may be in a jQuery plugin, but the disconnect in how web developers use .htaccess with the Apache web server and how the server is actually configured means there are potentially more applications out there that are vulnerable to attack.

Vulnerability, Appsec, Apache

Trio of Bugs in D-Link Routers Allows Device Takeover

A researcher has found three flaws in some D-Link wireless routers that can allow an attacker full control of an affected device.

Vulnerabilities

Android License Changes Raise Security Questions

Android has long been viewed as the less-secure mobile operating system compared to iOS, and Google's licensing changes to comply with the European Commission's anti-trust ruling can potentially make the ecosystem's overall security situation worse.

Android, Google, Mobile

Apple Puts Privacy and Security Out Front

Apple has launched a new privacy portal that details the company's security and privacy tools and allows users to download a copy of their personal data.

Privacy, Apple

DisruptOps Aims to Automate Cloud Security

A new SaaS firm is working to automate the security and operational aspects of cloud computing to take the burden off enterprises.

Cloud Security

Straight Talk with Real CISOs: Is That Really My Job?

In this Straight Talk with Real CISOs video for Decipher, Wendy Nather (director of Advisory CISOs at Duo), Chad Loder (CEO and co-founder of Habitu8), and Manju Mude ("Paranoid" Security Leader at Oath) swap stories about their CISO days and the importance of empathy in security.

CISO