Security news that informs and inspires

All Articles

2376 articles:

Tech Companies Push Back Against Australia’s Crypto Backdoor Bill

Apple, Cisco, Mozilla, and other tech providers say a proposed law in Australia to force backdoors in encrypted services would weaken security for everyone.

Encryption, Government

Android Trojan Imitates Google Play Store

Cisco Talos researchers have discovered an Android trojan called GPlayed that mimics the Google Play store and can morph once it's installed.

Android

Labs Presents: Browser Settings When Using Personal VPNs

The main point of using a personal VPN is to surf the interwebs in privacy, away from prying eyes. Lock down the browser before starting up the personal VPN for maximum benefits.

Labs Research, Vpn

Labs Presents: Reasons for Using a Personal VPN

Personal VPNs have a lot of expectations, and they aren't suited for all of them. But there are some scenarios that are ideal for personal VPNs.

Labs Research, Vpn

Foreign Cyberattacks ‘Getting Worse Not Better’

Senators and law enforcement officials warned that cyberattacks by foreign adversaries are reaching a critical point.

Government

Labs Presents: Evaluating Personal VPNs

People expect the personal VPN to hide or otherwise obscure what they are doing on the Internet. Some are better than others, but it is difficult to evaluate them on technical merits. Duo Labs provides guidelines on how to pick a personal VPN that matches your threat model.

Labs Research, Vpn, Privacy, Security

Apple Fixes Passcode Bypasses in iOS 12.01

In a small update to iOS, Apple has fixed two bugs that allowed someone to bypass the passcode on a locked iPhone.

Apple

Hardware Security Keys Go Open Source With Solo

The Solo security keys are based on open-source software and hardware designs and work with both desktop and mobile devices for two-factor authentication.

2fa

New California Law Requires Strong Passwords for Internet of Things

Thank you California. Gov. Brown has signed into the law that requires manufacturers to give Internet-connected devices unique passwords and not weak passowords like "admin" by default.

Iot Security, Legislation

Chinese Spies Planted Hardware Backdoors on Servers in Supply Chain Attack

Whether or not Chinese spies actually planted rogue chips into Super Micro servers, this kind of supply chain attack is feasible. This is just the tip of the iceberg.

Supply Chain, Hardware, Data Breaches

Russian APTs Turla and Sofacy Sharing Code and Targets

Two Russian-speaking APT teams recently have been seen using shared code and targeting the same organizations.

Apt, Malware

Toward Dynamic Profiling of Adversaries

Creating static profiles of APT groups has limited value as tactics and tools shift constantly. So some researchers are advocating a move to dynamic profiles of adversaries.

Apt

After Account Breach, Attackers Can Use Single Sign-On to Take Over More Accounts

Facebook revoked its session tokens after the massive breach. A team of researchers from the University of Illinois at Chicago lay out what attackers could do with those session tokens if they hadn't been reset.

Data Breaches, Sso

New KRACK Attacks Appear

A research team from KU Leuven in Belgium has disclosed new key reinstallation attacks against WiFi networks.

Wifi

Understanding the Defense Department’s New Cyber Strategy

Will adversaries think twice about going after U.S. networks knowing that the Department of Defense now considers offensive tactics as part of its arsenal? Scythe's Bryson Bort and Endgame's Andrea Limbago discuss the shift towards offensive cyber operations and what it means for deterrence.

Federal, Government