SEARCH
All Articles
NIST Act to Improve SMB Security Becomes Law
Under the newly minted law NIST Small Business Cybersecurity Act, NIST will have a year to release guidance and resources to help small businesses improve their security posture.
Clarity Needed Over New Rules on Use of Cyber Weapons
The White House has rescinded the directive that restricted how United States could respond to online attacks. Will this act as deterrence or escalate breaches and attacks into armed conflict?
What IT Needs to Know About Foreshadow
Foreshadow/L1TF refer to a group of vulnerabilities that can be exploited in modern Intel chips using speculative execution attacks to bypass security protections and harvest sensitive information.
Microsoft Fixed Multi-factor Authentication Bypass Flaw
The flaw in Microsoft's Active Directory Federation Services lets an attacker use the same second factor to bypass multi-factor authentication for any account running on the same service. Microsoft has patched the flaw.
More Details on Google’s Shielded VMs
Google’s new Shielded VMs help enterprises protect their Google Cloud workloads from attacks against the hardware and firmware.
Trailblazer Hunts Credential Abuse in AWS
A particularly vexing challenge in authentication is finding cases where credentials have been compromised or when login attempts are not legitimate. Netflix has open-sourced an internal tool called Trailblazer that uses AWS CloudTrail to help tackle this challenge in a scalable way.
Facebook Hands Out Research Grants for Defensive Technologies
Facebook has given academic researchers more than $800,000 to pursue proposals for new defensive techniques.
The Mafia Doesn’t Control Cybercrime
Just because cybercriminals are organized doesn’t mean they are part of organized crime such as the Mafia, an Oxford University researcher said at Black Hat.
‘Everyone Who Cares About User Security Needs to Collaborate’
As the world's dependence on technology continues to increase, the need for collaboration on defensive projects is becoming more acute, as well.
Decipher Podcast: Black Hat Preview
Decipher editors Dennis Fisher and Fahmida Rashid preview this year's Black Hat USA conference in the first episode of the podcast.
Facebook Open Sources Fizz For TLS 1.3 Deployments
TLS 1.3 has been approved, and Facebook has open sourced Fizz, a TLS 1.3 library, to help developers and server operators deploy TLS 1.3 for their mobile apps, services, and appliances such as load balancers
New Tool Enables Detection of Twitter Bots at Scale
Two researchers have developed a model that can detect bot accounts on Twitter at a massive scale and with a high degree of accuracy.
Dennis Has Some Questions About…Passwords
People love to hate passwords and most of us aren't very good at creating and remembering them. But we still need them so here's how to create strong passwords.
Disclose.io Offers Security Researchers Safe Harbor
Disclose.io provides a clear legal framework to protect organizations and researchers engaged in vulnerability disclosure programs. The goal is to protect those engaged in good-faith security research from legal action.
Reddit Breach Illustrates Dangers of 2FA Over SMS
Reddit had two-factor authentication enabled on the employee accounts that was breached. The SMS-based method is susceptible to attacks, and Reddit learned that the hard way.