Security news that informs and inspires

All Articles

2376 articles:

Georgia Bill Casts a Chill on Security Research

A bill in the Georgia senate would criminalize some activities that security researchers commonly perform.

Legislation

GitHub Alerts Help Fix Bugs in Ruby, JavaScript Code

When GitHub unveiled its Security Alerts scanning feature last November, it was betting that if project owners knew which software components they were using had vulnerabilities, they would update them with patched versions. GitHub said that by Dec. 1, 450,000 vulnerabilities had been resolved, either by removing the dependency entirely or swapping out with a more recent, patched version. That's a little over 10 percent of the vulnerabilities addressed, right off the bat.

App Security, Vulnerability, Software Security

Be Careful Using Machine Learning in Security

Recent advances in artificial intelligence, especially in deep learning and other machine learning approaches, are really exciting for the future of security. In the rush to roll out AI in security technology, it is easy to forget that machine learning is just a tool, and that like any tool, is the most effective when used by an expert.

Machine Learning, AI

CLOUD Act Grants Broad New Data-Gathering Powers to Governments

The CLOUD Act gives governments new powers to seize data stored in other countries, raising privacy concerns.

Government

Understanding the Virtual CSO

Organizations don't have to decide between hiring a CSO/CISO or not having a security leader at all. They can tap the CISO's security expertise by working with a virtual CSO. Gal Shpantzer and Wim Remes talk about the challenges of being an intricate part of the organization's security but still an outsider.

CISO

The Encryption Storm on the Horizon

The issues over encrypted data faced by Telegram in Russia and Apple in China could portend a conflict in the U.S. soon.

Encryption

Andy Ellis Has Your Back

Akamai CSO Andy Ellis takes an uncommon approach to his job, distributing responsibility for security across the organization.

Network Security, CISO

The Faces Change, But the Crypto Problem Remains the Same

The FBI and NSA desire to weaken encryption is still the same, despite change at the top of the agencies.

Encryption

IoT Security: Hard Problem, No Easy Answers

It’s easy to talk the security talk, but it isn’t so easy to walk the walk. We learned that the hard way at a IoT security workshop during the 2018 Security Analyst Summit. We were asked to design a security product to protect an average household’s collection of IoT devices.

Iot Security

Vulnerability Disclosure Doesn’t Mean Scaring Users

The disclosure this week of several new vulnerabilities in AMD chips--without any technical details--has again raised concerns about the way some researchers choose to deal with vendors on vulnerability research.

Vulnerability Disclosure

Mapping the Internet, Who’s Who? (Part Three)

It turned out to be harder than expected to create a definitive list of who is poking the Internet and looking for information about devices. Enter Grey Noise, whose mission is to count the scanners. While scanners scour the Internet looking for things, Grey Noise eavesdrops on everyone—researchers, defenders, and malicious actors—doing the scanning.

Internet, Cartography

Privacy Concerns Arise With Some Connected Cars

Some connected cars will download and permanently store data from phones that sync to them.

Privacy, Car Hacking

Mapping the Internet, Navigation (Part Two)

Whether or not a map is valuable depends entirely on how well someone can use it to navigate from one place to another. Same goes for Internet scans. The scanning tools pull together different types of information, such as the kind of device and how it is configured, but the resulting map—the scan data—is valuable only if people can use it to answer important questions.

Internet, Cartography

Uber Releases Metta Adversarial Simulation Tool

The Uber Metta adversarial simulation tool allows defenders to test their network detection systems.

Network Security, Tools

Mapping the Internet, One Device at a Time (Part One)

Just as people use search engines such as Google, Bing, and DuckDuckGo to find specific information on the Internet, there are special search engines that can find information about Internet-connected devices and networks. Think webcams, printers, smart light bulbs, industrial control systems, monitoring systems. Information about these devices are just a special search query away.

Internet, Cartography