SEARCH
All Articles
Industry Groups Don’t Like Commerce Department’s Supply Chain Security Rules
Multiple business groups have pushed back on the Department of Commerce's proposed supply chain rules on information and communications technology supply chain security due to vague language and undefined scope.
‘We Can’t Be Complacent’ About the Crypto Debate
The encryption debate is as old as the Internet, and Jennifer Granick warns that giving ground now could have serious long-term effects.
Microsoft Mines Events Logs for RDP Brute-Force Attacks
Microsoft looked at Windows Events Log to understand what RDP brute-force attacks looked like in the enterprise, and found that attackers frequently space out the login attempts over several days to avoid detection.
Lawmakers Ask FCC to Do Something About SIM Swapping
Criminals can bypass two-factor authentication and hijack user accounts by simply convincing a mobile carrier to swap SIM cards for a phone number. A group of Senators and Representatives are asking the FCC to protect consumers from these kinds of scams.
Mozilla Patches Firefox Zero Day Under Active Attack
Mozilla has released an emergency fix for a vulnerability in Firefox that attackers are actively exploiting.
MITRE Adds ICS-Specific Techniques to ATT&CK Framework
MITRE adds information about threat groups, malware, and techniques used by adversaries in attacks against industrial control systems in its ATT&CK framework.
SHA-1 ‘Fully and Practically Broken’ By New Collision
A chosen prefix collision in SHA-1 has demonstrated a new issue with the venerable hash function developed by the NSA.
Firefox to Allow Users to Delete Telemetry Data
As CCPA goes into effect, Mozilla is making a change that will allow people to request the deletion of any telemetry data collected by Firefox.
Government Officials Warn of Potential Iranian Cyberattacks
The Iranian government has a lot of options to consider in its response after the United States military killed Qassem Soleimani, the chief of Iran’s Quds Force. Government officials in the United States are warning organizations that cyberattacks are possible, and to step up monitoring.
CISA Seeks Comments on How Government Should Handle Vulnerability Reports
There is still time for security professionals in and out of government to weigh in on CISA's soon-to-be-released directive on how federal agencies should handle vulnerability reports.
Microsoft Targets North Korean Hackers in Domain Takedown
Microsoft took over 50 domains used by threat actors known as Thallium, which the company says are operating from North Korea.
Drupal Patches Arbitrary File Upload Flaw
Drupal has released fixes for a file-upload flaw that could lead to remote code execution.
Apple Opens Up Bug Bounty Program
Apple has opened its bug bounty program up to the broad research community, offering payments of up to $1.5 million.
BeyondProd Lays Out Security Principles for Cloud-Native Applications
First, it was Beyond Corp, to shift security away from the perimeter and onto individual users and devices. Now it is BeyondProd, to apply zero-trust principles to cloud-native applications and workloads that rely on microservices and communicate primarily over APIs.
Deciphering Die Hard
Zoe Lindsey, Pete Baker, and Dennis Fisher dive into Doe Hard, a modern classic with some interesting security lessons.