SEARCH
All Articles
Google to Pay for Security Upgrades in Open Source Projects
Google is amending its patch reward program to provide up-front financial support for open source projects that need money to make security improvements.
Google to Restrict App Access to G Suite Accounts
Google will limit the ability of LSA to access G Suite accounts starting in June, to protect users from account hijacking attempts. The change is to encourage using apps that rely on OAuth 2.0.
Decipher Podcast: Kelly Shortridge
Kelly Shortridge of Capsule8 joins Dennis Fisher to discuss the idea of accepting some level of ransomware attacks as necessary and working toward an economic equilibrium with the attackers.
New Tactics Emerge as Phishing Evolves
Recent phishing campaigns uncovered by Microsoft are using custom 404 error pages and search result poisoning to fool victims.
Time, Not Money, Kills Bugs
The measure of a bug bounty program's success is not how much researchers were paid, but how the organization handled the volume of new reports. GitLab's James Ritchey share some of the lessons learned in the company's first year of the public bug bounty program.
Mozilla to Require 2FA for Add-On Developers
Mozilla will soon require add-on developers to enable 2FA for their accounts in an effort to defeat supply chain attacks.
Microsoft Fixes Windows Bug Under Active Attack
Microsoft patched CVE-2019-1458 in Windows, a privilege escalation bug that is being used in active attacks.
Maze Turns Ransomware Incidents into Data Breaches
Maze ransomware, which infected Pensacola, Florida, exfiltrates the data to a remote server before encrypting the local copies in order to force victims to pay the ransom. The group threatens to publicly release the files if the victims don't pay.
Chrome Adds Warning for Compromised Passwords
Google has integrated its Password Checkup functionality into Chrome 79 to warn when people use compromised credentials.
Signal Working on New Private Group Feature
Signal is developing an updated private group system that provides enhanced capabilities and security for group administrators.
Buggy Ryuk Tool Corrupts Data Files After Ransomware Infection
A bug in the Ryuk ransomware’s decryptor tool means some files get corrupted during the recovery process. The victim doesn’t get all the files back, even after paying the ransom demand.
Linux Flaw Allows VPN Hijacking
A vulnerability in many Linux distributions, as well as Android and iOS, can allow an attacker to hijack VPN connections in some cases.
New ZeroCleare Wiper Malware Used in Targeted Attacks
The new ZeroCleare malware has been used in destructive attacks against energy companies in the Middle East.
StrandHogg Bug Plagues Android
Many versions of Android, including Android 10, have a weakness dubbed StrandHogg that can lead to credential phishing and other malicious actions.
NIST Developing Hardware Security Guidelines for Enterprises
The federal government's technical standards body is working on best practices for verifying the security and integrity of hardware, a notoriously difficult problem.