SEARCH
All Articles
Coordinated Ransomware Attack Hits Texas Government Agencies
More than 20 Texas agencies have been compromised in a widespread ransomware attack.
New Attack Exposes Serious Bluetooth Weakness
The KNOB attack exploits a weakness in how Bluetooth devices negotiate the encryption key, allowing eavesdropping and decryption of communications.
Chrome and Firefox Removing EV Certificate Indicators
In the coming months, Google and Mozilla will remove the Extended Validation security indicators from the browser address bars.
Proposal to Make HTTPS Certificate Expire Yearly Back on the Table
The question about shortening the validity period for TLS certificates is back in front of the CA/Browser Forum again. CAs still oppose it and browser makers are still for it.
Many HTTP/2 Servers Vulnerable to DoS Bugs
A number of HTTP/2 server implementations are vulnerable to eight newly disclosed denial-of-service flaws.
Personality Types May Be Useful in Security Training
Research suggests that people’s personality types can influence whether they would be more likely to fall for social engineering attacks or be less likely to click on phishing links.
Two New BlueKeep-Like Flaws Emerge in Windows
Microsoft has fixed two new remotely exploitable vulnerabilities in Windows that are similar to the BlueKeep bug and could be exploited by a worm.
Phishers Play on Emotions to Fool Victims
New research from Google and the University of Florida shows that attackers use a variety of emotional triggers to trick victims into falling for their schemes.
Project Zero Wants You To Help Make 0-Day Hard
The Google Project Zero team is encouraging public attack research teams to form a coalition to collaborate and share data.
Ill Communication: Improving Security By Talking It Out
Improving communication between security teams and the rest of the organization can greatly improve an enterprise's security posture.
Include Deepfakes in Incident Response Plans
Deepfakes aren't just weird political videos. Enterprises should be concerned about how deepfakes could impact their reputation and financial health and include them in incident response plans.
New Weaknesses Found in WPA3
Researchers have discovered two new flaws in the Dragonfly handshake in the WPA3 WiFi security standard.
Demand for Cyber Insurance Is High, and So Are the Risks
As organizations grapple with soaring costs of cyberattacks, many are asking insurance companies for help reducing risks. But insurance providers are also hedging their bets because cyber insurance is so risky.
Capital One Breach Does Not Mean the Cloud is Insecure
Financial services organizations and many other enterprises have hesitated to go all in the cloud, citing concerns about depending on a third-party to protect the data, and the Capital One breach may encapsulate their fears. But the fact is, the cloud provides security benefits, so long as proper controls are put in place.
Capital One Breach Highlights Challenges of Insider Threats
The breach of Capital One data on Amazon Web Services is a insider threat story. Defending from malicious insiders is a different ballgame than from outsiders.