SEARCH
All Articles
Enterprises May Not Know Which Devices Have URGENT/11 Flaws
VxWorks is the operating system no one has ever heard of, but it is widely used in industrial control systems, robotics and automation, industrial control systems, and Internet of Things. The URGENT/11 group of vulnerabilities in these devices can be exploited remotely.
Being on the Latest Windows Version Can Thwart Zero Days
Zero day vulnerabilities exploited in the wild is never good news, but if the user's machine is running the latest version of the operating system, the chances are good that the attack won't be successful against that machine, according to a Microsoft security engineer.
BlueKeep Exploit on Sale, Now We Wait
What a week for BlueKeep watchers. Chinese-language slide deck appears on GitHub with details on how to use the BlueKeep vulnerability, Immunity includes a working exploit in its penetration testing kit, and the WatchBog cryptocurrency-mining botnet now has a scanner looking for vulnerable Windows machines with Remote Desktop enabled.
Kazakhstan HTTPS Interception a ‘Dangerously Misguided Policy’
The Kazakhstan government's efforts to intercept HTTPS connections and eavesdrop on secure traffic is a dangerous policy, experts say.
Government Targets Encrypted Messaging Apps in Going Dark Argument
Law enforcement officials and lawmakers asking the technology industry to provide backdoors into encryption products is not anything new, but U.S. Attorney General William Barr did something past officials hadn't done before: Barr specified that the backdoors and workarounds should be in encrypted messaging apps.
Equifax Settles Data Breach Lawsuits
Equifax settled the various lawsuits from federal and state regulators and consumers related to its 2017 data breach for up to $700 million. Hefty price tag not withstanding, the data for 147-million victims is still out there and there's not much consumers can do about it.
Slack Reveals New Details on 2015 Compromise
Four years after an intrusion, Slack has discovered new details about the incident and moved to reseat many users' passwords.
Microsoft Warns Political Orgs of Attacks
There has been a lot of discussion about protecting voting systems so that ballots can’t be changed or manipulated over the past two years, but the attacks Microsoft warned about are not related to the voting process.
Privacy Badger Starts Blocking Google Analytics
The EFF's Privacy Badger browser extension is now blocking Google Analytics through a change to detect cookie sharing.
Persistent Cookies Can Prove Troublesome for AWS
A researcher found that some AWS authentication cookies remain valid for up to 12 hours even after a user has changed the password and logged out.
Deciphering Spy Game
Zoe Lindsey, Dennis Fisher and Pete Baker break down the espionage classic Spy Game.
Moody’s Says Regulation Would Benefit Gas Pipeline Operators
Credit rating agency Moody's weighed in on the security of natural gas pipeline operators, urging that mandatory cybersecurity standards would harden the sector against potential attacks.
Privacy Group Asks FTC to Investigate Zoom
EPIC, a privacy rights organization, has filed a complaint asking the FTC to look into Zoom's actions after the disclosure of several vulnerabilities in its Mac client.
Mayors Pledge No More Ransom Payments
The United States Conference of Mayors unanimously agreed to not pay any more ransoms following ransomware attacks against municipal networks.
Apple Removes Zoom Web Server From Macs
Zoom executives promise to improve their security response process as Apple pushes a silent update to remove the Zoom web server from Macs.