SEARCH
All Articles
FTC Pushes For Federal Privacy Law
The FTC is urging Congress to pass a broad federal privacy and security law--and allow the commission to be the enforcement authority for it.
Google Wants to Change How Cookies Are Used
Google I/O is a good place to announce a whole lot of new privacy features “coming soon." It is also a good place to bury plans to change how Google will handle HTTP cookies in Chrome.
FIN7 Attackers Still in the Water
The FIN7 attack group is still alive and well, despite arrests of some alleged members and intense attention from researchers and law enforcement.
Decipher Podcast: Michael Bailey
Michael Bailey of FireEye joins Dennis Fisher to discuss his analysis of the Carbanak backdoor source code.
The Dark Web is Small, Criminal Threats Are Not
While it’s intriguing that the Dark Web may be smaller than perceived, it was never the biggest threat to enterprises.
Executive Order Asks a Lot Out of DHS
On paper, the executive order seems to have some good ideas on increasing the pool of talented security personnel for the federal IT workforce. Would DHS be able to deliver on these new programs?
MegaCortex Ransomware Targets Corporate Networks
The new MegaCortex ransomware is using stolen domain controller credentials to gain a foothold in corporate networks before spreading.
Mozilla Setting Tight Restrictions for Firefox Add-Ons
Mozilla is going to ban Firefox add-ons with obfuscated code in a major overhaul of its policy.
Off With Their Heads!
Calls for jail time for C-suite executives after a data breach are getting louder, but proposed legislation such as the Corporate Executive Accountability Act would not prevent data breaches. Instead, it would will simply result in organizations lawyering up, CISO Advisor Dave Lewis argues.
Wipro Breach Looks a Case of Gift Card Fraud
The attack on IT outsourcing giant Wipro appears to have been motivated by gift card fraud, not espionage or a supply-chain attack against another company.
Attackers Using Oracle WebLogic Flaw to Install Sodinokibi Ransomware
The Sodinokibi ransomware is being installed on vulnerable Oracle WebLogic servers that haven't been patched against CVE-2019-2725.
Credit Union Sues Fintech Vendor for Security Lapses
Bessemer System Federal Credit Union is suing Fiserv for not fixing the security issues in its banking platform, and says that thousands of small banks and credit union using the same software don’t even know their customer data is also vulnerable.
Privacy Advocates Urge Creation of Data Protection Agency
As Congress considers various privacy bills, advocates are pushing for a federal data protection agency to enforce any new law.
Docker Hub Breach Can Have a Long Reach
Docker revoked tokens linking GitHub and Bitbucket with Docker Hub accounts after discovering "unauthorized access" in its Hub database. Developers should check their code to ensure no unauthorized changes have been made.
New Side-Channel Attack Extracts Private Keys From Some Qualcomm Chips
Researchers from NCC Group developed an attack that can pull private keys from the hardware-backed keystore in some Qualcomm chips.