All Articles

Browse by Category:

Browse by Tag:

Government Podcast Privacy Microsoft Malware Ransomware Vulnerability Data Breaches Google Encryption Apple Phishing 2fa Hardware Iot Security Apt Android Ciso Supply Chain Cybercrime Cloud Solarwinds Hacker Movies Internet Black Hat Facebook Labs Research Botnet Cisa Linux Patching Government Agencies Vulnerabilities Log4j Windows Patch Vpn Software Security Apache Open Source Legislation Bug Bounty Networking Gdpr Critical Infrastructure Security Mobile Mozilla Magecart Disinformation Vmware

2349 articles:

Criminals Hosting Phishing Kits on GitHub

Phishing

DNSpionage Attackers Deploying New Karkoff Backdoor

The DNSpionage attack group is now using a new backdoor called Karkoff, which may have ties to the OilRig leaks as well.

DNS Security, Malware

Microsoft Will No Longer Recommend Forcing Periodic Password Changes

Users who hate having to change their Windows passwords every 60 days can rejoice: Microsoft now agrees that there is no point to forced password changes and will be removing that recommendation from its security recommendations.

Microsoft, Passwords

BEC Scams Cost $1.2 Billion in 2018

BEC scams continue to rise and accounted for $1.2 billion in losses in 2018. The good news is that the FBI was able to work with banks to recover some of the funds.

Cybercrime

Taking Hype Out of Bug Bounty Programs

“Bug bounty apostate” and Luta Security founder Katie Moussouris said bug bounty programs have veered away from their original mission: help organizations become more secure.

Bug Bounty

Targeted Phishing Attacks Hit Embassies, Agencies in Several Countries

A series of targeted phishing campaigns have hit victims in government finance agencies and embassies in several European and African countries.

Phishing

Google Moves Developers to OAuth to Help Prevent Phishing Attacks

Google is planning to block sign-in attempts from embedded browser frameworks soon to help defeat some phishing attacks.

Google, Oauth

Someone is Leaking an Iranian Hacking Group’s Arsenal

An unknown leaker is publishing hacking tools used by the APT34 attack group that has been linked to Iranian intelligence.

APT

More Security Endpoint Tech Isn’t Always Better

The endpoint is still the most important part of enterprise defense, but Absolute Software's analysis found that throwing more security agents at an endpoint doesn’t make the system more secure.

Endpoint Security

Decipher Podcast: Craig Williams

Dennis Fisher talks with Craig Williams of Cisco Talos about the Sea Turtle DNS-hijacking campaigns.

Podcast

Sea Turtle Attackers Play Shell Game With DNS

A group of attackers has been running a DNS hijacking campaign known as Sea Turtle that targets energy, intelligence, and military organizations.

DNS Security

Microsoft Drafts Security Configuration Framework for Windows 10

Security professionals struggling with securely configuring Windows 10 devices can look at Microsoft's new security configuration framework.

Microsoft, Windows 10 Security

Single Actor Behind Recent WordPress Plugin Attacks

Wordfence researchers are "confident" the same actor is responsible for a wave of attacks that have hit thousands of WordPress sites over the past month by targeting vulnerabilities in WordPress plugins.

Wordpress, Website Security

Google Adds Better Transport Security for Gmail

Google has turned on support for the MTA-STS security standard in Gmail, providing better transport security for domain owners.

Google, Gmail Security

Scary Hardware Attacks Aren’t The Biggest Risks

Supply chain attacks are scary, but there are plenty of other hardware-based issues organizations should be worrying about before they have to panic about the complex malicious implants in their servers.

Hardware, Supply Chain