SEARCH
All Articles
Expect More Spectre, Meltdown Variants Until Updated Chips Arrive
After Meltdown and Spectre, many researchers warned that increased scrutiny on side-channel meant more attacks will be found, so the discovery of "Variant 4" is not a surprise. More variants will be found as chip makers update their designs over the next few years to fix the issues.
FireEye Releases PwnAuth, an OAuth Attack Testing Platform
FireEye has released PwnAuth, an open source tool designed to help security professionals test their organization's ability to detect and respond to attacks abusing OAuth.
Time, and the LØpht, March On
Twenty years after their famous Senate hearing, four members of the L0pht hacker group came together this week to talk about where things stand.
YubiKeys Now Work With iOS
Yubico has released an SDK that will enable iOS app developers to support hardware-based 2FA.
The Business of America is Surveillance
The FCC is looking into a website flaw that allowed the real-time tracking of anyone with just a mobile phone number.
Exposed AWS Resources Leaked Sensitive Data
Amazon S3 buckets aren't the only data repositories that can leak data because of the organization's configuration errors. Other cloud services on the AWS platform are often found accessible by anyone on the Internet.
Google Puts Plaintext HTTP Out to Pasture
Google Chrome will mark all HTTP pages as not secure in the coming months, a major milestone in the overdue death of plaintext connections.
Cybersecurity Czar Job to Remain Vacant
The White House plans to leave the cybersecurity coordinator job open, while lawmakers have introduced a bill to establish a new cybersecurity office.
Predict Which Security Flaws Will be Exploited, Patch Those Bugs
How do enterprises figure out which security flaws to fix first? Research shows common vulnerability management and remediation strategies are no better than random guesses. Trying to predict which flaws will be exploited and fixing those is a better use of the security teams's time.
Google’s Android P Confirms Humans Still at the Helm
The new Android Protected Confirmation API in Android P ensures that a human, not malware, is engaging with the app.
Efail Is Not a Death Knell For Encrypted Email
The Efail attacks on encrypted email clients implementing OpenPGP or S/MIME are serious, but there are mitigations and defenses available for users.
Secure Data Act Bans Crypto Backdoors
A new bill would prevent government agencies from mandating backdoors in encrypted hardware or software products.
Don’t Try This at Home: Chip Decapsulation
Mikhail Davidov decided to see what it would take to develop a process to manually decapsulate chips. After months of work, experimentation, and trial and error, he succeeded.
Georgia Hack Back Bill Vetoed
The bill in Georgia that would have legalized active defense measures and outlawed some security research was vetoed by the state's governor.
Users Need More Than Minimal Breach Disclosure
Companies get away with disclosing just the bare minimum, or dribble out the bad news to the point where no one is paying attention. We need to hold companies to a higher set of expectations.