SEARCH
All Articles
U.S. Indicts Three North Koreans for Broad Hacking Campaign
The U.S. Department of Justice has indicted three North Koreans for allegedly hacking banks, private companies, and government agencies for many years.
So Many Stolen Passwords Make Credential Stuffing Easier
Thanks to all the data breaches and security incidents over the last few years, attackers are sitting on a gold mine of valuable credentials information which they can use to launch credential-stuffing attacks against major Web services and other applications.
Web Shell Attacks Spike
The volume of attacks using web shells as a persistence mechanism has nearly doubled in recent months, Microsoft said.
Proofpoint Sues Facebook to Keep Using Lookalike Domains
Proofpoint and Facebook are in court fighting over how to handle the problem of domains that impersonate well-known brands, highlighting the difficulty in differentiating malicious activity and security awareness.
Decipher Podcast: Neil Daswani
Neil Daswani, co-director of the advanced security program at Stanford University and a former engineer at Twitter and Google, joins Dennis Fisher to discuss his new book, Big Breaches: Cybersecurity Lessons for Everyone, and the common root causes and effects of major data breaches.
Keeping Dependencies Straight in the Software Supply Chain
The nature of modern software development is that development teams have to rely on "blind trust" for some of the code components written by someone else. A new attack method showed how build systems could be tricked into pulling code from the wrong projects.
‘Stop Acting Like These Attacks are Special or Rare’
National security experts and policy makers say the U.S. needs to act now to raise the cost of doing business for state-backed attackers.
Email Attackers Target Victims Based on Demographics
Criminals pay attention to user demographics to target specific types of users when crafting email-based attacks, a joint study from Google and Stanford found.
Microsoft Fixes Critical TCP/IP Flaws and Actively Exploited Windows Bug
Microsoft has patched three flaws in the Windows TCP/IP implementation and a separate bug in Windows that is under active attack.
Attacker Accessed Florida Town’s Water Treatment System
An intruder gained access to a system that controls the water treatment plant in Oldsmar, Fla., and tried to add excessive amounts of sodium hydroxide to it.
FDA Names New Head of Medical Devices Security
The Food & Drug Administration has appointed University of Michigan computer science researcher Kevin Fu to serve as the agency's Acting Director of Medical Device Cybersecurity.
Microsoft Investigating Reported IE Zero Day
Microsoft is looking into a report of a zero day in Internet Explorer that a group of Korean researchers say used to target them.
SolarWinds Patches Two New Flaws in Orion
SolarWinds has fixed two newly discovered bug in Orion, one of which can lead to remote code execution.
Virginia Passes Consumer Data Protection Law
Virginia joins California in enacting a comprehensive data privacy law with the Virginia Consumer Data Protection Act, becoming the second state to have legislation giving consumers the right to access data organizations have collected about them.
Making 0-Day Hard is Still Hard
The difficulty of detecting zero days in the wild and incomplete patches for the ones that are found is making life easier for attackers.