SEARCH
All Articles
Medical Data Leaks Linked to Hardcoded Credentials in Code
Data of more than 150,000 to 200,000 patient were exposed in at least nine GitHub repositories—the result of improper access controls and hardcoded credentials in source code, according to a DataBreaches.net.
Serious DoS Bug Patched in BIND 9
A vulnerability in several versions of BIND 9 can allow an attacker to knock vulnerable name servers offline.
EU Delays GDPR Decision in Twitter Case
Irish privacy regulators are still working with other European Union data protection authorities to hammer out the final decision of its GDPR case against Twitter over a 2018 security incident.
GDPR Lawsuit Targets Oracle, Salesforce Use of AdTech Cookies
A consumer privacy campaign group, The Privacy Collective, has filed a lawsuit in Amsterdam against Salesforce and Oracle for allegedly violating the European Union’s General Data Protection Regulation over the companies' use of cookies and real-time bidding.
Researchers Develop Attacks Targeting End-to-End Encryption in Emails
A group of academic researchers have developed practical attacks targeting two widely used end-to-end encryption schemes for email, which could lead to man-in-the-middle decryption attacks and exfiltration of private keys.
Cryptomining Botnet Steals AWS Credentials
TeamTNT, a crypto-mining botnet, is stealing Amazon Web Services credentials from infected Docker and Kubernetes servers.
EmoCrash Exploit Helped Slow the Spread of Emotet for Months
The EmoCrash exploit took advantage of a flaw in the Emotet trojan's code to help defenders stop the malware for more than six months.
Apache Warns of Serious Flaw in Struts
A vulnerability in Apache Struts (CVE-2019-0230) can lead to remote code execution in some circumstances.
Decipher Podcast: Jennifer Leggio
Dennis Fisher is joined by Jennifer Leggio, CMO of Claroty, to talk about her career path from journalist to executive and the challenges of learning the intricacies of security in OT environments.
NSA and FBI Detail Russian Use of Drovorub Linux Malware
The NSA and FBI have exposed a previously unknown malware tool called Drovorub that the agencies say has been deployed by APT28.
Microsoft Patches Zero Days Used in Targeted Attacks
Microsoft on Tuesday patched flaws in Internet Explorer an Windows that have been used in active attacks.
US and EU May Try for Another Privacy Shield
The United States is trying to hammer out another data transfer agreement with the European Union after the EU Court of Justice struck down the EU-US Privacy Shield framework last month for “inadequate” privacy protections.
Amazon Fixes Five Flaws in AWS Encryption Client
Amazon has patched five vulnerabilities in its AWS Encryption Client, including a CBC padding oracle flaw.
Google Rolls Out SameSite Cookie Changes to Chrome
Read about Google’s SameSite update, which changes how the Chrome web browser handles third-party cookies for improved security.
Decipher Podcast: Robert Hansen
Dennis Fisher is joined by Robert Hansen, CTO of Bit Discovery, to talk about finding forgotten network assets, breaking things, and building a business.