News Analyses

United States Capitol Building / Congress / legislation in a digital landscape
filling legacy tech skills gap

cockpit airline airplane control pilot by southerlycourse getty

Are we running out of time to fix aviation cybersecurity?

A new report from the Atlantic Council on aviation cybersecurity underscores the poor state of aviation security — and worse, how poorly understood the problem is within the industry.

CrowdStrike logo / Ukraine flag and map on globe / data center servers / binary code

CrowdStrike, Ukraine, and the DNC server: Timeline and facts

Politicizing cybersecurity only serves to undermine trust in its practices and objectivity, experts fear.

Cyber warfare  >  Russian missile launcher / Russian flag / binary code

Russia’s Sandworm hacking group heralds new era of cyber warfare

In-depth research on Sandworm shows broad capabilities and scope to disrupt anything from critical infrastructure to political campaigns in any part of the world.

bank vault bank hacked breach security breach binary numbers by negative space and peshkov getty im

How a bank got hacked

Notorious hacker Phineas Phisher claims to have netted hundreds of thousands of pounds sterling in a 2016 hack of the Cayman National Isle of Man Bank. Here's how he did it and why it's cause for concern.

digital fingerprint / binary code

Web payment card skimmers add anti-forensics capabilities

The newly discovered Pipka script can delete itself from a website after execution, making it very difficult to detect.

Insider threats  >  Employees suspiciously peering over cubicle walls

Twitter spy scandal a wake-up call for companies to clean up their data access acts

Two Twitter employees accessed user data on behalf of the Saudi government. Neither should have had access, and this is a sign of a bigger problem at all companies.

keeping the cloud secure cloud security lock padlock private cloud

VMware amps security with in-house, Carbon Black technology

VMware's Carbon Black platform, along with VMware NSX, VMware Workspace ONE, VMware Secure State and future innovations, will deliver built-in security to networks, endpoints, workloads, identity\ies, cloud and analytics.

The United States Constitution and Bill of RIghts with lock and encryption overlay.

US Department of Justice push for encryption backdoors might run afoul of First Amendment

Is encryption code speech? Earlier court rulings suggest that it is, legally, and therefore subject to First Amendment protections.

A binary map of china.

China’s MLPS 2.0: Data grab or legitimate attempt to improve domestic cybersecurity?

The new version China’s Multi-Level Protection Scheme (MLPS) expands what companies fall under its purview and lower the threshold for government inspection. Should companies with operations in China be concerned?

The Google universal quantum computer.

Quantum supremacy might be here, upending conventional encryption

Last week Google posted and quickly took down a report announcing a stunning quantum computing milestone. Regardless of whether the report was premature, conventional encryption’s days are numbered.

thumb photo3
video

How wireless charging works

Wireless charging technology has been around for over 100 years, but it has only recently found mainstream practical use for powering electronic devices like smartphones. Learn how this technology works and what advancements we may...

Brexit / privacy  >  Binary data + a U.K. umbrella drifting away on a sea branded with an E.U. flag

Privacy Shield and Brexit: What now? What next?

Once the UK leaves the European Union, companies on both sides of the Atlantic will need to act to ensure compliant data flows between the UK and US under Privacy Shield.

Hands typing on a laptop keyboard binary code and a hazard symbol on screen.

New NetCAT CPU side-channel vulnerability exploitable over the network

NetCAT takes advantage of Intel DDIO technology to remotely execute keystroke timing attacks.

Internet of Things (IoT) / security alert / wireless network management

IoT vendors ignore basic security best practices, CITL research finds

New measurements by the CITL mass fuzzing project show just how bad things really are--and how IoT device makers could radically increase binary security with one day of engineering work.

Cloud Security

Cloud security: Inside the shared responsibility model

The Capital One security fiasco has underlined that securing the cloud is both a complicated technology and contractual problem.

SMS phishing / smishing  >  Mobile phone displays text bubble with skull + crossbones

SMS-based provisioning messages enable advanced phishing on Android phones

Attackers can use this vulnerability to send highly credible phishing messages. Victims' internet traffic is then routed through the attacker's proxy.

Japanese bowing etiquette / manners / digital connections

Improving BGP routing security by minding your MANRS

Enterprises can improve their routing security for modest costs, according to the Mutually Agreed Norms for Routing Security (MANRS) project.

CSO  >  Digital identity  >  personal identity / recognition + access authentication / personal data

Taxpayer First Act: Improving identity verification and modernizing the IRS

With citizens' PII at risk, some federal agencies like the IRS are moving away from knowledge-based verification. It's time for them all to follow suit.

Load More