News
New coronavirus-era surveillance and biometric systems pose logistical, privacy problems
Governments and companies are using biometrics and geolocation to identify and track potential coronavirus victims in the name of public safety.
Weakness in Zoom for macOS allows local attackers to hijack camera and microphone
Zoom's use of insecure system APIs allow attackers to elevate privileges as well.
Attack campaign hits thousands of MS-SQL servers for two years
Newly discovered Vollgar attack uses brute force to infect vulnerable Microsoft SQL servers at a high rate.
Cybercriminal group mails malicious USB dongles to targeted companies
Shown as a proof-of-concept in 2014, this is the first known use of the BadUSB exploit in the wild.
Chinese hacker group APT41 uses recent exploits to target companies worldwide
APT41 has compromised devices and applications from Cisco, Citrix and Zoho across many industries worldwide at a time when many companies are less able to respond.
Virtual security conferences fill void left by canceled face-to-face events
Notable members of the infosec community are creating impromptu but highly popular virtual events using cheap, off-the-shelf tools.
New York's SHIELD Act could change companies’ security practices nationwide
SHIELD Act provisions broaden the scope of consumer privacy and place requirement on protecting personal data for organizations that collect information on New York residents.
Coronavirus: What companies are ready for our new reality?
One class of companies is already equipped to work in a fully distributed employee model. Another going to have a difficult time adapting to most employees having to work from home. Some won’t survive if this lasts more than a few...
Cyberspace Solarium report calls for layered cyber deterrence, defend forward strategy
The intergovernmental commission outlines the steps needed to defend the United States from modern cybersecurity threats.
Deloitte: 8 things municipal governments can do about ransomware
Deloitte researchers explain why state and local governments are favored for ransomware attacks and how they can protect themselves with limited resources.
Open-source options offer increased SOC tool interoperability
Too many security tools in your SOC, and none of them talk to each other, but new vendor-supported open-source projects might lead to greater interoperability.
New CPU attack technique can leak secrets from Intel SGX enclaves
The Load Value Injection attack can bypass security boundaries and mitigations put in place for other CPU vulnerabilities such as Spectre and Meltdown.
Is the EARN-IT Act a backdoor attempt to get encryption backdoors?
New bipartisan US legislation to fight online child exploitation incentivizes companies to drop end-to-end encryption, critics say.
Intel CSME flaw is unpatchable, researchers warn
Researchers reveal that a previously known Intel flaw is unpatchable and could allow attackers to compromise the cryptographic chain of trust in Intel systems.
Authentication, identity management start-ups lead 2019 VC investing
Cybersecurity venture investments reached nearly $7 billion in 2019. Authentication and identity management start-ups were the top lures.
5G security is a mess. Could digital certificates help?
5G inherited security vulnerabilities from earlier mobile technology, but digital certificates might solve the issue of unauthenticated messages.
APIs are becoming a major target for credential stuffing attacks
New research shows that attackers use APIs to automate credential stuffing attacks. The financial sector is particularly vulnerable.
Lack of firmware validation for computer peripherals enables highly persistent attacks
Vulnerabilities in unvalidated peripheral firmware such as WiFi adapters, cameras, and network interface controllers give attackers control over systems.
-
White Paper
-
White Paper
-
White Paper
-
White Paper
-
White Paper
Most Popular
BrandPosts
Learn more-
Sponsored by Fortinet