News
Executive order boots “foreign adversaries” from US electric grid over security concerns
White House action implies that China is "creating and exploiting" vulnerabilities in the US power grid. Experts say hardware backdoors have the potential for doing significant damage.
Cloud configuration drift leaves organizations open to attack, research finds
Undocumented cloud configuration changes, whether done by attackers or for legitimate business reasons, present a significant security threat.
Cisco and Palo Alto Networks appliances impacted by Kerberos authentication bypass
The shared vulnerability could enable man-in-the-middle attacks, and it could exist on other devices. Patch now.
4 critical issues surrounding contact-tracing apps
As countries rush to release contact-tracing apps, experts fear a lack of security and privacy controls.
Attacks against internet-exposed RDP servers surging during COVID-19 pandemic
Two new reports show a dramatic increase in cyber attacks that target open RDP ports as more people work remotely.
Attempted cyberattack highlights vulnerability of global water infrastructure
Water utilities often have few cybersecurity resources and are subject to few regulations. A failed Stuxnet-like attack on Israel's water supply shows how dangerous that could be.
Salesforce unveils tools for a post-pandemic return to the office
Work.com contains apps and information resources to support organizations as business looks to resume operations in many countries.
Cloud servers hacked via critical SaltStack vulnerabilities
Attackers were quick to exploit recently announced vulnerabilities to deploy cryptominers. Patch Salt now.
COVID-19 attack campaigns target hardest hit regions, research shows
Attackers shift their focus to where coronavirus infections are rising and use tactics that make their efforts hard to block.
Update: Coronavirus prompts collaboration tool makers to offer wares for free
Several vendors, including Microsoft, Google, Slack, Zoom, Cisco and LogMeIn, are making chat, videoconferencing and other collaboration services free as demand for remote working booms.
Android security: Patching improves, but fragmentation challenges remain
A new report shows that Android mobile device manufacturers are getting better at patching the OS, but patching levels vary across models and vendors.
Telehealth booms amid COVID-19 crisis; virtual care is here to stay
The coronavirus pandemic that has erupted worldwide has pushed telehealth to the forefront. It's unlikely remote medicine will go away, even after the current crisis abates.
No election security funding in latest round of stimulus funding
Doubts raised about funding for 2020 election security and mail-in voting as money omitted from the latest stimulus bill.
Podcast: Is end-to-end encryption for videoconferencing important?
More people are relying on videoconferencing software to do their jobs and chat with friends and family. This uptick in use highlighted some security concerns like “Zoombombing” and the lack of end-to-end encryption in popular...
Legions of cybersecurity volunteers rally to protect hospitals during COVID-19 crisis
The COVID-19 Cyber Threat Intelligence League and other groups cooperate with the industry, law enforcement, and the government to prevent attacks on healthcare providers.
Mail-in ballots during COVID crisis necessary, but with risk says expert
Noted election security researcher Harri Hursti says mail-in voting is likely the only option for a safe, secure US presidential election, but voter and election worker training needed.
Google enters zero-trust market with BeyondCorp Remote Access offering
Google makes its internal zero-trust access infrastructure available to anyone on a subscription basis as an alternative to VPNs.
RubyGems typosquatting attack hits Ruby developers with trojanized packages
Attacker targeted Windows systems to hijack cryptocurrency transactions, and was able to evade anti-typosquatting measures.
New platform AttackerKB gives defenders more context on vulnerabilities
Real-world input from pen testers and other members of the security community aims to help defenders make better assessments of vulnerability risks.
