SEARCH
All Articles
Facebook Releases Static Code Analysis Tool for Python
Facebook has open-sourced Python Static Analyzer, an internally-developed static code analyzer for finding and fixing flaws in Python code. Pysa analyzes how data flows through the application to identify security issues that result when data winds up in an area of the application is shouldn't be able to reach.
When Going in Reverse Moves You Forward
Reverse engineering to find the root cause of vulnerabilities can be a frustrating task, but even the analyses that go wrong can produce lessons and new skills.
Decipher Podcast: Black Hat 2020
Dennis Fisher is joined by Brian Donohue, Chris Brook, and Mike Mimoso to discuss the experience of watching the Black Hat talks online this year and what progress the industry has made in keeping people secure.
Hacking Medical Devices to Hijack Secure Facilities
Security researchers have demonstrated in the past how implanted medical devices such as insulin pumps and pacemakers can be compromised. A team from Virginia Polytechnic Institute and State University investigated how these devices could be used to compromise secure facilities used to work on classified information.
The DoH Continues to Rise
Adoption of DNS over HTTPS (DoH) continues to rise, but so do concerns about network visibility and centralization of DNS services.
The Hacker Movie Sequels You Didn’t Know You Needed
Dennis Fisher, Zoe Lindsey, and Pete Baker got tired of waiting for Hollywood to make sequels to some of our favorite hacker movies, so we came up with some pitches for the sequels we'd like to see.
Lawmakers Ask FTC to Investigate Data Brokers
A group of Congressional lawmakers urged the Federal Trade Commission to investigate ad-tech companies and data brokers who collect and sell consumers’ personal information.
DHS Exposes Chinese Malware Tools
The US government has published a detailed analysis of the Taidoor trojan it says is used by the Chinese government in network compromises.
Criminals Find a Way to Clone EMV Cards
The shift from payment cards with magnetic stripes to EMV chips was supposed to stomp out card cloning, except cybercriminals appear to have figured out a workaround.
Microsoft to Remove Windows Updates Using SHA-1 Hash
Microsoft strikes another nail in the SHA-1 coffin with the announcement that all updates that had been signed using SHA-1 hash will be removed from the Microsoft Download Center.
Flaw in GRUB 2 Boot Loader Threatens Many Linux Systems
A buffer overflow (CVE-2020-10713) in the GRUB 2 boot loader can allow an attacker to gain code execution on many Linux systems and possibly some Windows computers.
How Ransomware is Invading the Enterprise
Decipher editors Fahmida Y. Rashid and Dennis Fisher are joined by a panel of security experts to discuss the evolution of ransomware attacks and how groups are now focusing on enterprise targets.
FBI Warns of DDoS Attacks Abusing Network Protocols
The Federal Bureau of Investigation warned in a “private industry notification” last week that attackers are increasingly using amplification techniques in distributed denial-of-service attacks. There has been an uptick in attack attempts since February, the agency’s Cyber Division said in the alert.
Wyden: EARN IT Act a ‘Horrendous Effort’ to Regulate Speech
The EARN IT Act would create a flood of state laws regulating Internet use and curtail the use of encrypted services, Sen. Ron Wyden says.
Decipher Podcast: Katie Moussouris Returns
Katie Moussouris, hacker and CEO of Luta Security, joins Dennis Fisher for a long overdue conversation about vulnerability management, bug bounty programs, and assessing risk.