SEARCH
All Articles
TLS Delegated Credentials to Protect Private Keys on Web Servers
Mozilla, Firefox, and Cloudflare team up to tackle a specific TLS security problem: what to do in CDN and large web deployments where the private key has to be installed on every web server. Delegated credentials are short-lived TLS private keys that are generated by the web server.
Macs Storing Copies of Encrypted Messages from Apple Mail
The Apple Mail app on the most recent Macs appear to be storing copies of encrypted emails in plaintext, an Apple IT specialist found. There is a way to turn this off, temporarily.
Microsoft Warns of Possible Further BlueKeep Exploits
BlueKeep exploits have been seen installing a cryptominer, but Microsoft is warning customers that more damaging attacks could be coming.
The Future is Encrypted
The move by Google and Mozilla to implement DNS over HTTPS in their browsers is drawing fire from ISPs, which rely on DNS visibility to gather user data.
Online Privacy Act Would Create Federal Privacy Agency
A new privacy bill in the House of Representatives would create a new Digital Privacy Agency and punish companies for data misuse.
Google Unveils OpenTitan Secure Chip Project
The OpenTitan chip project launched by Google and several partners will produce open-source designs for secure root of trust hardware.
Nikkei Hit By BEC Scam As Payments Get Larger
Japanese media conglomerate Nikkei is the latest victim of BEC scams, as companies continue to fall for this form of fraud.
DHS Warns of New North Korean Government Malware Hoplight
The DHS and FBI say North Korean-backed attackers are using a powerful new piece of malware known as Hoplight to infiltrate target machines.
Supply Chain Security Requires Knowing Who to Avoid
There are many ways to share threat indicators and vulnerability details, but no good way to share concerns about untrustworthy suppliers and vendors in the supply chain. That needs to change.
WhatsApp Suit Against NSO Group Marks Beginning of an Era
The WhatsApp lawsuit against NSO Group may be a turning point in the way technology companies deal with surveillance vendors.
Fancy Bear Attackers Target Anti-Doping and Sports Groups
The Russian attack group known as fancy Bear has been targeting anti-doping and sports organizations in advance of the 2020 Summer Olympics.
Johannesburg Hit With Major Ransomware Attack
The City of Johannesburg was hit with a ransomware attack that has compromised many of its municipal services.
Older Bugs in Software Add to Security Debt
In the rush to fix newer vulnerabilities, the older ones are left unaddressed. The resulting security debt increases the organization's risk of a breach, Veracode warned.
Updated Gustuff Android Trojan Changes Tactics
A new version of the Gustuff Android banking trojan has emerged, this time with new communications capabilities and more credential-theft features.
Malwarebytes Connects Magecart Group to Carbanak
Researchers have linked the Magecart group known for its supply-chain attacks to Cabanak, an advanced threat group.