SEARCH
All Articles
Security Norms Must Shift in a Crisis
With so many employees and contractors working remotely, security teams and CISOs grapple with the job of continuing to protect networks, systems, data, and people. One challenge: recognizing clues that something is wrong when nothing looks normal.
VMware Patches Critical Flaw That Allows Guest Escape
A critical flaw in VMware Fusion and Workstation could allow an attacker to run arbitrary code on the host from the guest.
GitHub’s npm Acquisition Will Boost JavaScript Security
The security of the JavaScript software ecosystem will get a significant boost with GitHub acquiring npm, which hosts and maintains the Node package manager and the package registry. GitHub has the resources to invest in robust and stable infrastructure, thorough vetting of software packages, and integration into GitHub's other services.
EARN IT Act Casts a Long Shadow on Encrypted Services
More senators are expressing support for the EARN IT Act despite its serious threat to encrypted services and user privacy.
Microsoft Releases Emergency Fix for SMBv3 Flaw
Microsoft has issued a security advisory warning of a vulnerability in the Microsoft Server Message Block (SMB) protocol. Until a fix is available, administrators are advised to disable SMBv3 compression on their servers.
Microsoft DART Finds Six Attack Groups On Customer Network
While helping a customer deal with a state-sponsored attack group which had been stealing data and email for about eight months, Microsoft’s incident response team uncovered five other threat actors operating simultaneously on the network.
Commission Outlines Ways to Overhaul Federal Cybersecurity
The United States needs a top-level cybersecurity coordinator, more powers for CISA, and cybersecurity-specific committees in Congress, the Cyberspace Solarium Commission said in its long-awaited report.
Microsoft Disrupts Necurs Botnet
Microsoft has taken over the control infrastructure for the Necurs botnet, disrupting the operations of the notorious spam and malware-distribution network.
Yubico Warns of OTP-Replay Issue In Validation Server
The Yubico Validation Server contains a pair of vulnerabilities, one of which allows the replay of one-time passwords.
DuckDuckGo Releases Tracker Radar Tool
DuckDuckGo's new Tracker Radar tool protects users against pervasive third-party tracking across the web.
Internet Standards Emphasize User Privacy At Expense of Enterprise Security
New Internet technologies bring more privacy to the network, but they have the side effect of breaking security in enterprise networks, Internet pioneer Paul Vixie said at RSA Conference 2020.
Let’s Encrypt Delays Revoking Some Certificates
Let's Encrypt has delayed revoking some of the certificates affected by a server bug in order to ensure stability on those sites.
EARN IT Act Not Earning Much Support
The EARN IT Act has not yet made it to the Senate floor amid a lack of enthusiasm from legislators, but that may change.
Bug Forces Let’s Encrypt to Revoke Millions of Certificates
Let's Encrypt will revoke three million certificates because of a subtle bug in its server software that affected the way domain records were checked.
DoJ on Criminal Marketplaces and Not Breaking the Law
Security researchers, law enforcement, and analysts lurk in criminal marketplaces and forums collecting information which may indicate a possible data breach or data theft. It’s a tricky balancing act—blending in among criminals while not engaging in criminal activity that could get them arrested.