SEARCH
All Articles
Phishing Kit Developers Operate Like Regular Software Shops
Phishing is a numbers game—and the longer a kit remains hidden and active, the longer the attack can run and net more victims. The developers behind popular phishing kits are adopting best practices from the business world to streamline operations and make money.
MongoDB Moves Encryption Out of the Server
MongoDB engineers spent the last two years developing field-level encryption, a scheme that would reduce the damage after a data breach.
Seeking Validation in a Hostile World
The domain control validation process relies on protocols and systems that are susceptible to compromise, so Cloudflare is hoping to fix that with a new service that validates certificates from multiple points.
The League of Entropy Forms to Offer Acts of Public Randomness
Cloudflare and several other members have formed the League of Entropy to offer a quorum of public randomness beacons.
Linux Worm Hits Unpatched Exim Servers
It took only a few days for a Linux worm to start exploiting the vulnerability in the Exim mail transfer agent. Microsoft said some Azure customers have already been affected.
Most DNS Traffic Passes Through Just a Few Name Servers
This is not the decentralized network we were promised. The majority of the world’s DNS transactions pass through authoritative name servers operated by less than 10 organizations, DNS Observatory found.
New Echobot Malware Adds Exploits, Targets Enterprise Apps
A newly discovered version of the Echobot malware, which is tied to the Mirai botnet, contains eight new exploits and targets enterprise applications as well as consumer devices.
Application Attacks Rule the Web
Akamai's State of the Internet security report shows that SQL injection attacks make up more than two-thirds of application layer attacks against organizations.
Encryption, Privacy in the Internet Trends Report
This is the single most important stat in venture capitalist Mary Meeker’s massive Internet Trends report: 87 percent of Web traffic is now encrypted. Oh, and use of secure messaging apps are on the rise.
Windows 10 Moves Closer to a Password-less World
No matter what the security zealots say, the password will never fully die. The latest version of Windows 10 is getting closer to the passwordless ideal.
Decipher Podcast: Adam O’Donnell
Adam O'Donnell, a longtime security engineer, startup founder, and member of the Cult of the Dead Cow, joins Dennis Fisher to talk about the group, its influence, and his career in security.
Large BGP Leak Hits European Mobile Carriers
A BGP route leak by a hosting company affected traffic from several European mobile carriers this week.
GoldBrute Botnet Is Brute-Forcing Windows RDP
A new botnet is scanning the internet and brute-forcing Remote Desktop Protocol connections to compile a list of vulnerable hosts, usernames, and passwords.
Odd Bug Haunts Exim Mail Agent
The Exim MTA used in many Linux distributions contains a vulnerability that is trivially exploitable locally and can be exploited remotely in some cases.
NSA Joins Chorus Urging Speedy Patching for BlueKeep
The United States NSA urging enterprises and individuals to install the update addressing the BlueKeep vulnerability on Windows systems as soon as possible.