SEARCH
All Articles
Congress Votes to Create New Federal Cybersecurity Agency
A bill that passed the House Tuesday will create the new Cybersecurity and Infrastructure Security Agency to handle the government's cybersecurity responsibilities.
Chip-Based Credit Cards Did Not Stop Payment Card Fraud
Three years ago, the United States shifted to chip-enabled credit and debit cards. The big promise was that chip cards would reduce payment card fraud. While that is mostly true, millions of chip-cards are still getting stolen because some merchants haven't made the switch.
The Deep, Dark Reach of the Magecart Group
The Magecart group has been compromising web stores and skimming card numbers from them for several years, and security researchers are exposing much of the group's techniques and tactics.
Congress May Consider a U.S. Version of GDPR
Despite high-profile data breaches, increased scrutiny of how consumer data is used, and several hearings, there hasn’t been a lot of movement on privacy legislation out of Congress. That may change if lawmakers decide to pass the U.S. version of the European Union's data privacy law.
Google Data Shows Tiny Fraction of Android Devices Run Malicious Apps
A new transparency report on Android security shows that far less than one percent of all devices have a potentially harmful app running on them.
U.S. Cyber Command is Making Foreign Malware Tools Public
A group within the U.S. Cyber Command is now contributing malware samples to VirusTotal, part of a broader strategy to put pressure on foreign adversaries.
Google Expands Automated OSS-Fuzz Program
Google's OSS-Fuzz open source fuzzing project has identified more than 9,000 bugs in less than two years and is now expanding.
NIST Looking at AI to Calculate Bug Severity
IBM has been touting the potential of using Watson to help security analysts analyze large volumes of security data and make security decisions. The National Institutes of Standards and Technology may be considering using AI to help determine the severity of software vulnerabilities.
Apache Warns of Critical Flaw in Struts 2 Framework
There is a serious flaw in the file upload component in the Struts 2.3.x framework that can lead to remote code execution on vulnerable apps.
Crypto Implementation Flaws Found in Popular Solid-State Drives
Researchers at Radboud University have uncovered a number of serious weaknesses in self-encrypting solid-state drives.
New Bluetooth Bugs Let Attackers Take Over Wi-Fi Networks
The likelihood of a successful attack using a pair of vulnerabilities in some wireless access points with Bluetooth Low Energy chips against an enterprise network is currently low, but the fact that such an attack can bypass network segmentation is worrying.
Wyden Proposes Severe Fines, Jail Time for Corporate Privacy Violations
Sen. Ron Wyden is circulating a draft of a bill that would punish corporate privacy violations with massive fines and potential jail time for executives.
Google Boosts Account Security
Google has added some new protections designed to help users detect or recover from account compromises.
Pay or Not Pay a Ransom? It’s Not That Simple
What does dumping toxic waste in the the Chicago River and paying cyber extortionist have in common? Quite a lot, actually. Risk management expert Tony Martin-Vegue looks at the factors that drive the decision to pay or not pay the ransom after an attack.
Netflix Releases Stethoscope Desktop App to Check Device Health
Netflix has released a desktop version of its open source Stethoscope security health check tool, which provides detailed information on how to fix security issues on a device.