Computer Security Tip of the Day
April 21st
Every plugin or add-on you install in your browser can expose you to more danger. Only install the plugins you need and make sure they are always current. If you no longer need a plugin, disable or remove it from your browser via your browser's plugin pre…
Bruce Schneier on Security
April 22nd
Developers have discovered a backdoor in the Codecov bash uploader. It’s been there for four months. We don’t know who put it there. Codecov said the breach allowed the attackers to export information stored in its users’ continuous inte…
April 20th
On April 15, the Biden administration both formally attributed the SolarWinds espionage campaign to the Russian Foreign Intelligence Service (SVR), and imposed a series of sanctions designed to punish the country for the attack and deter future attacks. I…
April 19th
The Washington Post has published a long story on the unlocking of the San Bernardino Terrorist’s iPhone 5C in 2016. We all thought it was an Israeli company called Cellebrite. It was actually an Australian company called Azimuth Security. Azimuth s…
April 17th
Divers find three-foot “blobs” — egg sacs of the squid Illex coindetii — off the coast of Norway. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog …
April 17th
Security Boulevard recently listed the “Top-21 Cybersecurity Experts You Must Follow on Twitter in 2021.” I came in at #7. I thought that was pretty good, especially since I never tweet. My Twitter feed just mirrors my blog. (If you are one of…
Dark Reading Security News
April 22nd
Social engineering pen testing is just one step in preventing employees from falling victim to cybercriminals.
April 21st
For all the chaos the pandemic caused, it also sparked awareness of how important an identity-centric approach is to securing today's organizations.
April 17th
Researchers spot problems in how IoT vendors delegate device access across multiple clouds and users.
April 17th
A digital identity framework is the answer to the US government's cybersecurity dilemma.
April 15th
The combined entity will expand on both companies' privileged access management tools and expects to debut a new brand this year.
New Security Threats
April 22nd
CVE-2021-22893 allows remote code-execution (RCE) and is being used in the wild by nation-state cyberattackers to compromise VPN appliances in defense, finance and government orgs.
April 21st
A vendor develops the series logically so that the tools do not just cover individual needs, but complement each other. For example, the concept of SearchInform is to ensure control of threats at all levels of the information network: from hardware and so…
April 21st
Attacks dubbed ‘Fajan’ by researchers are specifically targeted and appear to be testing various threat techniques to find ones with the greatest impact.
April 21st
The Mozilla Foundation releases Firefox 88, fixing 13 bugs ranging from high to low severity.
April 21st
The second-largest auto insurance provider in the U.S. has since fixed the vulnerability that exposed information from its website.