-
+38 +5
Clouds vs cryptominers
It doesn't get the headlines of complete cloud failures, but criminal cryptominers such as TeamTNT quietly steal away your cloud resources every day.
-
+38 +3
Microsoft PowerShell Gallery Littered with Critical Vulnerabilities
It turns out Microsoft's PowerShell Galley has the same kind of security problems that plague npm and PyPI.
-
+30 +5
CVE-2020-19909: A Controversial Vulnerability for cURL
Is the current CVE system too easily manipulated? Will it lead to inflated severity scores that do not reflect actual threats? A recent cURL vulnerability puts this question to the test.
-
+28 +2
U.S. Government Tackles Open Source, Memory-Safe Programming Security
The US government is paying more attention to open source software and memory-safe programming languages, and is requesting input from the private sector.
-
+35 +4
A New Take on Software Code Security: The Open Source Consumption Manifesto
Open source is a blessing. It's also a curse when we don't take its security seriously. Now, the OpenSSF wants us all to take a long, hard look at how we consume and secure open-source software.
-
+30 +7
Post-Quantum Resilience for Security Keys
We introduce a hybrid digital signature scheme based on two building blocks: a classically-secure scheme, ECDSA, and a post-quantum secure one, Dilithium. Our hybrid scheme maintains the guarantees of each underlying building block even if the other one is broken, thus being resistant to classical and quantum attacks.
-
+29 +3
The cloud is critical infrastructure – here's what that really means
Policy has not kept pace with how essential cloud computing has become to critical systems. Cloud attacks, such as SolarWinds, aren't the only threat as evidenced | The cloud isn't just important for business, it's become vital, which means danger to the cloud is a danger to all of us.
-
+40 +2
AMD and Intel CPU security bugs bring Linux patches
Two new chip vulnerabilities, AMD Inception and Intel Downfall, forced Torvalds to push out Linux security fixes.
-
+31 +3
Npm Security Woes Continue Amidst a Series of CDN Attacks
Can a week go by without an npm problem? This week it's "manifest confusion at the Content Delivery Netwoirk.
-
+23 +4
Researchers find deliberate backdoor in police radio encryption algorithm
Vendors knew all about it, but most customers were clueless.
-
+34 +3
Microsoft and Google may have to surrender people's data to Saudi Arabia after signing huge deals there
Saudi Arabia is seeking to be an innovation hub, but activists are warning that tech firms could be complicit in the repression of dissidents.
-
+45 +6
Kevin Mitnick: A Hacker Hero Has Died
Kevin Mitnick, who died at 59 on Sunday from pancreatic cancer on Sunday, began his career as a criminal hacker and ended as the best-known white-hat hacker.
-
+30 +5
GitHub Leverages Passkeys to Enhance User Security
Passkeys, password replacements, have finally come to GitHub in beta.
-
+32 +8
France grants police power to spy on citizens through phones
VPN services and other security tools won't be able to protect people from this kind of state-surveillance. What's next for France's justice reform bill?
-
+22 +3
Microsoft on major Outlook and OneDrive outages: We were hacked
In early June, sporadic but serious service disruptions plagued Microsoft’s flagship office suite — including the Outlook email and OneDrive file-sharing apps — and cloud computing platform. A shadowy hacktivist group claimed responsibility, saying it flooded the sites with junk traffic in distributed denial-of-service attacks.
-
+23 +5
How an Amazon Fire Kids tablet was allegedly used to stalk a security pro
Be very wary of any connected device, even one designed for kids
-
+37 +6
Microsoft to pay $20M settlement for illegally collecting children's personal data
Microsoft will pay $20 million to settle charges brought by the Federal Trade Commission accusing the tech giant of illegally collecting the personal information of children without their parents’ consent — and in some cases retaining it “for years.”
-
+30 +6
Compiled Python Code Used in a New PyPI Attack
ReversingLabs has discovered a new kind of PyPI attack. Lucky us.
-
+35 +5
Google’s Android and Chrome extensions are a very sad place. Here’s why
No wonder Google is having trouble keeping up with policing its app store. Since Monday, researchers have reported that hundreds of Android apps and Chrome extensions with millions of installs from the company’s official marketplaces have included functions for snooping on user files, manipulating the contents of clipboards, and injecting deliberately unknown code into webpages.
-
+29 +6
Chainguard Improves Security for Its Container Image Registry
Chainguard's new Container Registry costs far less to run and the company has also upgraded how it hosts and distributes its Images to improve security.
Submit a link
Start a discussion