News

News

• May 04, 2018 04 May'18

  AMD patches in testing with ecosystem partners

  The timeline for the AMD patches promised to fix chipset flaws disclosed in March is being criticized, but AMD said the patches are being tested by partners and are still on track.

• May 04, 2018 04 May'18

  Twitter bug exposes passwords of all 336 million users

  On none other than World Password Day, a Twitter bug was announced that led to the passwords of all 336 million users being stored in plaintext in an internal log.

• May 03, 2018 03 May'18

  Cybersecurity pervasiveness subsumes all security concerns

  Given the increased digitization of society and explosion of devices generating data (including retail, social media, search, mobile, and the internet of things), it seems like it might have been ...

• April 30, 2018 30 Apr'18

  Windows NTFS flaw posted after disclosure gets nowhere

  Proof-of-concept code showing how an NTFS flaw can shut down Windows systems was published by a security researcher nine months after he disclosed it to Microsoft.

• April 30, 2018 30 Apr'18

  Attackers seek Oracle WebLogic vulnerability after faulty patch

  The combination of a broken Oracle WebLogic vulnerability and available proof-of-concept exploit code has led threat actors to search for any servers that are at risk.

• Sponsored News

  • It’s Time to Modernize Your SOC

    Sponsored by Microsoft - With the shift to remote work caused by COVID-19, Security Operations Centers (SOCs) are under more pressure than ever, particularly with many SOC workers also working from home. Today’s reality is that SOCs have to embrace a new way of working in order to keep their analysts and admins effective and to ensure that morale doesn’t collapse under the weight of too much work and pressure. See More

  • 6 Factors to Consider in Building Resilience Now

    Sponsored by Microsoft - COVID-19 has been, and continues to be, a stark reminder of the importance of business resilience. Organizations of all types and sizes have had to adjust to rapidly changing and unpredictable circumstances: A shift to remote work, supply chain disruptions, new digitally driven business models and an environment where uncertainty is the rule, not the exception. See More

  • Why Zero Trust, Why Now

    Sponsored by Microsoft - The concept of a Zero Trust cybersecurity architecture has been around for more than a decade, but adoption didn’t really begin to take hold until the past couple of years. As with many technology innovations, it hasn’t always been clear just what Zero Trust is all about and, more important, how to implement it easily and cost effectively. See More

  • 5 Best Practices To Secure Remote Workers

    Sponsored by Microsoft - The impact of COVID-19 has changed the dynamics and landscape of remote work for at least the foreseeable future and, probably, forever. All of a sudden, organizations across all industries had to scale remote workers at unprecedented intensity and speed. See More

  View All Sponsored News
• April 30, 2018 30 Apr'18

  Algorithmic discrimination: A coming storm for security?

  Following several RSA Conference 2018 talks on machine learning and AI, it's worth asking how algorithmic discrimination might manifest in the infosec industry.

• April 30, 2018 30 Apr'18

  Phishing threats still dwarf vulnerabilities, zero-days

  Proofpoint research shows that while phishing attacks now require victims to take more steps, the success rate for such attacks hasn't declined and enterprises are still on the defensive.

• April 27, 2018 27 Apr'18

  DDoS-for-hire website taken down by law enforcement

  Webstresser.org, a popular DDoS-for-hire website, was taken down by several law enforcement agencies across the globe. Details are sparse, but arrests have reportedly been made.

• April 27, 2018 27 Apr'18

  Microsoft releases Spectre variant 2 microcode patches

  Microsoft released new fixes that include the Intel microcode patches for Spectre variant 2 to help protect users on Windows 10 and Windows Server 2016.

• April 27, 2018 27 Apr'18

  GDPR deadline: Keep calm and GDPR on

  With the GDPR deadline looming, companies may still be scrambling to do "something" about it, but with less than 30 days to go the best move for many may be to wait and watch, and perhaps just ...

• April 27, 2018 27 Apr'18

  SentinelOne CEO: Endpoint security market full of 'noise and confusion'

  In part two of the interview with SentinelOne CEO Tomer Weingarten, he discusses how niche products and venture capital investments have affected the endpoint security space.

• April 27, 2018 27 Apr'18

  Sexy, but stupid: Biometrics security requires balancing risks

  When it comes to biometrics, security coexists with stupidity, unless implementers take the time to understand the limits, according to Adam Englander at RSAC 2018.

• April 27, 2018 27 Apr'18

  Keycard vulnerability threatens millions of hotel rooms

  News roundup: Researchers found a keycard vulnerability that enabled them to enter millions of hotel rooms worldwide. Plus, Yahoo has been fined $35 million by the SEC, and more.

• April 26, 2018 26 Apr'18

  Philip Tully: AI cyberattacks, AI arms race are coming

  Malicious actors are working on AI cyberattacks and other ways to augment threat activity with AI. Philip Tully discusses how that can work and if enterprise security can keep pace.

• April 26, 2018 26 Apr'18

  Risk & Repeat: Hacking back, GDPR and more from RSAC

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss some of the major themes and debates from RSA Conference, from hacking back to GDPR compliance.

• April 26, 2018 26 Apr'18

  SecureWorks warns of business email compromise campaign

  SecureWorks researchers uncovered an extensive business email compromise campaign targeting the maritime shipping industry, which may have cost organizations millions of dollars.

• April 26, 2018 26 Apr'18

  IXPs asked to mind their 'MANRS' to improve routing security

  The Internet Society expands its Mutually Agreed Norms for Routing Security, or MANRS, to IXPs as a means to protect the internet from route hijacking, leaks and IP address spoofing.

• April 26, 2018 26 Apr'18

  Philip Tully: AI models are cost prohibitive for some enterprises

  Philip Tully discusses the expensive and time-consuming work of building AI models and how those models can become the target of cyberattacks by malicious actors.

• April 25, 2018 25 Apr'18

  BGP routing security flaw caused Amazon Route 53 incident

  A BGP routing security flaw enabled unknown threat actors to steal cryptocurrency by hijacking internet routing and rerouting traffic to a phishing site in Russia.

• April 25, 2018 25 Apr'18

  Rachel Tobac: Social engineering attacks need real-world 2FA

  Rachel Tobac discusses how to train employees to avoid social engineering attacks and how individuals can keep themselves safe with awareness and by being 'politely paranoid.'

• April 24, 2018 24 Apr'18

  Akamai touts network perimeter security shifts, zero-trust model

  As network perimeter security grows less practical, Akamai talks at RSA Conference about moving beyond firewalls to improve authentication with a zero-trust model.

• April 23, 2018 23 Apr'18

  Women in cybersecurity discuss hiring, advice and being mentors

  A panel of women cybersecurity professionals at the RSA Conference discussed ways to find the best job candidates, the best advice they've received and how to be better mentors.

• April 20, 2018 20 Apr'18

  Government hacking tactics questioned at OURSA

  The ACLU's Jennifer Granick took government hacking to task at the OURSA Conference this week, calling out mass surveillance techniques and the limited scope of search warrants.

• April 20, 2018 20 Apr'18

  Keeper Security forms vulnerability disclosure program with Bugcrowd

  Following its controversial lawsuit against an Ars Technica security reporter, Keeper Security has teamed with Bugcrowd on a formal vulnerability disclosure program.

• April 20, 2018 20 Apr'18

  Another misconfigured Amazon S3 bucket exposes 48M records

  News roundup: A misconfigured Amazon S3 bucket led to the exposure of 48 million records collected by a private data analytics firm. Plus, PCI SSC updated its cloud guidelines, and more.

• April 20, 2018 20 Apr'18

  Experts describe how hacking back can be done right

  A panel of experts at the RSA Conference all expressed support for the idea of hacking back against threat actors, but each offered caveats in hopes of minimizing collateral damage.

• April 19, 2018 19 Apr'18

  CrowdStrike unveils Meltdown exploit in unusual fashion

  At RSA Conference 2018, CrowdStrike demonstrated a new Meltdown exploit that can harvest sensitive data such as passwords even on systems that are patched.

• April 19, 2018 19 Apr'18

  Moussouris: Bug bounty programs need to avoid jumping the shark

  Bug bounty programs may seem to offer salvation at a bargain price for securing networks and systems, but Katie Moussouris offers tips for avoiding major pitfalls.

• April 19, 2018 19 Apr'18

  Schneier talks cyber regulations, slams U.S. lawmakers

  Speaking at RSA Conference 2018, Bruce Schneier slammed U.S. lawmakers and Facebook in discussions on internet security regulations and technology policy.

• April 19, 2018 19 Apr'18

  Passive DNS techniques can reduce DNS abuse

  Presenting at RSAC 2018, Farsight Security's Merike Kaeo explains how defenders can adopt passive techniques to reduce DNS abuse and stop attacks before they happen.

• April 18, 2018 18 Apr'18

  Paul Kocher weighs in on Spectre flaws, vulnerability disclosure

  At RSA Conference 2018, Paul Kocher, who co-discovered the Spectre flaws, discussed the chip vulnerabilities and explained why disclosure and mitigation efforts were so troubled.

• April 18, 2018 18 Apr'18

  IBM's new AI toolbox is designed to protect AI systems

  IBM has made a new open source AI toolbox that's designed to provide practical defenses for real-world AI systems based on how threat actors can attack AI models.

• April 18, 2018 18 Apr'18

  IBM's Cindy Compert cooks up a batch of GDPR preparation

  GDPR preparation, with practical tips and recipes, was on the menu at RSAC 2018, as IBM CTO Cindy Compert offered practical advice for compliance with the EU privacy regulation.

• April 17, 2018 17 Apr'18

  FedRAMP security requirements put a premium on automation

  Matt Goodrich, director for the Federal Risk and Authorization Management Program, detailed FedRAMP security requirements and automation at RSA's Cloud Security Alliance Summit.

• April 17, 2018 17 Apr'18

  RSAC keynote speakers push teamwork, incremental improvements

  The RSAC keynote speakers pushed a unified idea of collaboration across public and private sectors, improved teamwork and the value of incremental improvements in cybersecurity.

• April 17, 2018 17 Apr'18

  Device wars: Researchers track new IoT botnet DDoS attacks

  A variant of the Mirai IoT botnet is the suspected cause of distributed denial-of-service attacks on financial services companies earlier this year, according to Recorded Future.

• April 17, 2018 17 Apr'18

  Risk & Repeat: Breaking down the Verizon DBIR 2018

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss the '2018 Verizon Data Breach Investigations Report' and its findings about ransomware, phishing and more.

• April 17, 2018 17 Apr'18

  Microsoft's Brad Smith urges action on nation-state cyberthreats

  At RSA Conference 2018, Microsoft President Brad Smith warned of nation-state cyberattacks and called on governments and the private sector to do more to address them.

• April 17, 2018 17 Apr'18

  Fidelis rolls out new active deception approach to security

  Active deception is set to be an important part of cloud defense, as Fidelis Cybersecurity adds active decoys to protect cloud assets in the enterprise.

• April 17, 2018 17 Apr'18

  ISACA: Cybersecurity skills gap still hurting enterprises

  ISACA's State of Cybersecurity 2018 report offered good news and bad news about the cybersecurity skills gap and also shed light on gender disparity in the infosec profession.

• April 16, 2018 16 Apr'18

  SSH announces new key and certificate management service

  A new key and certificate management service is now offered by SSH, which teamed up with AppViewX to provide a way to administer cryptographic keys and digital certificates.

• April 16, 2018 16 Apr'18

  CrowdStrike Falcon X takes aim at incident response

  CrowdStrike introduced a new component for the vendor's cloud-based security platform -- dubbed Falcon X -- that looks to speed up enterprises' incident response times.

• April 16, 2018 16 Apr'18

  Nuix hacker survey shows how easy it is to breach perimeters

  The second annual Black Report -- a hacker survey aimed at getting a different perspective on cybersecurity -- detailed how long it takes to breach a perimeter and what attacks are easiest.

• April 13, 2018 13 Apr'18

  A UPnP vulnerability hides bad traffic in a new way

  News roundup: Home routers are susceptible to a UPnP vulnerability that proxies bad traffic in a new way. Plus, AMD and Microsoft released patches for the Spectre flaw, and more.

• April 13, 2018 13 Apr'18

  Cybersecurity AI hype matures at RSAC 2018

  Top submissions to the RSA Conference 2018 indicate that the hype cycle around cybersecurity AI may be maturing, while diversity gets a lower ranking on the hot topic list.

• April 12, 2018 12 Apr'18

  Risk & Repeat: RSAC 2018 trends focus on AI, blockchain

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss the big questions ahead of RSA Conference 2018, as well as notable sessions and speakers scheduled for the event.

• April 12, 2018 12 Apr'18

  Cryptojacking attacks may not challenge ransomware dominance

  Cryptojacking attacks are on the rise, but experts are unsure if the threat can overtake the malware dominance of ransomware due to regulatory and profit questions.

• April 11, 2018 11 Apr'18

  Ransomware threat tops Verizon Data Breach Report

  After years of climbing the ranks in the Verizon Data Breach Investigations Report, the ransomware threat has finally taken the top spot as the most prevalent malware type.

• April 11, 2018 11 Apr'18

  RSAC 2018: Special conference coverage

  Find out what's happening at the information security industry's biggest event with breaking news and analysis by the SearchSecurity team at the RSA Conference 2018 in San Francisco.

• April 10, 2018 10 Apr'18

  WebAuthn API gets standards nod from W3C, FIDO Alliance

  W3C and the FIDO Alliance have given websites a new tool for doing FIDO-compliant authentication, as the WebAuthn authentication protocol is promoted to W3C Candidate Recommendation.

• April 06, 2018 06 Apr'18

  Misconfigured cloud storage leaves 1.5B files exposed

  Researchers found misconfigured cloud storage across multiple platforms left huge amounts of data exposed, including medical information and payroll data.

• April 06, 2018 06 Apr'18

  Risk & Repeat: New revelations in San Bernardino iPhone case

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss the OIG report's findings on the FBI's effort to unlock the iPhone of one of the San Bernardino terrorists.

• April 06, 2018 06 Apr'18

  Pipeline cyberattack shuts down natural gas company communications

  News roundup: A pipeline cyberattack shut down communications for several U.S. natural gas providers. Plus, Facebook removed accounts and pages run by the Russian IRA, and more.

• April 06, 2018 06 Apr'18

  Microsoft created Windows Defender flaw by breaking UnRAR code

  Microsoft's poor coding when forking and modifying open source UnRAR code introduced a critical Windows Defender flaw that could allow an attacker full system rights.

• April 05, 2018 05 Apr'18

  Intel's Spectre microcode patch not coming for older chips

  No Spectre microcode patches will be coming for older Intel processors, but the newest generation of Intel CPUs will have mitigations built in when they ship later this year.

• April 03, 2018 03 Apr'18

  Cloudflare 1.1.1.1 DNS promises more private web browsing

  Cloudflare promises its new 1.1.1.1 DNS service is faster and enables better privacy for web browsing than competing offerings, but it's unclear how different its service will be.

• March 31, 2018 31 Mar'18

  Privacy protections are needed for government overreach, too

  Following the Facebook-Cambridge Analytica controversy, major tech companies pledged to defend users from corporate data misuse, but they're ignoring a more serious privacy threat.

• March 30, 2018 30 Mar'18

  Kaspersky KLara malware hunter now open source

  Kaspersky's KLara tool has been made open source in an effort to help security professionals search related malware samples more easily and efficiently with distributed Yara rules.

• March 30, 2018 30 Mar'18

  Apple GDPR privacy protection will float everyone's privacy boat

  With its embrace of new tools for protecting consumer privacy, Apple GDPR privacy protection will be available to all users as the EU's new privacy protection legislation is set to start ...

• March 30, 2018 30 Mar'18

  OIG report on San Bernardino iPhone case criticizes FBI

  A new government report claims poor communication was to blame for the FBI's court case being filed against Apple despite a San Bernardino iPhone unlock method being almost ready at the time.

• March 30, 2018 30 Mar'18

  Risk & Repeat: IBM Think 2018 highlights AI, blockchain

  In this week's Risk & Repeat podcast, SearchSecurity editors recap IBM Think 2018 and discuss Watson's Law and Big Blue's pledge to keep user data safe from misuse and exposure.

• March 30, 2018 30 Mar'18

  New Facebook privacy features and bug bounty aim to repair damage

  News roundup: New Facebook privacy features and updates to the company's bug bounty program are being rolled out. Plus, Drupalgeddon 2.0 threatens over 1 million sites, and more.

• March 29, 2018 29 Mar'18

  RSA Innovation Sandbox highlights threat detection, AI

  Security startups competing in this year's RSA Innovation Sandbox will present new offerings for threat detection, cloud security, artificial intelligence and machine learning.

• March 28, 2018 28 Mar'18

  Windows Meltdown patches open up more severe issue

  A security researcher discovered the recent Windows Meltdown patches may fix the Intel flaws, but also introduced a more severe vulnerability in some versions of Windows.

• March 27, 2018 27 Mar'18

  RSA Conference keynotes miss the point of diversity

  RSA Conference keynotes now include a handful of distinguished women, but very few will be speaking about cybersecurity, falling short of truly equal representation.

• March 27, 2018 27 Mar'18

  Five days after Atlanta ransomware attack, recovery begins

  After battling the fallout from an Atlanta ransomware attack for five days, Mayor Keisha Bottoms said City Hall has finally begun to recover and turn systems back on.

• March 27, 2018 27 Mar'18

  TLS 1.3 update is finalized with encryption upgrade

  The IETF approves the TLS 1.3 encryption protocol upgrade after four years and 28 versions; improvements include better security and performance, as well as middlebox support.

• March 23, 2018 23 Mar'18

  CLOUD Act stirs tension between privacy advocates and big tech

  Privacy advocates criticize Congress for passing the CLOUD Act as part of the omnibus spending bill, while big tech companies have expressed support for the controversial legislation.

• March 23, 2018 23 Mar'18

  CSO Stamos leaving Facebook, according to reports

  News roundup: Is Alex Stamos leaving Facebook? The CSO hasn't confirmed, but reports say yes. Plus, an Orbitz breach exposed the payment card data of 880,000 people, and more.

• March 23, 2018 23 Mar'18

  AMD patches for Ryzen chip flaws due 'in the coming weeks'

  AMD patches are in the works for the Ryzen and EPYC chip flaws announced without the normal disclosure, but CTS Labs continues to stress the severity of the issues.

• March 22, 2018 22 Mar'18

  Watson's Law: IBM preaches data stewardship as A.I. advances

  At IBM's Think conference, executives discussed the importance of protecting and managing data as artificial intelligence offerings like Watson grow and touch more information.

• March 22, 2018 22 Mar'18

  SAP CSO Justin Somaini on using blockchain for security

  Blockchain has generated both hype and skepticism, but SAP CSO Justin Somaini believes the technology has applications for security that can improve open source software.

• March 21, 2018 21 Mar'18

  Durov refuses to hand over Telegram encryption keys to FSB

  CEO Pavel Durov continued to assert that Telegram encryption keys will not be shared with the FSB, despite the Russian Supreme Court denying the company's appeal.

• March 21, 2018 21 Mar'18

  Risk & Repeat: OURSA takes RSA Conference to task

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss the emergence of OURSA to highlight diversity and the RSA Conference's lack of female keynote speakers.

• March 21, 2018 21 Mar'18

  Firefox bug exposes passwords to brute force -- for nine years

  A Firefox bug exposing the browser's master password to a simple brute force attack against inadequate SHA-1 hashing is still on the books after nearly nine years.

• March 21, 2018 21 Mar'18

  How machine learning anomaly detection works inside SAP

  SAP CSO Justin Somaini discusses how SAP uses machine learning for security tasks, like anomaly detection, and compares supervised and unsupervised algorithms.

• March 20, 2018 20 Mar'18

  Illegitimate Facebook data harvesting may have affected elections

  A whistleblower claims a company with suspicious motives exploited Facebook data harvesting to build profiles on 50 million users and influence the 2016 U.S. presidential election and Brexit vote.

• March 20, 2018 20 Mar'18

  IBM outlines visions for crypto anchors, lattice cryptography

  At IBM's Think conference, Big Blue researchers discussed new security-centric projects around blockchain databases, crypto anchors and quantum-resilient encryption.

• March 16, 2018 16 Mar'18

  Russian government hacking earns U.S. sanctions, warnings

  The U.S. Treasury Department levied sanctions for Russian government hacking, as a joint alert from the FBI and DHS confirms election meddling and critical infrastructure attacks.

• March 16, 2018 16 Mar'18

  Following Equifax data breach, executive charged with insider trading

  News roundup: A CIO has been charged with insider trading after the Equifax data breach. Plus, Trump blocked Broadcom's acquisition of Qualcomm, and more.

• March 16, 2018 16 Mar'18

  Leaked report on AMD chip flaws raises ethical disclosure questions

  Researchers announced AMD chip flaws without the coordinated disclosure procedure, and a leak of the research to a short seller has raised further suspicions about the process.

• March 14, 2018 14 Mar'18

  Risk & Repeat: Assessing the Memcrashed attacks

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Memcrashed exploit and the recent trend of record-setting DDoS attacks against enterprises.

• March 13, 2018 13 Mar'18

  Researchers claim AMD flaws threaten Ryzen, EPYC chips

  Ryzen and EPYC AMD flaws were partially detailed with just 24 hours' disclosure notice, despite potentially significant exploits, including secure processor takeover or security bypass.

• March 13, 2018 13 Mar'18

  Binance bounty offered for info on attempted attack

  A failed attack led to a Binance bounty offer of $250,000 for information that leads to the arrest of the threat actors responsible for the attempted cryptocurrency theft.

• March 12, 2018 12 Mar'18

  Olympic Destroyer was a false flag cyberattack, research claims

  New research claims Olympic Destroyer was not the work of the North Korea-backed Lazarus Group; rather, it was a false flag cyberattack designed to mislead attribution efforts.

• March 09, 2018 09 Mar'18

  Tenable introduces Lumin cyber exposure platform

  Tenable.io Lumin enables organizations to gauge their 'cyber exposure' to vulnerabilities and allows them to compare remediation efforts against industry benchmark data.

• March 09, 2018 09 Mar'18

  OURSA takes on RSA Conference to highlight diversity

  News roundup: Our Security Advocates emerges amid criticism of RSA Conference's lack of female keynote speakers. Plus, a kill switch is discovered for the Memcrashed DDoS exploit, and more.

• March 09, 2018 09 Mar'18

  DHS cybersecurity audit scores below target security levels

  A DHS cybersecurity audit for FISMA compliance by the Office of Inspector General rated the agency below target levels in three of five areas of information security.

• March 08, 2018 08 Mar'18

  NSA tracking program watched foreign hackers in action

  Researchers discovered evidence of an NSA tracking program designed to watch nation-state hackers and gather information as attacks were in progress.

• March 07, 2018 07 Mar'18

  McAfee cloud security platform expands to Microsoft Azure

  In its first move following the acquisition of cloud access security broker Skyhigh Networks, McAfee extended its cloud security platform to Microsoft Azure customers.

• March 07, 2018 07 Mar'18

  Risk & Repeat: Trustico certificate drama a cause for concern

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss how a controversial move by reseller Trustico led to 23,000 Symantec SSL certificates being revoked.

• March 06, 2018 06 Mar'18

  Terabit DDoS attack hits 1.7Tbps and experts expect higher

  Five days after a record breaking terabit DDoS attack, a new 1.7Tbps DDoS attack was detected taking advantage of improperly secured memcached servers to launch a reflection attack.

• March 06, 2018 06 Mar'18

  Equifax data breach affected 2.4 million more consumers

  The massive Equifax data breach affected even more people. The startling total is now 147.9 million U.S. consumers who had their information stolen by hackers.

• March 02, 2018 02 Mar'18

  Cellebrite claims it can unlock Apple devices, but questions remain

  News roundup: Cellebrite claims it can unlock Apple devices, according to a Forbes report. Plus, iCloud encryption keys will now be stored in China, and more.

• March 02, 2018 02 Mar'18

  23,000 Symantec certificates revoked following leak of private keys

  DigiCert revoked 23,000 Symantec SSL certificates amid a public spat between the company and former reseller partner Trustico, which claimed the certificates were 'compromised.'

• March 01, 2018 01 Mar'18

  Memcrashed DDoS amplification exploits memcached UDP port

  Memcrashed, a devastating new DDoS amplification attack that exploits UDP port 11211, is only possible when memcached servers are exposed to the public internet.

• February 28, 2018 28 Feb'18

  Visa reports EMV chip cards thwart fraud, but criminals adapting

  Visa points to a 70% drop in fraud due to EMV chip cards, as consumers and merchants adopt the new payment card technology. But criminals are shifting their own focus to adapt.

• February 27, 2018 27 Feb'18

  New SAML vulnerability enables abuse of single sign-on

  Duo Security discovered a new SAML flaw affecting several single sign-on vendors that allows attackers to fool SSO systems and log in as other users without their passwords.

• February 27, 2018 27 Feb'18

  Risk & Repeat: Is the cyberthreat landscape shifting to cryptomining?

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss how new attacks, like cryptojacking, may be supplanting previous top cyberthreats, such as ransomware.

• February 27, 2018 27 Feb'18

  Ad network cryptojacking attack bypasses ad blockers

  Qihoo 360's Netlab team discovered an online ad network has been bypassing ad blockers and running cryptomining software in the browsers of unsuspecting visitors.