News

News

• November 03, 2017 03 Nov'17

  Certificate authority business undergoes major changes

  News roundup: Comodo and Symantec sales signal important changes in the certificate authority business. Plus, an Oracle vulnerability gets a CVSS score of 10.0, and more.

• November 02, 2017 02 Nov'17

  SAVE Act attempts to bolster election security

  Two senators introduced a bipartisan election security bill called the SAVE Act, which aims to improve voting infrastructure and harden state systems against attack.

• November 01, 2017 01 Nov'17

  Risk & Repeat: Responsible encryption ramps up

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss the recent push from law enforcement officials for responsible encryption and what that may mean.

• October 31, 2017 31 Oct'17

  The Equation Group malware mystery: Kaspersky offers an explanation

  Kaspersky Lab finally explained how it came to possess Equation Group malware, but does the company's latest statement answer enough questions about the ongoing drama?

• October 31, 2017 31 Oct'17

  Is "responsible encryption" the new answer to "going dark"?

  "Three may keep a Secret, if two of them are dead." So wrote Benjamin Franklin, in Poor Richard's Almanack, in 1735. Franklin knew a thing or two about secrets, as well as about cryptography, given ...

• Sponsored News

  • It’s Time to Modernize Your SOC

    Sponsored by Microsoft - With the shift to remote work caused by COVID-19, Security Operations Centers (SOCs) are under more pressure than ever, particularly with many SOC workers also working from home. Today’s reality is that SOCs have to embrace a new way of working in order to keep their analysts and admins effective and to ensure that morale doesn’t collapse under the weight of too much work and pressure. See More

  • 6 Factors to Consider in Building Resilience Now

    Sponsored by Microsoft - COVID-19 has been, and continues to be, a stark reminder of the importance of business resilience. Organizations of all types and sizes have had to adjust to rapidly changing and unpredictable circumstances: A shift to remote work, supply chain disruptions, new digitally driven business models and an environment where uncertainty is the rule, not the exception. See More

  • Why Zero Trust, Why Now

    Sponsored by Microsoft - The concept of a Zero Trust cybersecurity architecture has been around for more than a decade, but adoption didn’t really begin to take hold until the past couple of years. As with many technology innovations, it hasn’t always been clear just what Zero Trust is all about and, more important, how to implement it easily and cost effectively. See More

  • 5 Best Practices To Secure Remote Workers

    Sponsored by Microsoft - The impact of COVID-19 has changed the dynamics and landscape of remote work for at least the foreseeable future and, probably, forever. All of a sudden, organizations across all industries had to scale remote workers at unprecedented intensity and speed. See More

  View All Sponsored News
• October 31, 2017 31 Oct'17

  Google Buganizer flaw reveals unpatched vulnerability details

  A security researcher earned more than $15,000 by finding three flaws in the Google Issue Tracker, aka Buganizer, which revealed details on unpatched vulnerabilities.

• October 30, 2017 30 Oct'17

  Bad Rabbit ransomware data recovery may be possible

  Security researchers found a way to recover data locked by the Bad Rabbit ransomware without paying, and others said money might not have been the driver of the attacks.

• October 30, 2017 30 Oct'17

  Grossman: Cyberinsurance market is like the 'Wild West'

  Jeremiah Grossman, chief of security strategy at SentinelOne, talks with SearchSecurity about the value of cyberinsurance and why the rapidly growing market needs to mature.

• October 27, 2017 27 Oct'17

  DUHK attack puts random number generators at risk

  News roundup: Researchers find DUHK attacks can get around encrypted communications. Plus, FBI Director Wray criticizes mobile device encryption, and more.

• October 27, 2017 27 Oct'17

  Warning for Equifax security issues came months before breach

  A security researcher reportedly disclosed a number of Equifax security issues to the company months before the major data breach, and none of the problems were fixed.

• October 26, 2017 26 Oct'17

  Bad Rabbit ransomware attacks planned long ago

  The new Bad Rabbit ransomware spread through Russia and Ukraine, drawing comparisons to NotPetya, and researchers say the attacks were planned for a long time.

• October 26, 2017 26 Oct'17

  Risk & Repeat: Is vulnerability marketing problematic?

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss vulnerability marketing and compare how the recent KRACK attack and ROCA flaw were publicized and promoted.

• October 26, 2017 26 Oct'17

  The art of the cyber warranty and guaranteeing protection

  Jeremiah Grossman, chief of security strategy at SentinelOne, talks with SearchSecurity about the science of developing a cyber warranty for threat detection products.

• October 26, 2017 26 Oct'17

  Windows XP patches: Did Microsoft make the right decision?

  Microsoft had to make several tradeoffs when developing patches for Windows XP. Expert Nick Lewis explains what these tradeoffs were and how enterprises should respond.

• October 25, 2017 25 Oct'17

  NSA cyberweapons report follows Kaspersky transparency plan

  A Kaspersky transparency initiative and a full code review of its products are on the way, and a new Kaspersky statement explained how NSA cyberweapons were uploaded to its servers.

• October 24, 2017 24 Oct'17

  DHS' Dragonfly ICS campaign alert isn't enough, experts say

  The Department of Homeland Security released an alert confirming the Dragonfly ICS cyberattack campaign, but experts said more action is needed to protect critical infrastructure.

• October 20, 2017 20 Oct'17

  Google Play bug bounty hunts RCE vulnerabilities

  A Google Play bug bounty program, run by Google and HackerOne, asks testers to hunt for remote code execution vulnerabilities in some of the top Android apps.

• October 20, 2017 20 Oct'17

  Latest Kaspersky controversy brings new questions, few answers

  The Kaspersky controversy continued this week as the antivirus company responded to several explosive news stories about its relationship with the Russian government.

• October 20, 2017 20 Oct'17

  Advanced Protection Program locks down Google accounts

  Google's Advanced Protection Program greatly increases the security of user accounts, but the usability tradeoffs may not be worth it for average users.

• October 20, 2017 20 Oct'17

  Microsoft mum on 2013 database breach of bug tracking system

  News roundup: Former employees reveal a 2013 database breach exposed Microsoft's bug tracking system, DHS sets new rules for federal agencies on web, email security, and more.

• October 20, 2017 20 Oct'17

  Risk & Repeat: DEFCON tackles voting machine security

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss DEFCON's efforts to improve voting machine security in the wake of hacking threats during the 2016 election.

• October 18, 2017 18 Oct'17

  ROCA RSA flaw unveils secret keys on wide range of devices

  Researchers disclosed the ROCA RSA vulnerability as a dangerous flaw in the cryptographic code of Infineon chips that could undermine encryption key security for a number of devices.

• October 17, 2017 17 Oct'17

  KRACK WPA2 flaw might be more hype than risk

  Researchers discover a WPA2 vulnerability and brand it KRACK, but some experts say the early reports overstate the risk of the flaw and downplay the difficulty of an exploit.

• October 17, 2017 17 Oct'17

  Risk & Repeat: Kaspersky antivirus scans implicated in NSA breach

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss reports implicating Kaspersky antivirus scans in the recently disclosed breach at the National Security Agency.

• October 13, 2017 13 Oct'17

  DOJ's 'responsible encryption' is the new 'going dark'

  News roundup: The DOJ calls for 'responsible encryption' to comply with court orders. Plus, there's more bad cybersecurity news for banks, and Accenture data in AWS gets exposed.

• October 12, 2017 12 Oct'17

  DEFCON hopes voting machine hacking can secure systems

  The first official report on voting machine hacking from DEFCON suggests the need for pen testing, basic security guidelines and cooperation from local and federal governments.

• October 11, 2017 11 Oct'17

  October 2017 Patch Tuesday includes Windows zero-day fix

  The top priority for Microsoft's October 2017 Patch Tuesday goes to a Windows zero-day vulnerability, but IT should also beware of two publicly disclosed flaws.

• October 11, 2017 11 Oct'17

  Risk & Repeat: Scope of Equifax, Yahoo breaches expands

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss the expanding scope of the Equifax and Yahoo breaches and the long-term effects of these major security incidents.

• October 11, 2017 11 Oct'17

  Windows 10 patching could make older systems vulnerable

  Microsoft's practice of automatic Windows 10 patching could be uncovering vulnerabilities in older systems that can be exploited by attackers, Google researchers said.

• October 07, 2017 07 Oct'17

  NSA breach leads to theft of government spy software

  An NSA contractor became the target of a cyberattack after storing agency spying software on a personal device, and this NSA breach has caused a rise in fears regarding Russia.

• October 06, 2017 06 Oct'17

  Dnsmasq server flaws unmasked and patched by Google

  News roundup: Google researchers find and patch vulnerabilities in the Dnsmasq server that are used widely in routers and IoT devices. Plus, EU-U.S. Privacy Shield challenge and more.

• October 05, 2017 05 Oct'17

  Equifax breach impact expands, blame game continues

  The Equifax breach impact expanded and the company's former CEO answered questions in a congressional hearing, but experts were not satisfied by the answers.

• October 05, 2017 05 Oct'17

  Risk & Repeat: Are hacking victims taking too much blame?

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss comments from the FBI's Donald Freese on the practice of blaming and shaming hacking victims and its effects.

• October 05, 2017 05 Oct'17

  Yahoo data breach found to affect all 3 billion users

  Newly uncovered information indicated that all 3 billion users were affected by the 2013 Yahoo data breach, but Oath claimed passwords and credit card info was safe.

• October 03, 2017 03 Oct'17

  DHS cyberinsurance research could improve security

  A longitudinal cyberinsurance study performed by the Department of Homeland Security could improve enterprise security but the effects depend on the data collected, said experts.

• September 29, 2017 29 Sep'17

  Government data requests on the rise for Apple and Google

  One expert is concerned about the large increase of government data requests received by Apple and the effects this surveillance activity has on user privacy.

• September 29, 2017 29 Sep'17

  FBI's Freese: It's time to stop blaming hacking victims

  The FBI's Don Freese spoke at the (ISC)2 Security Congress this week about the need to end the practice of blaming hacking victims. But will infosec professionals listen?

• September 29, 2017 29 Sep'17

  Deloitte hack compromised sensitive emails, client data

  News roundup: During the Deloitte hack, attackers had access to client data and internal email servers. Plus, the U.S. asks China not to enforce its Cybersecurity Law, and more.

• September 29, 2017 29 Sep'17

  Proof-of-concept iOS exploit released by Google's Project Zero

  Google's Project Zero released a proof-of-concept iOS exploit similar to the Broadpwn Wi-Fi flaw that could allow an attacker to run code or implant a backdoor.

• September 28, 2017 28 Sep'17

  Network lateral movement from an attacker's perspective

  A security researcher describes the network lateral movement process from an attacker's perspective and a few key points of focus for IT pros, at DerbyCon.

• September 27, 2017 27 Sep'17

  Ransomware attackers using more sophisticated techniques

  At the (ISC)2 Security Congress, infosec professionals warned of sophisticated ransomware attackers that are using more advanced techniques to encrypt entire networks.

• September 27, 2017 27 Sep'17

  Risk & Repeat: Kaspersky ban turns ugly

  In this week's 'Risk & Repeat' podcast, SearchSecurity editors discuss the U.S. government's Kaspersky ban and how competitors like McAfee are trying to capitalize on it.

• September 27, 2017 27 Sep'17

  Windows digital signature bypassed with two registry edits

  The DerbyCon keynote covered why security research is an approachable field, as well as how to bypass a Windows digital signature check to run unwanted code.

• September 25, 2017 25 Sep'17

  Freese: Cyber-risk management is the key to good infosec hygiene

  Speaking at the (ISC)2 Security Congress, FBI Deputy Assistant Director Don Freese spoke about need for security pros to replace fear and emotion with proper cyber-risk management.

• September 22, 2017 22 Sep'17

  DerbyCon cybersecurity conference is unique and troubling

  Walking up to DerbyCon 7.0 cybersecurity conference it immediately has a very different feel from the "major" infosec conferences. Attendees would never be caught loitering outside of the Black Hat ...

• September 22, 2017 22 Sep'17

  Users plagued by iOS app security issues, according to new research

  News roundup: Researchers uncovered a large number of iOS app security risks. Plus, Viacom exposed its critical data through a misconfigured AWS S3 bucket, and more.

• September 21, 2017 21 Sep'17

  Undisclosed SEC breach may have led to illegal stock trades

  The U.S. Securities and Exchange Commission admitted a 2016 breach that was previously undisclosed may have enabled threat actors to engage in illegal stock trades.

• September 21, 2017 21 Sep'17

  Undocumented Word feature could lead to system information theft

  An undocumented Word feature found by Kaspersky Lab could lead to system information theft and affects users on both PCs and mobile devices.

• September 21, 2017 21 Sep'17

  Risk & Repeat: Equifax data breach fallout continues

  In this week's Risk & Repeat podcast, SearchSecurity editors continue discussing the Equifax data breach and examine new details about an Apache Struts flaw tied to the attack.

• September 19, 2017 19 Sep'17

  CCleaner malware spread via supply chain attack

  CCleaner malware was spread to users via an infected software update for close to one month, highlighting the dangers of supply chain attacks and the need for code signing.

• September 15, 2017 15 Sep'17

  Fearmongering around Apple Face ID security announcement

  As fears grow over government surveillance, the phrase "facial recognition" often triggers a bit of panic in the public, and some commentators are exploiting that fear to overstate any risks ...

• September 15, 2017 15 Sep'17

  DHS banned Kaspersky software from all government systems

  News roundup: DHS has banned Kaspersky software from use in government systems. Plus, the commonwealth of Virginia decided to do away with touchscreen voting machines, and more.

• September 15, 2017 15 Sep'17

  Apache Struts vulnerability blamed for Equifax data breach

  Equifax has confirmed an unpatched critical Apache Struts vulnerability was exploited in the breach that compromised the personal data of 143 million U.S. citizens.

• September 14, 2017 14 Sep'17

  BlueBorne Bluetooth vulnerabilities affect billions of devices

  A set of eight Bluetooth vulnerabilities, branded together as BlueBorne, affect billions of devices and could be one of the most dangerous issues, according to experts.

• September 13, 2017 13 Sep'17

  Equifax breach response deemed insufficient in multiple ways

  Experts criticized the Equifax breach response as insufficient, given the size and scope of the data loss, and they said the company was likely not prepared for such an incident.

• September 13, 2017 13 Sep'17

  Risk & Repeat: Equifax data breach response called into question

  In this week's Risk & Repeat podcast, SearchSecurity editors tackle the massive Equifax data breach and how the credit bureau's response to the security incident is creating more problems.

• September 13, 2017 13 Sep'17

  Apple claims iPhone X Face ID has better security than Touch ID

  Apple announced the new iPhone X Face ID system, which replaces Touch ID in favor of facial recognition and may offer 20 times fewer false positives than fingerprint scanning.

• September 08, 2017 08 Sep'17

  Equifax breach exposes 143 million consumers' personal data

  A massive Equifax breach, which was discovered in July, exposed the personal information, including names, birth dates and Social Security numbers, of 143 million Americans.

• September 08, 2017 08 Sep'17

  Six new vulnerabilities in Android bootloaders uncovered

  News roundup: Researchers used the new BootStomp tool to uncover six vulnerabilities in Android bootloaders. Plus, a new wave of AWS S3 bucket data leaks strikes and more.

• September 08, 2017 08 Sep'17

  Apache Struts vulnerability affects versions since 2008

  A researcher discovered a remotely exploitable Apache Struts vulnerability being actively exploited in the wild. A patch was released, and users were urged to update software immediately.

• September 07, 2017 07 Sep'17

  Dragonfly 2.0 hacker group seen targeting U.S. power grid

  Security researchers claim to be tracking a threat group called Dragonfly 2.0 hacker group that has been attacking critical infrastructure and setting up persistent infections on ICS networks.

• September 07, 2017 07 Sep'17

  SHA-1 hashes recovered for 320M breached passwords

  Security researchers once again proved how easy it can be to recover SHA-1 hashes by cracking the hashes on nearly 320 million passwords related to data breaches.

• September 06, 2017 06 Sep'17

  Risk & Repeat: Payment card security a growing concern

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss new research from Verizon on payment card security and the effectiveness of PCI DSS compliance for enterprises.

• September 01, 2017 01 Sep'17

  Intel kill switch ME code indicates connection to NSA

  Researchers discovered an Intel kill switch hiding in one of the chipmaker's software products, along with references to an NSA program focused on secure computing.

• September 01, 2017 01 Sep'17

  Enterprise compliance with PCI DSS is up, says Verizon

  News roundup: More than half of enterprises are in compliance with PCI DSS, according to a Verizon report. Plus, Turla is on the attack again with a new campaign, and more.

• September 01, 2017 01 Sep'17

  Risk & Repeat: Alternative infosec conferences on the rise

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss how smaller, more targeted infosec conferences are making a name for themselves in the shadow of much larger events.

• August 31, 2017 31 Aug'17

  Spambot email leak compromises 711M records

  An email leak containing 711 million records was found in a breach of a spambot list stored in the Netherlands and included both addresses and passwords used to access email accounts.

• August 29, 2017 29 Aug'17

  Kaspersky-Russian ties still unclear, despite FBI push

  The specter of Kaspersky-Russian ties has reportedly led to an FBI campaign urging private organizations to drop Kaspersky Lab products; experts urge the FBI to share more evidence.

• August 25, 2017 25 Aug'17

  Alleged Sakula malware attacker arrested by FBI

  The FBI arrested Chinese national Yu Pingan for alleged involvement with cyberattacks using the Sakula malware, the same malware reportedly used in the OPM breach.

• August 25, 2017 25 Aug'17

  U.S. government cybersecurity is a mess, according to officials

  News roundup: John McCain, NIAC and others called out the administration for not doing enough on U.S. government cybersecurity. Plus, the Ropemaker exploit alters emails, and more.

• August 24, 2017 24 Aug'17

  Google Chrome Enterprise adds management options

  The Google Chrome Enterprise offering officially allows organizations to manage Google Play Store apps, extensions, Microsoft Active Directory and integrate VMware on Chromebooks.

• August 23, 2017 23 Aug'17

  Project Treble is another attempt at faster Android updates

  Google has historically had a problem with getting mobile device manufacturers to push out Android updates, which has left hundreds of millions in the Android ecosystem at risk. Google hopes that ...

• August 23, 2017 23 Aug'17

  Risk & Repeat: Was the DNC hack an inside job?

  In this week's Risk & Repeat podcast, SearchSecurity editors examine claims from intelligence veterans that the DNC hack was an inside job, and not the work of Russian hackers.

• August 21, 2017 21 Aug'17

  iPhone Secure Enclave firmware encryption key leaked

  Experts and Apple say despite the leak of the iPhone Secure Enclave Processor encryption key that can be used to decrypt firmware code, user data and biometric information are still safe.

• August 18, 2017 18 Aug'17

  Valerie Plame: U.S. government cyberdefense must be improved

  Former CIA officer Valerie Plame discusses why America's cyberdefense is lagging behind -- and what the government and private sector should do to reverse the trend.

• August 18, 2017 18 Aug'17

  Offensive cyberweapons from enemies may be re-engineered

  The U.S. Defense Intelligence Agency wants to isolate, study, customize and re-engineer malware from adversaries to be used as its own offensive cyberweapons.

• August 18, 2017 18 Aug'17

  Hijacked Chrome extensions infect millions of users

  News roundup: Hackers leveraged eight hijacked Chrome extensions to attack 4.8 million browser users. Plus, Cloudflare stopped protecting a neo-Nazi website from DDoS attacks, and more.

• August 17, 2017 17 Aug'17

  NotPetya ransomware impact costs Maersk hundreds of millions

  Danish shipping giant A.P. Moller-Maersk said the NotPetya ransomware attacks severely damaged business processes and the impact has been estimated at as much as $300 million in lost revenue.

• August 17, 2017 17 Aug'17

  Authorities can't force smartphone access in iOS 11

  IOS 11 will allow users to avoid authorities attempting to force smartphone access by temporarily disabling biometric unlocking of mobile devices.

• August 16, 2017 16 Aug'17

  Risk & Repeat: MalwareTech indictment raises questions

  In this week's Risk & Repeat podcast, SearchSecurity editors explore the FBI's case against security researcher Marcus Hutchins, better known as MalwareTech.

• August 15, 2017 15 Aug'17

  Mobile data theft a risk from shared app libraries

  Researchers claim malicious actors could commit mobile data theft by using shared third-party libraries and abusing elevated privileges that the permissions granted.

• August 11, 2017 11 Aug'17

  Microsoft antivirus policy changes under Kaspersky pressure

  Microsoft antivirus policy changes for Windows 10 Fall Creators Update in order to avoid further action in an antitrust case brought by Kaspersky.

• August 11, 2017 11 Aug'17

  FBI's Next Generation Identification system exempt from Privacy Act

  News roundup: The FBI Next Generation Identification biometrics database is exempt from the Privacy Act. Plus, Salesforce fired two top staffers after DEFCON, and more.

• August 11, 2017 11 Aug'17

  U.S. attorney: Gathering cybercrime evidence can be difficult

  Assistant U.S. attorney says jurors and courts are getting smarter about cybercrime evidence, although digital cases overall may be getting more difficult to prosecute.

• August 11, 2017 11 Aug'17

  How threat actors weaponized Mia Ash for a social media attack

  Dell SecureWorks researchers detected suspicious activity on social media accounts of Mia Ash. When they dug deeper, they discovered a new, complex social engineering attack.

• August 10, 2017 10 Aug'17

  Risk & Repeat: Voting machine hacking brings good and bad news

  In this week's Risk & Repeat podcast, SearchSecurity editors look back at DEFCON 2017's voting machine hacking and what it could mean for the future of U.S. election security.

• August 09, 2017 09 Aug'17

  Windows 10 Linux subsystem gets first patches

  Microsoft's August 2017 Patch Tuesday brought the first Windows 10 Linux subsystem patches, just as a new version of the Linux subsystem is released for Windows Server.

• August 08, 2017 08 Aug'17

  The Symantec-Google feud can't be swept under the rug

  The Symantec-Google feud regarding the antivirus vendor's web certificate practices appears to be over. But that doesn't mean it should be minimized or ignored.

• August 04, 2017 04 Aug'17

  Ransomware recovery goes beyond data loss for enterprises

  Enterprises may see paying up as a quick path to ransomware recovery, but experts said there are many issues to consider when making that choice.

• August 04, 2017 04 Aug'17

  IoT device security bill mandates security standards

  News roundup: U.S. Senators introduce a bipartisan bill to standardize IoT device security for government vendors. Plus, Anthem suffers another data breach, and more.

• August 03, 2017 03 Aug'17

  MalwareTech arrested for Kronos banking Trojan connection

  The FBI arrested the famed security researcher known as MalwareTech after a two-year investigation into the creation and distribution of the Kronos banking Trojan.

• August 03, 2017 03 Aug'17

  Symantec Website Security, certificate authority business sold to DigiCert

  DigiCert agrees to buy majority stake in Symantec Website Security just days after Google releases an April 2018 distrust date for Symantec certificates.

• August 02, 2017 02 Aug'17

  Hacking voting machines takes center stage at DEFCON

  DEFCON attendees were successful in hacking voting machines and now that there is proof the systems are insecure, more work needs to be done to change election laws and practices.

• August 02, 2017 02 Aug'17

  Risk & Repeat: Black Hat 2017 highlights

  In this week's Risk & Repeat podcast, SearchSecurity editors recap Black Hat 2017 and discuss some of the big news from the event, including the Broadpwn remote exploit.

• August 01, 2017 01 Aug'17

  Experts debate Vulnerabilities Equities Process disclosure

  Experts debated how the government should weigh disclosure in the Vulnerabilities Equities Process and whether to err on the side of offense or defense.

• July 28, 2017 28 Jul'17

  Breaking down the Broadpwn exploit, world's first Wi-Fi worm

  At Black Hat 2017, Exodus Intelligence researcher Nitay Artenstein unveiled the Broadpwn exploit, which he called the world's first Wi-Fi worm and which puts billions of iOS and Android devices at risk.

• July 28, 2017 28 Jul'17

  Risk & Repeat: Why are Amazon S3 buckets spilling on the web?

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss the series of enterprise data leaks through misconfigured Amazon S3 buckets and what should be done about them.

• July 28, 2017 28 Jul'17

  Adobe's Flash end of life scheduled, finally, for 2020

  News roundup: Adobe announced that Flash end of life will happen by the end of 2020. Plus, Microsoft expands its bug bounty program, the 2017 Pwnie Awards winners, and more.

• July 28, 2017 28 Jul'17

  Who are the Shadow Brokers? Signs point to an intelligence insider

  At Black Hat 2017, security researcher Matt Suiche analyzed the Shadow Brokers dumps, postings and behavior to get to the bottom of one of the infosec industry's biggest questions.

• July 28, 2017 28 Jul'17

  Cyber-risk analysis, time are keys to infosec says game theory

  Analyzing infosec through the lens of game theory shows that cyber-risk analysis and wasting attacker time may be highly effective cybersecurity strategies.