News

News

• January 09, 2018 09 Jan'18

  Intel keynote misses the mark on Meltdown and Spectre vulnerabilities

  With CEO Brian Krzanich's keynote at the 2018 Consumer Electronics Show, Intel missed an opportunity for the Meltdown and Spectre vulnerabilities.

• January 05, 2018 05 Jan'18

  Huge coordinated vulnerability disclosure needed for Meltdown

  Unprecedented Spectre and Meltdown CPU flaws required a vast coordinated vulnerability disclosure effort over six months and across dozens of organizations.

• January 05, 2018 05 Jan'18

  A DHS data breach exposed PII of over 250,000 people

  News roundup: A DHS data breach exposed PII of 250,000 federal employees, as well as investigative data from 2002 to 2014. Plus, a new bill aims to nix paperless voting, and more.

• January 04, 2018 04 Jan'18

  Meltdown and Spectre patches and mitigations released

  Vendors released the vulnerability disclosures and patches for the new Meltdown and Spectre CPU attacks as the infosec industry begins mitigating risks.

• January 03, 2018 03 Jan'18

  Intel CPU flaw gets third-party patch but no details

  Release of a third-party patch for a mysterious Intel CPU flaw led to many questions but few answers, and details on the issue may not be imminent.

• January 03, 2018 03 Jan'18

  Risk & Repeat: The TLS 1.3 clock continues to click

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss the long wait for TLS 1.3 and the effects -- positive and negative -- the delays have had for enterprise security.

• January 02, 2018 02 Jan'18

  IOHIDeous is a macOS zero-day for the new year

  A newly discovered macOS zero-day flaw, called IOHIDeous, affects all versions of Apple's desktop operating system and can allow for full-system compromise.

• December 29, 2017 29 Dec'17

  Browser login managers allow tracking scripts to steal credentials

  News roundup: Login managers enable the exposure of user credentials in over 1,000 websites. Plus, Mozilla patched a critical vulnerability in Thunderbird, and more.

• December 29, 2017 29 Dec'17

  Official TLS 1.3 release date: Still waiting, and that's OK

  Protocol scrutiny is good for the upcoming TLS 1.3 update as the process continues to expose, and fix, problems.

• December 29, 2017 29 Dec'17

  Risk & Repeat: Cybersecurity predictions for 2018

  In this week's Risk & Repeat podcast, SearchSecurity editors offer their cybersecurity predictions for 2018, including forecasts for cryptojacking, DDoS attacks and other threats.

• December 28, 2017 28 Dec'17

  After 2017, data breach fatigue should be a thing of the past

  Data breach fatigue should be put on hold after the Equifax data breach and Uber hack taught us painful lessons about enterprise security shortcomings.

• December 27, 2017 27 Dec'17

  North Korea's Lazarus Group sets sights on cryptocurrency

  Researchers believe North Korean nation-state hackers from the Lazarus Group are targeting cryptocurrency exchanges and owners in a wave of financially motivated attacks.

• December 22, 2017 22 Dec'17

  Cryptocurrency exchanges increasingly targeted by cyberattacks

  News roundup: Cryptocurrency exchanges are folding because of targeted cyberattacks. Plus, five hackers were arrested in connection with international ransomware attacks, and more.

• December 22, 2017 22 Dec'17

  Risk & Repeat: Cryptojacking looms amid the bitcoin boom

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss the rising threat of cryptojacking and how hackers can steal computing power from unsuspecting users.

• December 20, 2017 20 Dec'17

  White House WannaCry attribution leaves unanswered questions

  The White House's WannaCry attribution included the broad strokes, experts say, but the case avoided some key pieces of information, such as the role of the NSA in the attacks.