News

News

• October 26, 2018 26 Oct'18

  Google sets Android security updates rules but enforcement is unclear

  The vendor requirements for Android are a strange and mysterious thing but a new leak claims Google has added language to force manufacturers to push more regular Android security updates. ...

• October 26, 2018 26 Oct'18

  Settlement in Yahoo data breach leaves company to pay $50M

  News roundup: The Yahoo data breach will cost the company another $50 million in a settlement deal. Plus, Check Point acquired cloud security company Dome9, and more.

• October 26, 2018 26 Oct'18

  WebExec vulnerability leaves Webex open to insider attacks

  A remote code execution flaw in Cisco Webex -- called WebExec -- could be an easy vector for insider attacks, and the researchers who found it say it's easier to exploit than detect.

• October 25, 2018 25 Oct'18

  Risk & Repeat: Facebook breach raises regulatory questions

  This week's Risk & Repeat podcast discusses new developments regarding Facebook's recent data breach, as well as the social networking giant's response to the incident.

• October 25, 2018 25 Oct'18

  Malwarebytes cybercrime report shows increase in attacks on businesses

  Malwarebytes' report, 'Cybercrime Tactics and Techniques Q3 2018,' highlights how businesses became the focus of cyberattacks versus consumers over the past three months.

• Sponsored News

  • It’s Time to Modernize Your SOC

    Sponsored by Microsoft - With the shift to remote work caused by COVID-19, Security Operations Centers (SOCs) are under more pressure than ever, particularly with many SOC workers also working from home. Today’s reality is that SOCs have to embrace a new way of working in order to keep their analysts and admins effective and to ensure that morale doesn’t collapse under the weight of too much work and pressure. See More

  • 6 Factors to Consider in Building Resilience Now

    Sponsored by Microsoft - COVID-19 has been, and continues to be, a stark reminder of the importance of business resilience. Organizations of all types and sizes have had to adjust to rapidly changing and unpredictable circumstances: A shift to remote work, supply chain disruptions, new digitally driven business models and an environment where uncertainty is the rule, not the exception. See More

  • Why Zero Trust, Why Now

    Sponsored by Microsoft - The concept of a Zero Trust cybersecurity architecture has been around for more than a decade, but adoption didn’t really begin to take hold until the past couple of years. As with many technology innovations, it hasn’t always been clear just what Zero Trust is all about and, more important, how to implement it easily and cost effectively. See More

  • 5 Best Practices To Secure Remote Workers

    Sponsored by Microsoft - The impact of COVID-19 has changed the dynamics and landscape of remote work for at least the foreseeable future and, probably, forever. All of a sudden, organizations across all industries had to scale remote workers at unprecedented intensity and speed. See More

  View All Sponsored News
• October 25, 2018 25 Oct'18

  FireEye ties Russia to Triton malware attack in Saudi Arabia

  FireEye security researchers claimed the Russian government was 'most likely' behind the Triton malware attack on an industrial control system in Saudi Arabia last year.

• October 23, 2018 23 Oct'18

  Healthcare.gov breach exposes data on 75,000 people

  Malicious actors attacked a back-end insurance system and the resulting Healthcare.gov breach exposed an unknown amount of data on 75,000 people.

• October 22, 2018 22 Oct'18

  Zero-day jQuery plugin vulnerability exploited for 3 years

  A zero-day in jQuery File Upload could affect thousands of projects because the jQuery plugin vulnerability has existed for eight years and actively exploited for at least three years.

• October 19, 2018 19 Oct'18

  Facebook hack the work of spammers, not foreign adversary

  News roundup: The Facebook hack was the work of spammers, according to The Wall Street Journal. Plus, 35 million voter records are for sale on the dark web, and more.

• October 19, 2018 19 Oct'18

  GreyEnergy threat group detected attacking high-value targets

  Researchers claim a new threat group called GreyEnergy is the successor to BlackEnergy, but experts are unsure if the evidence supports the claims or warnings of future attacks.

• October 19, 2018 19 Oct'18

  Risk & Repeat: Military cybersecurity scrutinized in GAO report

  This week's Risk & Repeat podcast discusses the GAO report on vulnerabilities and weaknesses in modern weapons systems and what they mean for the U.S. military.

• October 19, 2018 19 Oct'18

  (ISC)2: Cybersecurity workforce shortage nears 3 million worldwide

  With a workforce in short supply, the skills gap has affected the professional growth of security pros worldwide, an (ISC)2 Cybersecurity Workforce Study found.

• October 18, 2018 18 Oct'18

  New libSSH vulnerability gives root access to servers

  A 4-year-old libSSH vulnerability can allow attackers to easily log in to servers with full administrative control, but it is still unclear exactly how many devices are at risk.

• October 16, 2018 16 Oct'18

  Pentagon data breach exposed travel data for 30,000 individuals

  The Department of Defense said a Pentagon data breach exposed travel records for approximately 30,000 military and civilian personnel, but the investigation is still in progress.

• October 15, 2018 15 Oct'18

  Mystery around Trend Micro apps still lingers one month later

  The mystery around the Trend Micro apps that were removed from the Mac App Store continues despite Trend Micro's numerous updates on the matter.

• October 12, 2018 12 Oct'18

  Facebook breach affected 20 million fewer than thought

  The recent Facebook breach affected 20 million fewer accounts than was previously thought. The company now says 29 million accounts had data exposed to attackers.

• October 12, 2018 12 Oct'18

  Mozilla delays distrust of Symantec TLS certificates, Google doesn't

  Mozilla delays plans to distrust Symantec TLS certificates in Firefox because despite more than one year's notice, approximately 13,000 websites still use the insecure certificates.

• October 12, 2018 12 Oct'18

  Industroyer, NotPetya linked to TeleBots group by ESET researchers

  News roundup: An APT group called TeleBots group was linked to Industroyer malware and NotPetya ransomware, according to researchers. Plus, Imperva is acquired by Thoma Bravo and more.

• October 11, 2018 11 Oct'18

  Paul Vixie wants to stop malicious domains before they're created

  Farsight Security's Paul Vixie says his company's new research into domain name lifespans and causes of death shows the need for new policies and action to curb malicious domains.

• October 11, 2018 11 Oct'18

  U.S. weapon systems cybersecurity failing, GAO report says

  A U.S. Government Accountability Office report gave failing grades to military weapon systems cybersecurity, but some experts say the report should be a source of encouragement.

• October 11, 2018 11 Oct'18

  Patched MikroTik router vulnerability worse than initially thought

  Tenable Research finds new exploits of an already patched MikroTik router vulnerability that could enable hackers to launch remote code execution attacks.

• October 10, 2018 10 Oct'18

  Google security audit begets product changes, German probe

  A Google security audit uncovered a glitch in Google Plus that exposed data from nearly 500,000 accounts, causing the company to shutter the social network and spur a German data protection probe.

• October 09, 2018 09 Oct'18

  At (ISC)² Security Congress 2018, a congressman calls for action

  Rep. Cedric Richmond (D-La.) outlined three key strategies for addressing cybersecurity policy and workforce gaps.

• October 09, 2018 09 Oct'18

  U.S. government domain officials to start using 2FA

  The government domain registrar -- DotGov -- began rolling out two-factor authentication for officials managing .gov domains in order to mitigate against DNS hijacking.

• October 08, 2018 08 Oct'18

  Risk & Repeat: Inside the Facebook 2FA fail

  This week's Risk & Repeat podcast discusses the latest controversy for Facebook, which has been using two-factor authentication numbers for advertising purposes.

• October 05, 2018 05 Oct'18

  GRU indictment accuses 7 Russians in global cyberattacks

  The U.S., U.K. and other allies accused seven Russian military officers in cybercrimes around the world, and the GRU indictment from the U.S. formally pressed charges.

• October 05, 2018 05 Oct'18

  Compromised Supermicro chips reportedly infiltrated US

  News roundup: A Bloomberg report claimed China infiltrated U.S. companies and government agencies through tiny Supermicro chips on motherboards. Plus, a new Telegram flaw and more.

• October 04, 2018 04 Oct'18

  North Korean cybertheft of $100-plus million attributed to APT38

  Security researchers tracked an aggressive cybertheft campaign -- attributed to North Korean APT38 -- in which threat actors attempted to steal more than $1 billion and destroy all evidence along the way.

• October 03, 2018 03 Oct'18

  DigiCert, Gemalto and ISARA to provide quantum-proof certificates

  Quantum computing threats are on the horizon, but DigiCert, Gemalto and ISARA have teamed up to develop new quantum-proof digital certificates and remake the PKI industry.

• October 02, 2018 02 Oct'18

  Facebook GDPR fate uncertain following data breach

  Facebook's GDPR consequences are still up in the air following a data breach, as Irish regulators are waiting on more information before determining if the social network will face a fine.

• October 01, 2018 01 Oct'18

  FBI, DHS blaming the victims on Remote Desktop Protocol

  FBI, DHS call on users to mitigate Remote Desktop Protocol vulnerabilities and handle RDP exploits on their own, even as the "going dark" campaign continues unabated.

• September 28, 2018 28 Sep'18

  Facebook breach affected nearly 50 million accounts

  Nearly 50 million accounts were affected in a Facebook breach, but it is still unclear what data attackers may have obtained and who might have been behind the breach.

• September 28, 2018 28 Sep'18

  Risk & Repeat: NSS Labs lawsuit shakes infosec industry

  This week's Risk & Repeat podcast discusses NSS Labs' antitrust suit against several security vendors, including CrowdStrike and the Anti-Malware Testing Standards Organization.

• September 28, 2018 28 Sep'18

  UN exposes sensitive data on public Trello boards

  News roundup: The U.N. accidentally exposed credentials on public Trello boards. Plus, Uber is set to pay $148 million settlement following its 2016 data breach cover-up, and more.

• September 28, 2018 28 Sep'18

  DEF CON report: Election equipment plagued by 10-year-old flaw

  The DEF CON report from the 2018 Voting Village paints a troubling picture for election equipment vendors, including a machine with a flaw known since 2007 left unpatched.

• September 28, 2018 28 Sep'18

  Alphabet's Chronicle launches VirusTotal Enterprise

  VirusTotal has a new look, thanks to Alphabet's Chronicle, including new enterprise features for faster malware searches, as well as the ability to keep submitted data private.

• September 27, 2018 27 Sep'18

  Microsoft wants to eliminate passwords -- and there's an app for that

  At its Ignite 2018 conference, Microsoft declared an end to the password era and extended support for its Microsoft Authenticator app to Azure AD-connected apps.

• September 27, 2018 27 Sep'18

  Congressional websites need to work on TLS

  Congressional websites may not always have the best security, according to Joshua Franklin. Although, senators may be better at website security than House representatives.

• September 27, 2018 27 Sep'18

  Election website security a mess for states and candidates alike

  Joshua Franklin has been researching election website security for congressional candidates, and he found a lot of misconfigurations on official pages and other sites meant to confuse voters.

• September 26, 2018 26 Sep'18

  Controversial Chrome login feature to be partially rolled back

  Google will modify the next version of Chrome in an attempt to appease critics of the browser's cookie retention functionality and automatic Chrome login feature.

• September 26, 2018 26 Sep'18

  Browser Reaper POC exploit crashes Mozilla Firefox

  A security researcher developed a proof-of-concept attack on Firefox, called Browser Reaper, which can crash or freeze the browser. But he gave Mozilla short notice of the flaw.

• September 25, 2018 25 Sep'18

  Google Chrome sign-in changes cause confusion and concern

  Google Chrome sign-in changes are being criticized by experts, and poor communication from Google has led to more confusion about user privacy and consent.

• September 25, 2018 25 Sep'18

  Hardcoded credentials continue to bedevil Cisco

  Cisco hit by yet another new hardcoded credentials flaw, the latest in a long line of such flaws since last year, this time in its video surveillance manager appliance.

• September 25, 2018 25 Sep'18

  Cybersecurity Tech Accord expands with new members, partners

  Microsoft announced that, six months after its introduction, the Cybersecurity Tech Accord has nearly doubled its membership and partnered with the Global Forum on Cyber Expertise.

• September 24, 2018 24 Sep'18

  AI and machine learning expected to solve security problems

  A global Ponemon survey of security professionals found that many believe artificial intelligence and machine learning technology will improve enterprise and IoT security.

• September 21, 2018 21 Sep'18

  White House National Cyber Strategy praised by experts

  The new National Cyber Strategy released by the White House details plans for improving cybersecurity and garners positive early reviews from experts for its comprehensiveness.

• September 21, 2018 21 Sep'18

  Mirai botnet creators avoid jail time after helping the FBI

  News roundup: The Mirai botnet creators will not serve time in prison after they worked with the FBI. Plus, the Department of Defense updated its cyber strategy, and more.

• September 21, 2018 21 Sep'18

  CrowdStrike responds to NSS Labs lawsuit over product testing

  CrowdStrike and the Anti-Malware Testing Standards Organization responds the allegations made by NSS Labs in a bombshell antitrust suit over product testing practices.

• September 21, 2018 21 Sep'18

  State Department data breach exposes employee info

  A State Department data breach involving the agency's unclassified email system may have been due to a lack of multi-factor authentication, according to one expert.

• September 20, 2018 20 Sep'18

  Risk & Repeat: Trend Micro apps land in hot water

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss Trend Micro's Mac apps, which have come under fire for questionable data collection features.

• September 20, 2018 20 Sep'18

  GovPayNow leak exposes 14 million records dating back six years

  Experts question the security audit and government agency vetting that took place before the GovPayNow leak, which affected 14 million customer records dating back six years.

• September 19, 2018 19 Sep'18

  NSS Labs lawsuit takes aim at CrowdStrike, Symantec and ESET

  In an antitrust lawsuit, NSS Labs accused some of the top antimalware vendors in the industry, including CrowdStrike and Symantec, of conspiring to undermine its testing efforts.

• September 18, 2018 18 Sep'18

  WannaMine cryptojacker targets unpatched EternalBlue flaw

  Unpatched systems are still being targeted by the WannaMine cryptojacker, despite warnings and global cyberattacks using the EternalBlue exploit leaked from the NSA.

• September 17, 2018 17 Sep'18

  New Mirai variant attacks Apache Struts vulnerability

  New variants of the Gafgyt and Mirai botnets are targeting unpatched enterprise devices, which indicates a greater shift away from consumer devices, according to researchers.

• September 14, 2018 14 Sep'18

  What the GAO Report missed about the Equifax data breach

  The Government Accountability Office investigated the Equifax data breach, but the GAO's report leaves out several important points about the infamous incident.

• September 14, 2018 14 Sep'18

  Researchers bring back cold boot attacks on modern computers

  The idea of cold boot attacks began 10 years ago, but researchers at F-Secure found the attack can be used on modern computers to steal encryption keys and other data.

• September 14, 2018 14 Sep'18

  British Airways data breach may be the work of Magecart

  News roundup: The British Airways data breach may be the handiwork of hacking group Magecart, according to researchers. Plus, hacker Guccifer will be extradited to U.S., and more.

• September 13, 2018 13 Sep'18

  Trend Micro apps fiasco generates even more questions

  In addition to other Trend Micro apps banished from the Mac App Store for gathering data inappropriately, the company has admitted to publishing the Open Any Files app.

• September 12, 2018 12 Sep'18

  Risk & Repeat: Inside the GAO's Equifax breach report

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Government Accountability Office's report on the Equifax breach and the questions it raises.

• September 12, 2018 12 Sep'18

  Microsoft patches Windows ALPC flaw exploited in the wild

  Microsoft's September 2018 Patch Tuesday release included a fix for the Windows ALPC vulnerability that was exploited in the wild for about two weeks before being patched.

• September 12, 2018 12 Sep'18

  Jake Braun discusses the Voting Village at DEF CON

  The Voting Village at DEF CON 26 expanded its scope to test every aspect of election security that it could. Organizer Jake Braun discusses how it went and what's next.

• September 11, 2018 11 Sep'18

  Trend Micro apps on Mac accused of stealing data

  Researchers claimed Trend Micro apps in the Mac App Store were stealing data. The company removed the offending features, but researchers are still not sold on Trend Micro's excuse.

• September 11, 2018 11 Sep'18

  Robot social engineering works because people personify robots

  Brittany 'Straithe' Postnikoff studied robot social engineering and found personification of robots can lead to effective attacks, regardless of whether or not AI is involved.

• September 07, 2018 07 Sep'18

  Another mSpy leak exposed millions of sensitive user records

  News roundup: An mSpy leak has again exposed millions of customer records on the internet. Plus, the FIDO Alliance launched a biometrics certification, and more.

• September 07, 2018 07 Sep'18

  Lazarus Group hacker charged in WannaCry, Sony attacks

  The Department of Justice charged one Lazarus Group hacker, Park Jin Hyok, for his role in the WannaCry attack, Sony hack, SWIFT banking theft and more.

• September 07, 2018 07 Sep'18

  Misconfigured Tor sites leave public IP addresses exposed

  The anonymity of Tor is once again under scrutiny, as a researcher finds misconfigured Tor sites can expose the public IP address connected to a dark web site.

• September 06, 2018 06 Sep'18

  Risk & Repeat: Fortnite flaw disclosure enrages Epic Games

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss the dispute between Google and Epic Games over a newly disclosed flaw in the Android version of Fortnite.

• September 05, 2018 05 Sep'18

  Five Eyes wants to weaken encryption, or legislation may be needed

  Five Eyes -- the government intelligence alliance between Australia, Canada, New Zealand, the U.K. and the U.S. -- vows not to weaken encryption, while pushing for encryption backdoors.

• August 31, 2018 31 Aug'18

  Another patched Apache Struts vulnerability exploited

  News roundup: A new Apache Struts vulnerability was exploited in the wild mere days after it was patched. Plus, Facebook removes app over privacy concerns and more.

• August 30, 2018 30 Aug'18

  Risk & Repeat: Are the Meltdown and Spectre flaws overhyped?

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss whether or not Meltdown and Spectre deserved to be nominated for the Pwnie Awards' Most Overhyped Bug.

• August 30, 2018 30 Aug'18

  Congress wants CVE program changes from DHS and MITRE

  In a letter to DHS and MITRE, Congress said CVE program management has been 'insufficient' and called for the program to receive more consistent funding and additional oversight.

• August 29, 2018 29 Aug'18

  Windows 10 zero-day disclosed on Twitter, no fix in sight

  Security researcher SandboxEscaper released proof-of-concept code for a Windows 10 zero-day on Twitter, but Microsoft has no details for a potential patch.

• August 28, 2018 28 Aug'18

  Fortnite vulnerability on Android causes disclosure tension

  Epic Games patched a Fortnite vulnerability in its Android installer, but Google's disclosure policy comes under fire once again as Epic Games' founder called the disclosure 'irresponsible.'

• August 24, 2018 24 Aug'18

  NSA leaker Reality Winner sentenced to five years in jail

  NSA leaker Reality Winner sentenced to 63 months in prison for releasing classified documents detailing an attack by the Russian military against U.S. election systems.

• August 24, 2018 24 Aug'18

  Hundreds of Facebook accounts deleted for spreading misinformation

  News roundup: Social media platforms shut down accounts spreading misinformation. The Facebook accounts deleted were tied to Iran, Russia. Plus, Ryuk ransomware spreads, and more.

• August 23, 2018 23 Aug'18

  AI bias and data stewardship are the next ethical concerns for infosec

  AI bias and the need for data stewardship to prevent issues surrounding the trend of hoarding data are the next big ethical concerns for infosec, according to Laura Norén.

• August 23, 2018 23 Aug'18

  Laura Noren advocates data science ethics for employee info

  Expert Laura Norén believes companies should be held to standards of data science ethics both when it comes to customer data and also for the data collected about employees.

• August 23, 2018 23 Aug'18

  Risk & Repeat: Meltdown and Spectre disclosure in review

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss new insights -- and questions -- regarding the coordinated disclosure effort for Meltdown and Spectre.

• August 17, 2018 17 Aug'18

  DHS cybersecurity rhetoric offers contradictions at DEF CON

  The Vote Hacking Village at Defcon 26 in Las Vegas was an overwhelming jumble of activity -- a mock vote manipulated, children hacking election results websites, machines being disassembled -- and ...

• August 17, 2018 17 Aug'18

  Intel disclosed Spectre-like L1TF vulnerabilities

  News roundup: Intel disclosed L1TF vulnerabilities with similarities to Spectre, but with a focus on data. Plus, the NIST Small Business Cybersecurity Act is now a law, and more.

• August 17, 2018 17 Aug'18

  ICS security fails the Black Hat test

  Industrial control systems hit the mainstream at Black Hat this year, with over two dozen program sessions tackling different angles of the subject. The takeaway: Vendors still aren't really trying.

• August 16, 2018 16 Aug'18

  Finalized TLS 1.3 update has been published at last

  The finalized TLS 1.3 update has been published after a four-year process. The new protocol promises to be faster and more secure than its predecessor, TLS 1.2.

• August 15, 2018 15 Aug'18

  Infosec mental health support and awareness hits Black Hat 2018

  While burnout, depression and PTSD can affect anyone, infosec mental health still doesn't often get the attention it deserves, but Black Hat 2018 attempted to change that.

• August 14, 2018 14 Aug'18

  Google location tracking continues even when turned off

  New research has discovered mobile apps may still store where users have been even after Google location-tracking services have been turned off.

• August 14, 2018 14 Aug'18

  Amanda Rousseau on becoming a cybersecurity researcher

  Cybersecurity researcher Amanda Rousseau discusses the relationship between the infosec community and law enforcement and how to create the next generation of white hat hackers.

• August 14, 2018 14 Aug'18

  Amanda Rousseau talks about computer forensics investigations

  Amanda Rousseau, aka Malware Unicorn, discusses her time in computer forensics investigations with the DoD, as well as the joys of reverse engineering malware encryption by hand.

• August 13, 2018 13 Aug'18

  Lessons learned from Meltdown and Spectre disclosure process

  During a Black Hat 2018 session, Google, Microsoft and Red Hat offered a behind-the-scenes look at the disclosure and response effort for Meltdown and Spectre.

• August 10, 2018 10 Aug'18

  2018 Pwnie Awards cast light and shade on infosec winners

  The Meltdown and Spectre research teams won big at the Pwnie Awards this year at Black Hat, while the late-entry Bitfi Wallet team overwhelmingly won for Lamest Vendor Response.

• August 10, 2018 10 Aug'18

  Web cache poisoning attacks demonstrated on major websites, platforms

  PortSwigger's James Kettle doesn't believe web cache poisoning is theoretical and to prove it, he demonstrated several attacks on major websites and platforms at Black Hat 2018.

• August 10, 2018 10 Aug'18

  WhatsApp vulnerabilities let hackers alter messages

  News roundup: New WhatsApp vulnerabilities enabled hackers to alter messages sent in the app. Plus, the PGA was hit with a ransomware attack, and more.

• August 09, 2018 09 Aug'18

  Irregularities discovered in WinVote voting machines

  At Black Hat 2018, security researcher Carsten Schuermann unveiled the results of a forensic analysis of eight WinVote voting machines that had been used in Virginia elections.

• August 09, 2018 09 Aug'18

  Risk & Repeat: Can Disclose.io help protect vulnerability researchers?

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Disclose.io project and what it could mean for the future of security research and vulnerability disclosure.

• August 09, 2018 09 Aug'18

  Meltdown and Spectre disclosure suffered "extraordinary miscommunication"

  During a panel discussion at Black Hat 2018 on Meltdown and Spectre, Google explained how miscommunication left the company's incident response out of the early disclosure process.

• August 08, 2018 08 Aug'18

  Parisa Tabriz's Black Hat 2018 keynote challenges infosec's status quo

  In her Black Hat 2018 keynote, Google's Parisa Tabriz celebrated the unrecognized, long-term work that can cause real change in security and challenge the status quo.

• August 07, 2018 07 Aug'18

  Bugcrowd CTO explains crowdsourced security benefits and challenges

  In part two of this interview, Bugcrowd founder and CTO Casey Ellis discusses the value of crowdsourced vulnerability research, as well as some of the challenges.

• August 06, 2018 06 Aug'18

  BGP hijacking attacks target payment systems

  Researchers discovered a wave of BGP hijacking attacks aimed at DNS servers related to payment-processing systems in an apparent effort to steal money from unsuspecting users.

• August 06, 2018 06 Aug'18

  Coinhive malware infects tens of thousands of MikroTik routers

  The cryptominer Coinhive malware has infected tens of thousands of MikroTik routers around the world, as malicious actors take advantage of poor patching habits by users.

• August 03, 2018 03 Aug'18

  Disclose.io launches vulnerability disclosure 'safe harbor'

  News roundup: Disclose.io offers legal bug bounty framework to give researchers safe harbor from legal action for vulnerability disclosures. Plus, Stamos exits Facebook, and more.

• August 03, 2018 03 Aug'18

  Five things to watch for at Black Hat USA this year

  As Black Hat USA 2018 approaches, we take a quick look at trends in the conference agenda and sessions not to miss.

• August 03, 2018 03 Aug'18

  Reddit breach sparks debate over SMS 2FA

  Using two-factor authentication with one-time passwords sent via SMS has come under question again after a Reddit breach was blamed on the faulty 2FA method.