SolarWinds and Market Incentives
February 8 2023In early 2021, IEEE Security and Privacy asked a number of board members for brief perspectives on the SolarWinds incident while it was still breaking news. This was my...
Read moreOpenSSL fixes High Severity data-stealing bug – patch now!
February 8 20237 memory mismanagements and a timing attack. We explain all the jargon bug terminology in plain English...
Read moreCloud Apps Still Demand Way More Privileges Than They Use
February 8 2023Hackers can't steal a credential that doesn't exist.
Read more‘Money Lover’ Finance App Exposes User Data
February 8 2023A broken access control vulnerability could have led to dangerous follow-on attacks for users of the money-management app.
Read moreFresh, Buggy Clop Ransomware Variant Targets Linux Systems
February 8 2023For the moment, victims can decrypt data without paying a ransom. But Clop is a ransomware variant that has caused havoc on Windows systems, so that's bound to change.
Read moreKrebsOnSecurity in Upcoming Hulu Series on Ashley Madison Breach
February 8 2023KrebsOnSecurity will likely have a decent amount of screen time in an upcoming Hulu documentary series about the 2015 megabreach at marital infidelity site Ashley Madison. While I can't...
Read moreDPRK Using Unpatched Zimbra Devices to Spy on Researchers
February 8 2023Lazarus Group used a known Zimbra bug to steal data from medical and energy researchers.
Read moreNew Banking Trojan Targeting 100M Pix Payment Platform Accounts
February 8 2023New malware demonstrates how threat actors are pivoting toward payment platform attacks, researchers say.
Read more
Recent Comments