CWE list now includes hardware security weaknesses
The Mitre Corporation has released version 4.0 of the Common Weakness Enumeration (CWE) list, which has been expanded to include hardware security weaknesses. About CWE The …
A new way for securing web browsers from hackers
A powerful new approach to securing web browsers is getting its first real-world application in the Firefox browser. Developed by a team of researchers from The University of …
Modern malware is increasingly leveraging evasive behaviors
Modern malware is increasingly leveraging evasive behaviors, a new report by VMware Carbon Black released at RSA Conference 2020 has revealed. The report uncovers the top …
One in five SMBs use no endpoint security at all
An alarming number of SMBs (small to medium businesses) in the US and UK are not prepared for a potential cyber attack or breach, BullGuard warns. One-third of companies with …
What is driving the machine identity crisis?
Every machine needs a unique identity in order to authenticate itself and communicate securely with other machines. This requirement is radically changing the definition of …
Flaw affecting 1B+ Wi-Fi-enabled devices allows attackers to decrypt wireless network packets
ESET researchers have discovered Kr00k (CVE-2019-15126), a previously unknown vulnerability in Wi-Fi chips used in many client devices, Wi-Fi access points and routers. Kr00k …
Photos: RSA Conference 2020, part 2
RSA Conference 2020 is underway at the Moscone Center in San Francisco. Check out our microsite for the conference for all the most important news. Part one of the photos is …
Attackers probing for vulnerable Microsoft Exchange Servers, is yours one of them?
CVE-2020-0688, a remote code execution bug in Microsoft Exchange Server that has been squashed by Microsoft in early February, is ripe for exploitation and could become a …
Shadow IoT: A growing threat to enterprise security
Zscaler released their second annual IoT report, compiled after analyzing their customers’ IoT transactions in the Zscaler cloud for two weeks. The company found 553 …
Google fixes another Chrome zero-day exploited in the wild
For the third time in a year, Google has fixed a Chrome zero-day (CVE-2020-6418) that is being actively exploited by attackers in the wild. About CVE-2020-6418 No details have …
Almost three-quarters of all phishing sites now use SSL protection
The total number of phishing sites detected by the Anti-Phishing Working Group (APWG) worldwide in October through December 2019 was 162,155, following the all-time-high of …
Mixed-signal circuits can stop side-channel attacks against IoT devices
Purdue University innovators have unveiled technology that is 100 times more resilient to electromagnetic and power attacks, to stop side-channel attacks against IoT devices. …