Search
Close this search box.
Search
Close this search box.

Hack iOS 10 and Get $1.5 Million

The stakes in the vulnerability acquisition and bug bounty game have just gone up several notches, with a well-known security startup now offering $1.5 million for a remote jailbreak in iOS 10. The payout was put on the table Thursday by Zerodium, a company that buys vulnerabilities and exploits for high-value target platforms and applications. The company […]

On the Wire Podcast: Jessy Irwin

Jessy Irwin makes her triumphant return to the podcast to help us work through our feelings about the Yahoo data breach, the NIST guidance on SMS two-factor authentication, and why we’re still giving terrible security advice to users. Dennis Fisher and Jessy also talk about what kind of breaches could be lurking on the horizon […]

Europol Warns That Ransomware is Biggest Online Threat

Ransomware has become the largest threat to consumers and businesses in the EU, according to a new threat report from Europol. The Internet Organized Crime Threat Assessment points to variants such as Cryptowall, Cryptolocker, Teslacrypt, and CTB-Locker as representing the biggest security problem for European users. Ransomware is not a new threat, but it’s evolved and […]

Senators Demand Answers of Mayer on Yahoo Data Breach

Six Democratic senators are demanding answers from Yahoo CEO Marissa Mayer about the massive data breach that the company disclosed last week. The legislators want to know when Yahoo discovered the breach, which occurred in 2014, and why it took so long to disclose it to the public. The Yahoo data breach involves information from […]

The Need for Multiple Layers of Security in the Contact Center

The wealth of information housed by contact centers can be leveraged by fraudsters for data mining and cross-channel attacks. In an effort to prevent phone fraud, many businesses implement authentication methods; however, most fail to administer the authentication required to provide a layered defense system. As social engineering and fraud technologies have become more advanced, […]

Facebook Releases Osquery Network Detection Tool for Windows

Facebook has released a new tool that allows administrators and security teams to search for malicious processes, browser extensions, or other problematic issues on their Windows networks. The tool, called osquery, has been available for a couple of years for Linux and OS X environments, but now Facebook engineers have published a Windows version. It’s […]

‘Putting in a Back Door Isn’t the Solution’ to Encryption Debate

Rep. Michael McCaul, the chairman of the House Committee on Homeland Security, said forcing vendors to install backdoors or intentionally weakened encryption in their products is not the solution to the disagreement over law enforcement access to encrypted devices and said there needs to be international standards for how the problem is handled. McCaul (R-Texas), speaking […]

Google Releases Tools to Improve CSP Protection for Web Apps

Google is releasing a pair of new tools to help developers create and implement safer content security policies to protect against cross-site scripting vulnerabilities in their web applications. And the company also is adding CSP adoption efforts to its bug bounty program. Content security policy is a method that enables developers to specify which scripts […]

Rooting Out Sensitive Data in Email With MailSniper

One of the more common ways for sensitive data to leak from an organization is through email. Whether intentionally or through carelessness, employees will often include passwords, financial information, and other important data in emails that wind up in the wrong hands. Depending upon the kind of information, this can either be slightly embarrassing or potentially catastrophic for […]