Researchers Find Multiple Bugs in Confide Messaging App
Researchers at IOActive have uncovered a number of serious security flaws in the Confide secure messaging app, some of which could allow an attacker to hijack a user’s session or impersonate a target user. Confide is one of the group of encrypted chat apps that have emerged in the last few years and promises end-to-end […]
Questions Arise Over CIA Handling of Vulnerabilities
The release of a large trove of documents and tools that are linked to CIA’s cyber espionage activities has raised a lot of questions, especially about the way that the agency and other government groups handle information on undisclosed vulnerabilities. Some of the documents, released by Wikileaks Tuesday, show that CIA has had access to […]
Nest Adds Two-Step Verification for Users
Nest, maker of smart home thermostats and other devices, is adding two-step verification to its authentication process, making it more difficult for attackers to take over users’ devices. The company said on Tuesday that it is implementing the ability for users to require a short code sent by SMS as part of the sign-in process […]
PSCU Partners with Pindrop to Fight Increasing Threat of Call Center Fraud
PSCU, the nation’s leading credit union service organization, has partnered with Pindrop to identify and prevent call center authentication fraud. Call center fraud occurs when criminals use the phone channel to impersonate consumers to gain access to their account funds and sensitive data. PSCU is the first credit union service provider to utilize Pindrop’s proprietary platform for […]
Bill Would Legalize Active Defense Against Hacks
A new bill intended to update the Computer Fraud and Abuse Act would allow victims of computer attacks to engage in active defense measures to identify the attacker and disrupt the attack. Proposed by Rep. Tom Graves (R-Ga.), the bill would grant victims of computer intrusions unprecedented rights. Known as the Active Cyber Defense Certainty […]
Multistage Malware Uses DNS System for Communications
Security researchers have identified a multi-stage piece of malware that uses a number of innovative tricks to stay persistent on infected machines and employs the DNS infrastructure as a command-and-control mechanism. The malware, analyzed by researchers at Cisco Talos, comes in the form of a rigged Word document contained in a phishing email. The document […]
Yahoo: 32 Million User Cookies Were Stolen
Yahoo executives didn’t understand the severity and scope of the 2014 attack that led to the theft of user data and, as a result, failed to investigate the incident as well as they should have, the company said in a regulatory filing. Attackers, who the company has said were state sponsored, compromised Yahoo’s network in […]
Cloudflare Says No Evidence Cloudbleed Bug Was Exploited
After further analysis of the memory leak bug disclosed last week, Cloudflare officials say they haven’t found any instances of customer passwords, credit card data, or health records leaking while the vulnerability was exposed. The vulnerability, now known as Cloudbleed, has joined the pantheon of Internet-scale bugs to emerge in the last few years, even though […]
On the Wire Podcast: Gary McGraw
There probably isn’t anyone more closely associated with the field of software security than Gary McGraw. He’s been thinking, writing, speaking, and studying the practice for more than two decades and has helped some of the world’s largest organizations develop and improve software security programs. In this episode, Dennis Fisher talks with Gary about his […]