Security – Security

Windows 10 October 2018 Update is at last being pushed automatically

January 17, 2019 by Peter Bright

Peter Bright

Enlarge / Who doesn't love some new Windows? (credit: Peter Bright / Flickr) The ill-fated Windows 10 October 2018 Update has hitherto been offered only to those Windows users that manually sought it, either by using the dedicated upgrade and media creation tools or by manually checking for update in…

DNS tunneling techniques in cyberattacks

January 16, 2019 by Andrea Fortuna

Andrea Fortuna

How DNS tunneling can be used for data exfiltration? And how can be detected? DNS Tunneling is a technique that encodes data of other programs or protocols in DNS queries, including data payloads that can be added to an attacked DNS server and used to control a remote server and…

Windows 7 enters its final year of free support

January 14, 2019 by Peter Bright

Peter Bright

Enlarge / Licensing and support lifecycles are not really the easiest topics to illustrate. (credit: Peter Bright) Windows 7's five years of extended support will expire on January 14, 2020: exactly one year from today. After this date, security fixes will no longer be freely available for the operating system…

New Windows 10 build silences Cortana, brings passwordless accounts

January 4, 2019 by Peter Bright

Peter Bright

The latest Insider build of Windows 10, 18309, expands the use of a thing that Microsoft has recently introduced: passwordless Microsoft accounts. It's now possible to create a Microsoft account that uses a one-time code delivered over SMS as its primary authenticator, rather than a conventional password. In the new…

Bay Area: Join us 1/9 to talk about personal data security in 2019

January 3, 2019 by Annalee Newitz

Annalee Newitz

Enlarge / Askhan Soltani has worked with the FTC and as an independent researcher, exploring data privacy issues. Recently, he testified about Facebook's privacy policies before the US and UK governments. (credit: Ashkan Soltani) The Cambridge Analytica scandal. Data breaches at hotels, banks, rideshare companies, and hospitals. Facial recognition. DNA…

Concise Christmas Cryptography Challenges 2019

December 25, 2018 by Junade Ali

Junade Ali

Last year we published some crypto challenges to keep you momentarily occupied from the festivities. This year, we're doing the same. Whether you're bored or just want to learn a bit more about the technologies that encrypt the internet, feel free to give these short cryptography quizzes a go.We're withholding…

Firewall Rules – Priority and Ordering

December 21, 2018 by Alex Cruz Farmer

Alex Cruz Farmer

Firewall Rules are one of the best security features we released this year and have been an overwhelming success. Customers have been using Firewall Rules to solve interesting security related use cases; for example, advanced hotlink protection, restricting access to embargoed content (e.g. productId=1234), locking down sensitive API endpoints, and…

Banking-Grade Credential Stuffing: The Futility of Partial Password Validation

December 20, 2018 by Junade Ali

Junade Ali

Recently when logging into one of my credit card providers, I was greeted by a familiar screen. After entering in my username, the service asked me to supply 3 random characters from my password to validate ownership of my account.It is increasingly common knowledge in the InfoSec community that this…

Cryptography failure leads to easy hacking for PlayStation Classic

December 10, 2018 by Kyle Orland

Kyle Orland

Enlarge / The PlayStation Classic's internal USB, removed and picked at as part of the hacking effort. (credit: Yifan Lu / Twitter) In the days since the PlayStation Classic's official release, hackers have already made great progress in loading other PlayStation games (and even non-PlayStation software) onto the plug-and-play device.…

Marriott breach leaves 500 million exposed with passport, card numbers stolen

November 30, 2018 by Megan Geuss

Megan Geuss

Enlarge / Marriott Hotel brands like the W hotel were breached between 2014 and 2018. (credit: Craig Warga/Bloomberg via Getty Images) On Friday, Marriott International announced a system breach that has affected approximately 500 million customers, with stolen information including names, credit card numbers, mailing addresses, email addresses, and passport…

Now it’s Office’s turn to have a load of patches pulled

November 20, 2018 by Peter Bright

Peter Bright

Enlarge (credit: Benjamin) After endless difficulties with the Windows 10 October 2018 update—finally re-released this month with the data-loss bug fixed—it seems that now it's the Office team's turn to release some updates that need to be un-released. On November's Patch Tuesday two weeks ago, Microsoft released a bunch of…

Spectre, Meltdown researchers unveil 7 more speculative execution attacks

November 14, 2018 by Peter Bright

Peter Bright

Enlarge (credit: Aurich Lawson / Getty Images) Back at the start of the year, a set of attacks that leveraged the speculative execution capabilities of modern high-performance processors was revealed. The attacks were named Meltdown and Spectre. Since then, numerous variants of these attacks have been devised. In tandem, a…

Windows 10 October 2018 Update is back, this time without deleting your data

November 13, 2018 by Peter Bright

Peter Bright

Enlarge / This message, shown during Windows upgrades, is going to be salt in the wound. Just over a month since its initial release, Microsoft is making the Windows 10 October 2018 Update widely available today. The update was withdrawn shortly after its initial release due to the discovery of…

Easily setup a Onion Service using Docker

November 5, 2018 by Andrea Fortuna

Andrea Fortuna

Some time ago I’ve written a post about Tor Onion Services (formerly known as hidden services), and how to host them on a spare android smartphone. Tor makes possible for users to hide their locations while offering various kinds of services, such as web publishing or an instant messaging server.…

Free Cybersecurity training: my own list of materials

October 29, 2018 by Andrea Fortuna

Andrea Fortuna

There is a lot a material about Cybersecurity free available online.Yet, all too often this contents are rarely of high quality. In this post i want to share my own shortlist of (in my view) good quality online training courses. Hope it’s helpful! Cuckoo’s Egg Decompiled In the 1980’s, Cliff…

1 2 3 … 8 Next »