4 takeaways from Apple’s security blitz
Apple has recently introduced a standalone security research site, significant changes to its bug bounty program and a bevy of security-related updates with iOS 16.
A kaleidoscope of risk: What’s next for cyberinsurance
README excerpted this article from “Cyberinsurance Policy: Rethinking Risk in an Age of Ransomware, Computer Fraud, Data Breaches, and Cyberattacks."
Hear (some) evil: How video conferencing software can undermine security
Vulnerabilities in nigh-ubiquitous apps like Zoom, Microsoft Teams and Slack, combined with the behavioral changes that accompanied many people’s unexpected move to remote work, have had an outsized impact on security.
Inside the cloud’s digital fortresses
Cloud anthropologist Steven Gonzalez Monserrate is no stranger to the mysterious world of data center security, having studied the inner workings of the digital monoliths for years. Here’s what he found from visits in Iceland and the U.S.
Hacking in tongues: Malware authors shake up their programming languages
Malware creators are relying on relatively uncommon programming languages such as Rust, Go, and Swift — and not just because they’re sick of writing code in C. Defenders have been forced to keep up.
3 cybersecurity takeaways from “Hacker Summer Camp”
From vulnerabilities in Starlink user terminals to fresh iCalendar exploits, this year’s Black Hat and DEF CON conferences offered a fount of cybersecurity knowledge for hackers, policymakers and everyone else who braved the Las Vegas heat and monsoon weather.
3 infosec pros demystify Web3 security
Is the world of blockchain as intimidating as it sounds? Information security consultant Jackie Singh interviewed Web3 security practitioners to get their perspectives on the challenges and opportunities in securing these new internet technologies.
From subversives to CEOs: How radical hackers built today’s cybersecurity industry
README adapted this article from a January 2022 report by Matt Goerzen and Gabriella Coleman.
RaidForums was crumbling before its DOJ takedown — here’s why
Cybercriminals are selling “exclusive” stolen data to multiple customers, threatening the stability of illicit marketplaces before even considering Justice Department actions.
Ghosts of Log4j: Open-source vulnerabilities confound software developers
Most of the code in typical applications comes from open-source projects, importing dozens — and often, hundreds — of components created by volunteers. As the Log4j incident shows, those deep dependencies can carry critical vulnerabilities.