Hear (some) evil: How video conferencing software can undermine security
Vulnerabilities in nigh-ubiquitous apps like Zoom, Microsoft Teams and Slack, combined with the behavioral changes that accompanied many people’s unexpected move to remote work, have had an outsized impact on security.
Biometrics are key to a passwordless future. They also pose vexing cyber risks
Verifying users based on their fingerprints, irises or some other biological measurement could backfire for Big Tech if companies fail to heed cybersecurity threats.
‘Once-in-a-generation’ Log4j vulnerability could linger for a decade — cyber safety board
In its first-ever report for the Department of Homeland Security, a group of top government and industry cyber experts said the Log4j vulnerability triggered “one of the most intensive cybersecurity community responses in history” last December — and it’s far from over.
Deep-rooted firmware cyberthreats put defenders in a bind
Recent cyberthreats targeting firmware technology have underscored how tricky it is to weed out malware that can start wreaking havoc before infected computers even boot up.
When security updates go wrong: Patch problems plague tech giants
Keeping software up to date is a mainstay of good cybersecurity hygiene. But in rare cases when patches backfire — either by introducing new, more severe software flaws or failing to fix the old ones — it can set off a scramble to set things right.
From programmer to pwner: My zero-day journey to Pwn2Own
Security researcher Vera Mens and her colleagues on Claroty’s Team82 took on some of the toughest challenges in the industrial cybersecurity field at Pwn2Own Miami.
Ghosts of Log4j: Open-source vulnerabilities confound software developers
Most of the code in typical applications comes from open-source projects, importing dozens — and often, hundreds — of components created by volunteers. As the Log4j incident shows, those deep dependencies can carry critical vulnerabilities.
U.S. warns of Russian hacking threat as dangerous malware snaps into focus
The newly discovered Pipedream malware is aimed at American energy companies’ critical networks with alarming precision. Though it was caught before it could be used, the hacking tool’s emergence against the backdrop of war in Ukraine has drawn stark warnings from the U.S. and its allies.
Back-to-back industrial cyberthreats alarm global energy sector
Cybersecurity officials in the U.S. and Ukraine have exposed two powerful hacking tools aimed at the industrial control systems that underpin critical energy networks.
Documents reveal depth of anxiety over possible Russian cyberattacks on U.S. grid
A trove of emails from top Homeland Security officials expose how the U.S. government scrambled to ensure the defenses of American utilities after Russia brought down parts of Ukraine’s power grid in 2015.
Page