FBI releases Lockbit 2.0 ransomware-as-a-service IoCs
The Federal Bureau of Investigation (FBI) has released new Indicators of Compromise (IoC) details on Lockbit ransomware-as-a-service (RaaS).
encryption
NSA: New guidance to eliminate obsolete TLS protocols
The National Security Agency (NSA) has issued new guidance to eliminate obsolete Transport Layer Security (TLS) protocol configurations (such as TLS 1.0, TLS 1.1, SSLv2, SSLv3 and weak ciphers).
Kr00k: Wi-Fi encryption vulnerability impacts billion+ devices
Security researchers have discovered a new vulnerability dubbed Kr00k (or “KrØØk”) that impacts devices with Broadcom and Cypress Wi-Fi chips.
NSA: Guidance to mitigate cloud vulnerabilities
The National Security Agency (NSA) has released guidelines to help organizations mitigate cloud vulnerabilities. The NSA document includes four classes of vulnerabilities at most risk to threat actors.
WannaCry, Petya and Copycat Ransomware Expose Good History Lessons for Small Business and Enterprise Security
On May 12, 2017, the now infamous WannaCry ransomware burst onto the worldwide scene. WannaCry infected over 200,000 systems and 150 countries in just 3 days.
Bluetooth BR/EDR supported devices vulnerable to cyber attacks
Security researchers have identified a security vulnerability related to encryption on Bluetooth BR/EDR connections. As a result, an unauthenticated attacker near the vulnerable device could exploit the issue and escalate privileges or steal information.
WordPress 5.2 “Jaco” comes with new security features
WordPress version 5.2 dubbed “Jaco” is available for download and includes a number of new security features and improvements, such as digitally-signed updates, Site Health Check, and PHP error protection.
NIST SP 800-177 Revision 1: “Trustworthy Email”
The National Institute of Standards and Technology (NIST) has releases its Security Publication (SP) 800-177 Revision 1, that include security guidelines and recommendations for achieving “trustworthy email”.
Cold boot attack can expose encryption keys, data on laptops
Security researchers at F-Secure have uncovered a decade-old attack that exploits firmware weaknesses in laptops to expose encryption keys and sensitive data.
TLS 1.3 protocol is officially standard
The Transport Layer Security (TLS) 1.3 has officially become a standard last week. The new TLS standard now offers improved privacy, security and performance to the internet security protocol.