Security News > 2021 > January

Researchers have found a way to clone Google's Titan Security Keys through a side-channel attack, but conducting an attack requires physical access to a device for several hours, as well as technical skills, custom software, and relatively expensive equipment. A new attack method against such devices was described by researchers from NinjaLab, a France-based company that specializes in the security of cryptographic implementations.

A cryptocurrency mining campaign targeting macOS is using malware that has evolved into a complex variant giving researchers a lot of trouble analyzing it. A recently observed variant makes analyzing even more difficult as it embeds a run-only AppleScript into another scripts and uses URLs in public web pages to download the actual Monero miner.

If you’re a WhatsApp user, pay attention to the changes in the privacy policy that you’re being forced to agree with. In 2016, WhatsApp gave users a one-time ability to opt out of having account...

Romanian cybersecurity firm Bitdefender has released a free decryptor for the DarkSide ransomware to allow victims to recover their files without paying a ransom. The DarkSide ransomware decryption tool can be downloaded from BitDefender and it will allow you to scan your entire system or just a single folder for encrypted files.

Online surveys and form building software as a service Typeform has patched an information hijacking vulnerability. The flaw which existed in Typeform's Zendesk Sell app integration could let attackers quietly redirect form submissions with potentially sensitive data to themselves.

Kaspersky researchers found that the Sunburst backdoor, the malware deployed during the SolarWinds supply-chain attack, shows shared features with Kazuar, a.NET backdoor tentatively linked to the Russian Turla hacking group. Kazuar is one of the tools used during past Turla operations and, according to Kaspersky, it shares several of its features with the malware created by the group behind the SolarWinds hack.

I recently watched my team composing some music for a cybersecurity awareness project and using it to take an immersive Dark Web Mission Control Centre to a whole new level. It got me thinking about what we - i.e., the cybersecurity industry - can learn from music.

If you're in a hands-on cybersecurity role that requires some familiarity with code, chances are good that you've had to think about SQL injection over and over again. SQL injection is such a bug, still being leveraged by script kiddies looking to make a quick buck on the dark web.

Though he started his working life in electronics engineering, the world of sales and marketing "Really lit a fire," and he's been growing his career for years by purposely seeking sales experience across as many mediums as possible. "A sale of a cybersecurity solution is not quite the same as in many other areas of technology, because the risk and therefore the opportunity is constantly evolving," he told Help Net Security.

The 5G ecosystem is reaching a level of technology maturity much more rapidly than earlier generations, enabling operators to develop network deployment and go to market strategies with mass-market appeal and scalable across evolving B2C, B2B and B2B2X business models. Strategy Analytics' report reviews 5G commercial developments to date and provides recommendations to operators on how to build competitive, differentiated 5G value propositions.