Security News > 2024 > March

C++ guru Herb Sutter writes about how we can improve the programming language for better security. The immediate problem "Is" that it's Too Easy By Default™ to write security and safety vulnerabilities in C++ that would have been caught by stricter enforcement of known rules for type, bounds, initialization, and lifetime language safety.

Google has introduced an updated Safe Browsing feature for Chrome on desktop and iOS, offering real-time protection against malicious sites while preserving user privacy. This enhancement allows Chrome to compare site URLs against Google's server-side database of known threats in real time, potentially blocking 25% more phishing attempts. Previously, Chrome relied on a locally-stored database updated every 30 to 60 minutes.The shift to server-side checks, announced in September 2023, aims to address the rapid growth of harmful websites and the brief existence of phishing domains. The new system checks URLs against cached safe URLs and previous Safe Browsing results. For URLs not in the cache,

Chinese users looking for legitimate software such as Notepad++ and VNote on search engines like Baidu are being targeted with malicious ads and bogus links to distribute trojanized versions of...

The classic tools and techniques adversaries deploy remain consistent-with some notable exceptions. Detections for malicious email forwarding rules rose by nearly 600%, as adversaries compromised email accounts, redirected sensitive communications to archive folders and other places users are unlikely to look, and attempted to modify payroll or wire transfer destinations, rerouting money into the criminal's account.

12.8 million new secrets occurrences were leaked publicly on GitHub in 2023, +28% compared to 2022, according to GitGuardian. Remarkably, the incidence of publicly exposed secrets has quadrupled since the company started reporting in 2021.

With new threats like AI and deepfake technology, the stakes are higher than ever to execute a strong cyber defense. Many human risk factors in particular - which represent today's biggest cybersecurity gap - remain unaddressed and outside of cybersecurity professionals' control.

In this Help Net Security video, Tracy Reinhold, CSO at Everbridge, discusses why AI technology must be embraced while also exploring some guardrails that must be in place to protect organizations...

In a letter to National Counterintelligence and Security Center director Michael Casey, US senator Ron Wyden urged the White House threat-intel arm to sound the alarm on commercial safes and locks. Most commercially available safes include manufacturer reset codes for their locks to help consumers if they lose or forget the code they set.

A new variant of StopCrypt ransomware was spotted in the wild, employing a multi-stage execution process that involves shellcodes to evade security tools. StopCrypt, also known as STOP Djvu, is the most widely distributed ransomware in existence that you rarely hear about.

A new variant of StopCrypt ransomware was spotted in the wild, employing a multi-stage execution process that involves shellcodes to evade security tools. StopCrypt, also known as STOP Djvu, is the most widely distributed ransomware in existence that you rarely hear about.