News Category: Security

Best VPNs for Linux

Linux-based operating systems are still a very small part of the desktop market, but that hasn't stopped VPN services from providing client applications. The best we’ve found are from ExpressVPN, NordVPNand VPN Unlimited. Eight of the VPN services we've reviewed have either command-line-interface (...
Read 0 Comments

Compromised npm Package: event-stream

Ownership of a popular npm package, event-stream, was transferred by the original author to a malicious user, right9ctrl. This package receives over 1.5mm weekly downloads and is depended on by nearly 1,600 other packages. The malicious user was able to gain the trust of the original author by...
Read 0 Comments

Beyond Passwords: 2FA, U2F and Google Advanced Protection

Last week I wrote a couple of different pieces on passwords, firstly about why we're going to be stuck with them for a long time yet and then secondly, about how we all bear some responsibility for making good password choices. A few people took some of the points I made in those posts as being...
Read 0 Comments

Tim Berners-Lee Introduces "Solid" Decentralized Identity Platform

​Solid is a new decentralized identity platform from WWW Creator Tim Berners-Lee which provides a mechanism for users to own and better control the usage of their data. With several large companies trusted with large amounts of user data, and with several high profile data breaches and misuses of...
Read 0 Comments

New Intel CPU Flaw Exploits Hyper-Threading to Steal Encrypted Data

A team of security researchers has discovered another serious side-channel vulnerability in Intel CPUs that could allow an attacker to sniff out sensitive protected data, like passwords and cryptographic keys, from other processes running in the same CPU core with simultaneous multi-threading...
Read 0 Comments

New Security Flaw Impacts Most Linux and BSD Distros

Issue is only a privilege escalation flaw but it impacts a large number of systems. Linux and BSD variants that employ the popular X.Org Server package --almost all do-- are vulnerable to a new vulnerability disclosed on Thursday. The vulnerability allows an attacker with limited access to a system...
Read 0 Comments

Secure Apache with Let's Encrypt on Debian 9

Let’s Encrypt is a certificate authority created by the Internet Security Research Group (ISRG). It provides free SSL certificates via fully automated process designed to eliminate manual certificate creation, validation, installation and renewal. Certificates issued by Let’s Encrypt are are valid...
Read 0 Comments

New Security Woes for Popular IoT Protocols

Researchers at Black Hat Europe will detail denial-of-service and other flaws in MQTT, CoAP machine-to-machine communications protocols that imperil industrial and other IoT networks online. Security researcher Federico Maggi had been collecting data – some of it sensitive in nature – from hundreds...
Read 0 Comments

Around 62 Percent of All Internet Sites Will Run an Unsupported PHP Version in 10 Weeks

The highly popular PHP 5.x branch will stop receiving security updates at the end of the year. According to statistics from W3Techs, roughly 78.9 percent of all Internet sites today run on PHP.  But on December 31, 2018, security support for PHP 5.6.x will officially cease, marking the end of all...
Read 0 Comments

Yubico Launches New Lineup of Multifactor FIDO2 Security Keys

It’s an open secret that passwords aren’t the most effective way to protect online accounts. Alarmingly, three out of four people use duplicate passwords, and 21 percent of people use codes that are over 10 years old. (In 2014, among the five most popular passwords were “password,” “123456,” and “...
Read 0 Comments

Pages

Click Here!