Admin

A U.S. grand jury has taken the extraordinary step of indicting 13 Russian nationals and three Russian companies for allegedly interfering with the U.S. political system, including the 2016 presidential election, in what the Department of Justice portrays as "information warfare against the United States." (Also see: Russian Indictments: 'It's About Time')

The goal of the effort was spreading distrust toward the candidates and the political system in general, according to federal prosecutors. The effort allegedly included extensive use of social media and the creation of a virtual private network in the U.S. It even involved recruiting and paying Americans to engage in political activities, promote political campaigns and stage...

A set of vulnerabilities in AMD chipsets that gives attackers enduring persistence on computers appears to be legitimate. But experts are questioning the motivations of the Israeli security company that found the flaws, contending it ambushed AMD to maximize attention.

The vulnerabilities were found by CTS, a company founded last year by an Israeli man named Ido Li On. According to the CTS website, his firm develops security systems for embedded systems and application-specific integrated circuits, or ASICs.

On Tuesday, CTS launched an AMD Flaws website and released a "Severe Security Advisory on AMD Processors" white paper outlining flaws it says it found in AMD's Zen processors, including EPYC, Ryzen, Ryzen Pro and Ryzen Mobile....

DPR compliance. New uses for blockchain. IoT security. These are some of the hottest topics on tap at the 2018 RSA Conference, taking place April 16-20 in San Francisco.

See Also: Ransomware: The Look at Future Trends

Navigating the world's largest information security event can prove challenging. Here's a quick guide to some of the more intriguing sessions

With enforcement of the EU's General Data Protection Regulation beginning May 25, the big show is offering a wealth of education about how to comply with the complex privacy law.GDPRWith enforcement of the EU's General Data Protection Regulation beginning May 25, the big show is offering a wealth of education about how to comply with the complex privacy law.

The session How to...

Hindsight, as they say, is 20/20. The axiom has never been truer than for postmortems into data breach responses.

Uber, the controversial ride-sharing company, arguably set the lowest bar after it waited a year before disclosing that hackers accessed 57 million accounts of its riders and drivers around October 2016. The breach was first disclosed in November 2017 (see Uber Concealed Breach of 57 Million Accounts for a Year).

It later emerged that Uber paid $100,000 through bug-bounty program HackerOne to the two men who discovered the leak. But the payment was positioned as a bug bounty even though the finders made extortion-like demands.

On Tuesday, Uber CISO John Flynn testified before the U.S. Senate Subcommittee on Consumer...

Last August, Symantec announced it was selling its digital security certificate business to DigiCert. It followed a long-running quarrel with Google, which alleged that loose security controls at Symantec allowed bad actors to buy TLS certificates. Such certificates, for use with Transport Layer Security, provide authentication and data encryption between servers

Counterfeit TLS certificates pose a big security risk. Fraudulent certificates issued in the name of real services could be used to support phishing scams. Fake certificates might also be used to intercept and decrypt traffic via a man-in-the-middle attack (see Microsoft Blacklists Fake Certificate).

Some malware distributors also use a legitimate certificate to sign their...