Blog
Explore our latest blogs, where we cover everything from software security and threat modeling to compliance and risk management – covering the topics that matter to you.
Twitch Gets Gutted: All Source Code Leaked
An anonymous user posted a link to a 125GB torrent to 4chan yesterday, containing all of Twitch’s source code, comments going back to its inception...
Google Offers Rewards for Better Security in Open-Source Code
Google has launched the Secure Open Source — SOS — pilot program, seeding $1 million to the Linux Foundation to offer incentives as high as $10,000...
The High Cost of Using Free Threat Modeling Tools – Part 2
NOTE: This is part two of a three-part series on making the business case for using commercial threat modeling tools. In part one, we put a dollar...
Chinese Attackers Use New Rootkit in Long-Running Campaign Against Windows 10 Systems
A previously unknown but highly skilled Chinese-speaking cyberespionage group is using sophisticated malware to attack government and private entities...
Why Windows Print Spooler Remains a Big Attack Target
When a team of hackers believed to be from the US and Israel deployed the Stuxnet worm in 2010 to sabotage centrifuges at an Iranian...
“Combo File” Merging 3.8 Billion Phone Numbers from Clubhouse With Scraped Facebook Users Could Cause Surge in Phishing, Account Takeover Attacks
Each taken on their own, the recent leaks of basic personal contact information from Clubhouse and Facebook users were not major security concerns. A...
NSA, CISA Partner for Guide on Safe VPNs Amid Widespread Exploitation by Nation-States
The NSA and CISA have released a detailed guide on how people and organizations should choose virtual private networks (VPN) as both nation-states and...
CISA, NSA Issue Guidelines for Selecting and Securing VPNs
The NSA and CISA issued new guidelines released yesterday on VPNs. The guidance provides direction for selecting VPN solutions that follow the...
Keep Attackers Out of VPNs: Feds Offer Guidance
The NSA and CISA issued recommendations on choosing and hardening VPNs to prevent nation-state APTs from weaponizing flaws & CVEs to break into...