Princeton University researchers conclude that website analytic services have been unintentionally collecting passwords in session replays.
An Adobe Flash bug patched earlier this month has resurfaced in malicious Microsoft Word files as criminals seek to repurpose the exploit against vulnerable systems.
The root of the cryptojacking attack the Los Angeles Times sustained this month appears to have been an unsecured AWS S3 bucket.
CrowdStrike released its 2018 Global Threat Report yesterday. Among the findings are the rise of supply chain compromise and cryptocurrency related fraud as significantly expanded attack vectors. Another interesting finding is the speed with which successful attackers are able to pivot laterally from an initial compromise: just under two hours.
Haystax this morning released its 2018 insider threat predictions. They see ordinary employees eclipsing privileged users as insider risks, and they see behavioral monitoring becoming "the new normal."
The trials of two accused NSA leakers get stickier for the prosecution. Reality Winner wants her confession to stealing and leaking classified documents suppressed on the grounds that she was improperly Mirandized by the FBI agents who interviewed her. She also appears to be positioning herself as a whistleblower.
In the case of Hal Martin (whose lawyers are defending him as an eccentric packrat), the Federal judge presiding has asked prosecution and defense whether the Government needs to show that Mr. Martin knew that specific documents he allegedly took contained national defense information. The sheer volume of classified material allegedly recovered from his home may give the prosecution difficulty.