In an interview with WIRED, former secretary of defense Ash Carter discussed how to build morality into AIand make sure other countries do too.

Plus: A dark web takedown, a bitcoin scam, and more of the week’s top security news.

As tech companies scramble to tackle the extreme far-right, police and law enforcement are encasing Washington, DC, in a ring of steel.

Platforms are scrambling to avoid being used by right-wing extremists targeting the inauguration. But the seeds of this crisis were sown long ago.

WhatsApp said on Friday that it wouldn’t enforce its recently announcedcontroversial data sharing policyupdateuntil May 15. Originally set to go into effect next month on February 8, the three-month delay comes following “a lot of misinformation” about a revision to its privacy policy that allows WhatsApp to share data with Facebook, sparking widespread concerns about the exact kind of

The U.S. National Security Agency (NSA) on Friday said DNS over HTTPS (DoH) if configured appropriately in enterprise environments can help prevent “numerous” initial access, command-and-control, and exfiltration techniques used by threat actors. “DNS over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), often referred to as DNS over HTTPS (DoH), encrypts DNS requests by

Joker’s Stash, the largest dark web marketplace notorious for selling compromised payment card data, has announced plans to shut down its operations on February 15, 2021. In a message board post on a Russian-language underground cybercrime forum, the operator of the site who goes by the name “JokerStash” said “it’s time for us to leave forever” and that “we will never ever open again,“

In an interview with WIRED, the famously fired DHS official shared insights on election security, disinformation, SolarWindsand what to do about Trump.

Joyce has long worked in US cybersecurity leadership, most recently serving as the NSA’s top representative in the UK.

Joyce has long worked in US cybersecurity leadership, most recently serving as the NSA’s top representative in the UK.

Google researchers say the campaign, which booby-trapped sites to ensnare targets, was carried out by a highly sophisticated actor.

As employees moved to working from home and on mobile devices, attackers followed them and focused on weekend attacks, a security firm says.

A sprawling tactical industry is teaching American civilians how to fight like Special Ops forces. By preparing for violence at home, are they calling it into being?

Cybersecurity researchers havediscloseda series of attacks by a threat actor of Chinese origin that has targeted organizations in Russia and Hong Kong with malware including a previously undocumented backdoor. Attributing the campaign toWinnti(or APT41), Positive Technologies dated the first attack to May 12, 2020, when the APT used LNK shortcuts to extract and run the malware payload. A

Researchers detail a new threat group targeting cloud services to achieve goals aligning with Chinese interests.

Researchers find organizations struggle with availability for cloud applications as government officials warn of cloud-focused cyberattacks.

Agency provides guidelines on securely deploying DNS over HTTPS, aka DoH.

Cybersecurity researchers took the wraps off an ongoing surveillance campaign directed against Colombian government institutions and private companies in the energy and metallurgical industries. In a report published by ESET on Tuesday, the Slovak internet security company said the attacks dubbed “Operation Spalax” began in 2020, with the modus operandi sharing some similarities to an APT

New research has dug into the openings that iOS and Android security provide for anyone with the right tools.

Mimecast no longer uses the SolarWinds Orion network management software that served as an attack vector for thousands of organizations.

Huntress seeks to improve its detection and response capabilities with a more comprehensive view of endpoint security.

The premise is convenient. But the e-commerce giant’s privacy track record isn’t exactly inspiring.

Intel and Cybereason have partnered to build anti-ransomware defenses into the chipmaker’s newly announced 11th generation CorevProbusiness-class processors. The hardware-based security enhancements are baked into Intel’s vPro platform via itsHardware ShieldandThreat Detection Technology(TDT), enabling profiling and detection of ransomware and other threats that have an impact on the CPU

Microsoft today released updates to plug more than 80 security holes in its Windows operating systems and other software, including one that is actively being exploited and another which was disclosed prior to today. Ten of the flaws earned Microsoft’s most-dire “critical” rating, meaning they could be exploited by malware or miscreants to seize remote control over unpatched systems with little or no interaction from Windows users.

Ensuring the cybersecurity of your internal environment when you have a small security team is challenging. If you want to maintain the highest security level with a small team, your strategy has to be ‘do more with less,’ and with the right technology, you can leverage your team and protect your internal environment from breaches. The “buyer’s guide for securing the internal environment with a

Europol on Tuesday said it shut down DarkMarket, the world’s largest online marketplace for illicit goods, as part of aninternational operationinvolving Germany, Australia, Denmark, Moldova, Ukraine, the U.K.‘s National Crime Agency (NCA), and the U.S. Federal Bureau of Investigation (FBI). At the time of closure, DarkMarket is believed to have had 500,000 users and more than 2,400 vendors,

Mimecast said on Tuesday that “a sophisticated threat actor” had compromised a digital certificate it provided to certain customers to securely connect its products to Microsoft 365 (M365) Exchange. The discovery was made after the breach was notified by Microsoft, the London-based companysaid in an alertposted on its website, adding it’s reached out to the impacted organizations to remediate

For the first patch Tuesday of 2021, Microsoft releasedsecurity updatesaddressing a total of 83 flaws spanning as many as 11 products and services, including an actively exploited zero-day vulnerability. The latest security patches cover Microsoft Windows, Edge browser, ChakraCore, Office and Microsoft Office Services, and Web Apps, Visual Studio, Microsoft Malware Protection Engine, .NET Core

New research into the malware that set the stage for the megabreach at IT vendor SolarWinds shows the perpetrators spent months inside the company’s software development labs honing their attack before inserting malicious code into updates that SolarWinds then shipped to thousands of customers. More worrisome, the research suggests the insidious methods used by the intruders to subvert the company’s software development pipeline could be repurposed against many other major software providers.

A third piece of malware is uncovered, but there’s still plenty of unknowns about the epic attacks purportedly out of Russia.

Security researchers have disclosed a vulnerability they exploited to access more than 100,000 private employee records.

The free speech social network also allowed unlimited access to every public post, image, and video.

Microsoft patched 83 bugs, including a Microsoft Defender zero-day and one publicly known elevation of privilege flaw.

Companies continue to value security operations centers but the economics are increasingly challenging, with high analyst turnover and questions raised over return on investment.