Michael Heller
TechTarget
Cincinnati, OH, United States
Contact Michael
Discover and connect with journalists and influencers around the world, save time on email research, monitor the news, and more.
| Recent: |
|
| Past: |
|
Past articles by Michael:
URGENT/11 VxWorks vulnerabilities affect millions of devices
Security researchers disclosed the set of URGENT/11 VxWorks vulnerabilities and claimed they affected more than 200 million devices in enterprise and critical infrastructure. VxWorks developer Wind River Systems disagreed with that characterization. → Read More
Google: Triada backdoors were pre-installed on Android devices
Google used security researchers' work and cooperatedwith hardware partners abroad to remove Triada adware after it was preinstalled on budget Android phones via a supply chain attack. → Read More
Defense Department eyes behavioral biometrics with new contract
With a new contract, the Department of Defense and Twosense.AI will work on a new behavioral biometrics system to replace the Common Access Card IDs currently used in the DoD. → Read More
Huawei bans set to continue, despite lack of supporting evidence
A German investigation found no evidence of Huawei spying, but Huawei bans appear set to continue. And one expert said the actions may be due to the basic architecture of 5G networks. → Read More
Marriott discloses Starwood data breach affecting 500 million guests
A Marriott Starwood data breach that spanned 2014 to 2018 saw data on 500 million guests compromised, including passport information for about 327 million of those customers. → Read More
Compromised NPM package highlights open source trouble
A targeted attack attempting to steal cryptocurrency took advantage of open source software with a compromised NPM package and experts say the issue highlights the need for enterprises to audit code. → Read More
Bleedingbit vulnerabilities put Wi-Fi access points at risk
Researchers say Bleedingbit vulnerabilities could allow remote code execution on wireless access points, medical devices and any other products using the affected Bluetooth chips. → Read More
The first sandboxed antivirus is Windows Defender
Microsoft made Windows Defender's Insider version for Windows 10 the first sandboxed antivirus solution in an effort to harden the software, which Microsoft said is a high-value target for attacks. → Read More
WebExec vulnerability leaves Webex open to insider attacks
A flaw in Cisco Webex -- called WebExec -- can allow remote code execution. And while experts don't agree on how dangerous the issue is, the researchers who found it said it's easier to exploit than detect. → Read More
Facebook breach affected nearly 50 million accounts
A Facebook breach affecting nearly 50 million accounts has been made public, and although the description makes it sound like accounts were accessed, it is unclear what data attackers may have obtained. → Read More
Reddit breach sparks debate over SMS 2FA
A Reddit breach was discovered to be due to an attacker compromising the SMS two-factor authentication used by employees, sparking a debate over using that 2FA method. → Read More
Physical security keys eliminate phishing at Google
Following a requirement for Google employees to use physical security keys, successful phishing attempts were completely eliminated, at least in part, because of the ease of U2F. → Read More
Vendor admits election systems included remote software
Election system security put into question again as a vendor admitted to Sen. Ron Wyden that it had installed remote access software on systems over the course of six years. → Read More
Critical Cisco ASA vulnerability patched against remote attacks
A critical new Cisco ASA vulnerability in the VPN earned a 10.0 rating on CVSS and could allow remote code execution or denial of service attacks. → Read More
Electron framework flaw puts popular desktop apps at risk
Popular apps like Slack inherited a remote code execution flaw from the Electron framework -- the platform used to create desktop apps using web code. → Read More
CIA attributes NotPetya attacks to Russian spy agency
Russia's GRU foreign intelligence agency was responsible for creating and launching the NotPetya attacks against Ukraine, according to the CIA. → Read More
Huge coordinated vulnerability disclosure needed for Meltdown
A massive coordinated vulnerability disclosure was required for the Meltdown and Spectre CPU flaws, now remediation concerns remain. → Read More
Flawed Keeper password manager preinstalled on Windows 10
The Keeper password manager browser extension that comes preinstalled on Windows 10 systems has a flaw that could allow for credential theft. → Read More
Emergency Microsoft patch out for Malware Protection Engine
Expert claims clumsy handling of an emergency Microsoft patch released out-of-band for a critical flaw in the Malware Protection Engine. → Read More
SAVE Act attempts to bolster election security
Senators introduced the SAVE Act, a bipartisan election security bill, in hopes of aiding states in protecting voting infrastructure from future cyberattacks. → Read More