Drupal Releases Security Update

Original release date: August 02, 2018

Drupal has released a security update addressing a vulnerability in Drupal 8.x. A remote attacker could exploit this vulnerability to take control of an affected system.NCCIC encourages users and administra…

Original release date: August 02, 2018

Drupal has released a security update addressing a vulnerability in Drupal 8.x. A remote attacker could exploit this vulnerability to take control of an affected system.

NCCIC encourages users and administrators to review Drupal's Security Advisory and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.


Heads-up: 2FA provider Duo Security to be acquired by Cisco (ugh)

Enlarge / Artist’s impression of how this deal feels from this author’s chair. (credit: Getty Images / Gary Hanna / Lee Hutchinson)
US-based two-factor authentication provider Duo Security announced this morning that it is in talks to be acquired by…

Enlarge / Artist's impression of how this deal feels from this author's chair. (credit: Getty Images / Gary Hanna / Lee Hutchinson)

US-based two-factor authentication provider Duo Security announced this morning that it is in talks to be acquired by networking giant Cisco. According to Duo’s press release, Duo will become a “business unit” under Cisco’s Security Business Group, and current Duo CEO Dug Song will become the unit’s general manager.

Ars is a happy Duo customer, and we use the product extensively to apply 2FA to a variety of our internal services; beyond that, several Ars staffers (myself included) use Duo’s free tier to wrap 2FA around our own personal stuff, like Linux PAM authentication and Mac/Windows logins. Duo’s flexibility and ease of use has been a huge driver of success for the company, which says it has about 12,000 customers.

But the worry here is that Cisco is going to murder the golden goose—and, as a former Cisco customer, I’m struggling to feel anything but dread about all the ways in which this acquisition might kill everything that’s good about Duo.

Read 18 remaining paragraphs | Comments

FBI Releases Article on Securing the Internet of Things

Original release date: August 02, 2018

The Federal Bureau of Investigation (FBI) has released an article on the risks associated with internet-connected devices, commonly referred to as the Internet of Things (IoT). FBI warns that cyber threat a…

Original release date: August 02, 2018

The Federal Bureau of Investigation (FBI) has released an article on the risks associated with internet-connected devices, commonly referred to as the Internet of Things (IoT). FBI warns that cyber threat actors can use unsecured IoT devices as proxies to anonymously pursue malicious cyber activities.

As our reliance on IoT becomes an important part of everyday life, being aware of the associated risks is a key part of keeping your information and devices secure. NCCIC encourages users and administrators to review the FBI article for more information and refer to the NCCIC Tip Securing the Internet of Things.


This product is provided subject to this Notification and this Privacy & Use policy.