This site uses cookies to improve your experience. To help us insure we adhere to various privacy regulations, please select your country/region of residence. If you do not select a country, we will assume you are from the United States. Select your Cookie Settings or view our Privacy Policy and Terms of Use.
Cookie Settings
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Used for the proper function of the website
Used for monitoring website traffic and interactions
Cookie Settings
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Strictly Necessary: Used for the proper function of the website
Performance/Analytics: Used for monitoring website traffic and interactions
One of my side projects is as an adviser and panelist for the non-profit Internet Bug Bounty (IBB). We recently added Adobe Flash Player as in scope for rewards. Earlier today, David Rude collected $10,000 for a vulnerability recently fixed in APSB13-28. My thoughts on this are too long to fit into a tweet, so I summarize them here: This shows that the IBB is serious about rewarding research which makes us all safer. $10,000 is a respectable reward by modern bug bounty program standards.
Heartbleed (CVE-2014-0160) is a vulnerability with a CVSSv2 base score of only 5.0/10.0. Though its CVSS score is relatively low, Heartbleed has definitely been one of the most severe security events the Internet has never seen. It is found in the Open SSL cryptographic software library, which is omnipresent on the Internet, and it exploits a buffer over-read weakness in the library, a situation where more data can be read than should be allowed ( [link] ).
Squash the Bugs with Kali 1.0.9a Over the past couple of weeks, we’ve seen a bunch of nasty bugs hit the scene, from shellshock to Debian apt vulnerabilities. As we prefer not to ship vulnerable ISOs, we’ve rolled up new images for our Kali Linux and NetHunter releases as well our Amazon AWS images with the relevant security fixes in place.
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Spinbackup is a premier Cloud-to-Cloud Backup Cloud Cybersecurity solutions provider for G Suite and Office 365. The company is an authorized Google Partner featured on the G Suite Marketplace, and an Advanced Technology Partner of Amazon. Over 1,000 organizations with more than 150,000 G Suite users and 20,000 individual Google users currently rely on Spinbackup. […] The post Cloud Data Protection Investment for Spinbackup first appeared on SpinOne.
The Security Assessment Wizard — a new tool from CompTIA currently available to premier members — lets you walk customers and prospective clients through the gaps in their security profile. Using the tool positions you as a security expert attuned to the needs of business while simultaneously positioning you for sales. It’s an easy button we can all use.
AddressSanitizer, or ASAN , is an excellent tool for detecting subtle memory errors at runtime in C / C++ programs. It is now a productionized option in both the clang and gcc compilers, and has assisted in uncovering literally thousands of security bugs. ASAN works by instrumenting compiled code with careful detections for runtime errors. It is primarily a detection tool.
Win32/VirLock is ransomware that locks victims screens but also acts as parasitic virus, infecting existing files on their computers. The virus is also polymorphic, which makes it an interesting piece of malware to analyze. This is the first time such combination of malware features has been observed.
As regular readers will know, every year we publish our predictions on cybercrime attacks for the year ahead. Well, our South American research team has spent the last few weeks putting together our predictions for 2015.
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Today, we are publishing research on ransomware that emerged in 2014. We have posted blog articles about this threat before, to raise awareness when we realized the criminals were targeting the United Kingdom and Spain.
Security experts at ESET have released their latest research into the notorious TorrentLocker malware, which has infected thousands of computer systems around the world, taking data hostage and demanding a ransom be paid to ensure its safe return.
Private data such as addresses and social security numbers can be just as valuable to cybercriminals as valid credit card details can be to thieves - if not more so. Lock yours down with our tips.
It's easy to imagine that ALL connected devices - from fridges to CCTV cameras - are a security nightmare, but there are simple, sensible steps you can take to lock these risks down.
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
If you’re a security researcher or penetration tester you’re probably already well aware of the extensive array of tools available to help you. OpenVAS , Qualys, Nessus, Arachni, Burp, Wapiti, Skipfish, w3af … the list goes on and on. Choosing which tool to use may not be a simple task and should wind up raising even more questions to be answered. What are you looking to accomplish?
Microsoft released a patch last week for a critical vulnerability allowing remote code execution in Internet Explorer. This vulnerability is significant because it exploits an old bug present in Internet Explorer versions 3 through 11.
Privacy and security online are hot button topics in America today, as a new survey by the Pew Research Center confirms, mirroring similar results from two different privacy and security surveys conducted by ESET.
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
APT actors trying to use big events as a lure to compromise their targets is nothing new. Tibetan NGOs being targeted by APT actors is also nothing new. Thus, surrounding the upcoming G20 2014 summit that is held in Brisbane, Australia, we were expecting to see G20 themed threats targeted at Tibetan NGOs. A Win32/Farfli (alias Gh0st RAT) sample ultimately confirmed our suspicions.
The Sednit espionage group, also known as the Sofacy group, APT28 or Fancy Bear, has been targeting various institutions for many years. We recently discovered a component the group employed to reach physically isolated computer networks -- air-gapped networks -- and exfiltrate sensitive files from them through removable drives.
Mobile payments look set to be one of the defining technologies of 2015, as the launch of Apple Pay catalyses a boom in cardless payments - both from Apples own system, and rivals playing catch-up.
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Last month, we presented The Evolution of Webinject in Seattle at the 24th Virus Bulletin conference. This blog post will go over its key findings and provide links to the various material that has been released in the last few weeks.
Malware or malicious computer code has been around in some form or other for over 40 years, but the use of malware to take control of a group of computers that are then organized into something called a botnet is more a twenty-first century phenomenon.
Many of us have moments when we need, or want, to be more private online - when searching for a new job, for instance, or when having a private business conversation.
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Google security researchers Bodo Moller, Thai Duong and Krzysztof Kotowicz recently uncovered a vulnerability in SSL 3.0 that could allow secure connections to be compromised by attackers. The researchers are calling the attack POODLE, or Padding Oracle On Downgraded Legacy Encryption. “SSL 3.0 is nearly 18 years old, but support for it remains widespread,” Moller wrote in a blog post describing the issue. “Most importantly, nearly all browsers support it and, in order to
Since October 2012, the European Cyber Security Month is going live as a pilot plan across Europe. Inspired by the concept of other similar projects that were successfully implemented around the globe. One of them is the Stop. Thinking. Connect campaign supported by the National Cyber Security Awareness Month in the United States.
In this post we provide additional information on how a specially crafted PowerPoint slideshow file (.PPSX) led to the execution of a BlackEnergy dropper.
For any security-conscious user, there are a few things worth remembering once you have secured that crucial invitation - we offer a few tips on how to get the most from the emoji-heavy network here.
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
We organize all of the trending information in your field so you don't have to. Join 28,000+ users and stay up to date on the latest articles your peers are reading.
You know about us, now we want to get to know you!
Let's personalize your content
Let's get even more personalized
We recognize your account from another site in our network, please click 'Send Email' below to continue with verifying your account and setting a password.
90 
Let's personalize your content