A study on the state of software security released today by CA Veracode evidenced improvements in DevOps security, suggesting that DevSecOps is facilitating better security and efficiency. While the report shows promise on the development side, it also analyzed flaw persistence and measured the longevity of flaws after the initial discovery. Though software security is improving,
Have you recently tried to ditch a mobile app, only to have it keep following you around? If so, you may be a victim of a new crop of uninstall trackers that go beyond letting app developers track bugs and poor user experience: they also let developers track app users “the instant” they give them the
Cybersecurity firm FireEye claims to have discovered evidence that proves the involvement of a Russian-owned research institute in the development of the TRITON malware that caused some industrial systems to unexpectedly shut down last year, including a petrochemical plant in Saudi Arabia. TRITON, also known as Trisis, is a piece of ICS malware designed to
While data breaches result in huge losses for the victims, criminals are cashing out on fraudulent purchases by working with deceitful communities that offer such services as shipping labels, according to Flashpoint. In today’s blog post, “Drop Networks, Label-Creation Services Sustain Shipments of Fraudulent Purchases,” analysts Luke Rodeheffer and Mike Mimoso detail the mechanics, methods
by John E Dunn Drupal’s maintainers have handed users of the popular content management system (CMS) some urgent patching homework in the form of five security vulnerabilities, including two rated ‘critical’. The headline here is simple: do not ignore Drupal updates or they’re likely to come back and bite you. Two critical flaws Both critical
SoftBank Group has become the latest high profile technology business to drop out of an investment conference in Saudi Arabia following the snowballing global outcry over the killing of journalist, Jamal Khashoggi. The Wall Street Journal reports the last minute cancelation by CEO Masayoshi Son of a speaking engagement at the Future Investment Initiative conference which opens in
Late last week, members of the congressional staff had an opportunity to engage in cybersecurity training through the hands-on exercises brought to them, quite literally, by IBM’s X-Force command cyber-tactical operations center (C-TOC) – a first-of-its-kind mobile security operations center. With a focus on delivering response training and preparedness, onsite cybersecurity support and education and awareness,
Every now and again security researchers stumble on the sort of bad security flaw that reminds us how innocuous-looking aspects of web development can suddenly turn dangerously hostile. An unnerving example is a vulnerability that Akamai’s Larry Cashdollar stumbled on earlier this year after encountering the hugely popular file upload plugin, jQuery File Upload, used
The solution to password recycling may be easier to implement than previously thought, according to a recent paper Mandating longer and more complex passwords reduces the likelihood that users will reuse them across multiple online services, researchers have found. A team of three academics from Indiana University set out to examine the impact of prescribing
A four-year-old severe vulnerability has been discovered in the Secure Shell (SSH) implementation library known as Libssh that could allow anyone to completely bypass authentication and gain unfettered administrative control over a vulnerable server without requiring a password. The security vulnerability, tracked as CVE-2018-10933, is an authentication-bypass issue that was introduced in Libssh version 0.6
Security researcher Peter Winter-Smith discovered a four-year-old authentication bypass vulnerability in the server code of libssh versions 0.6 and above. According to Winter-Smith’s tweet, “The root cause is that the libSSH server and client share a state machine, so packets designed only to be processed by and update the client state can update the server
Today McAfee, the device-to-cloud cybersecurity company, announced the winners of its distinguished Partner Awards. The awards ceremony, hosted at McAfee’s Americas Partner Summit in Las Vegas, recognized partners who demonstrated the embodiment of three foundational pillars of the McAfee Partner Program: strategic relationships, profitable partnerships and driving better customer outcomes. Partners received awards based on
A security researcher has discovered several critical vulnerabilities in one of the most popular embedded real-time operating systems—called FreeRTOS—and its other variants, exposing a wide range of IoT devices and critical infrastructure systems to hackers. What is FreeRTOS (Amazon, WHIS OpenRTOS, SafeRTOS)? FreeRTOS is a leading open source real-time operating system (RTOS) for embedded systems
An explosive report in The New York Times this weekend sheds new light on the apparent targeting of Twitter accounts by “state-sponsored actors” three years ago. It comes in the wake of the confirmed death of Washington Post journalist Jamal Khashoggi on Friday, two weeks after he disappeared in the Saudi consulate in Istanbul. Khashoggi
A survey of nearly 200 financial services compliance individuals conducted throughout February and March 2018 found that organizations are struggling to keep pace with evolving technologies and have fallen behind when it comes to oversight of electronic communications, according to Smarsh. Results of the 40-question survey were released this week in the Electronic Communications Compliance Survey