Breaking News




Source: Kaspersky (securelist.com)

Sep 19, 2017
In the field of information security, sandboxes are used to isolate an insecure external environment from a secure internal environment (or vice versa), to protect against the exploitation of vulnerabilities, and to analyze malicious code. At Kaspersky Lab, we have several sandboxes, including an Android sandbox. In this article, we will look at just one of them that was customized to serve the...

As software increasingly plays a critical role in how organizations conduct business, we are seeing two trends emerge: 1. Organizations want more software produced faster. 2. Cyberattackers are finding software a more attractive target. For developers, all the above means that their jobs are changing. The need to get software out the door faster has led to a shift to DevSecOps – where software...


Source: Kaspersky (securelist.com)

Sep 18, 2017
A little while back we were investigating the malicious activities of the Freakyshelly targeted attack and came across spear phishing emails that had some interesting documents attached to them. They were in OLE2 format and contained no macros, exploits or any other active content. However, a close inspection revealed that they contained several links to PHP scripts located on third-party web r...

We’re pleased to announce that our colleague Colin Domoney, a consultant solutions architect for Veracode, was recently nominated for a Security Leader of the Year award. Organised by Information Age, Tech Leaders Awards is Britain's flagship celebration of tech leaders, honouring those at the forefront of disruption and innovation and playing a central role in driving business value with tech...


Source: Veracode.com

Sep 16, 2017
As important as application security testing is, it's really just the first step in a continuous process to identify and fix flaws. And, depending on your application, you may have hundreds of flaws which require remediation. Some of the most common questions I hear when consulting with customers, particularly new customers, are, “how can I make sure I’m remediating the flaws I find,” followed...

The days of security and development working side by side in separate silos are over. With the DevOps-induced security “shift left,” security testing now falls in the realm of the developer, and leaves security in more of an enabling, rather than enforcing, role. And this new role requires a new understanding of developer priorities and processes. The security function cannot be effective in a...


Source: Ars Technica Security RSS

Sep 15, 2017
Enlarge / The Trusted Execution Environment means that even if the application and operating system are compromised, the green code and data can't be accessed. (credit: Microsoft) Microsoft announced Thursday a new feature coming to its Azure cloud platform named "Confidential Compute." The feature will allow applications running on Azure to keep data encrypted not only when it's at rest (in...


Source: Ars Technica Security RSS

Sep 14, 2017
Enlarge / Kaspersky Lab CEO and Chairman Eugene Kaspersky speaks at a conference in Russia on July 10, 2017. (credit: Anton NovoderezhkinTASS via Getty Images) The Department of Homeland security ordered government agencies to stop using any software products made by Kaspersky Lab today. Officials cited concern about possible ties between Kaspersky officials and Russian intelligence. Agencie...