Breaking News



As DevOps moves to DevSecOps, there is a significant “people” component involved in the shift. Development and security teams both need to overcome their “language barriers” and understand each other’s processes and priorities. The effort is worth it because we know that (1) the consequences of neglecting software security are getting more damaging and (2) embedding security early and often in...


Source: Kaspersky (securelist.com)

Dec 08, 2017
 Download the Kaspersky Security Bulletin: Story of the year 2017 Introduction: what we learned in 2017 In 2017, the ransomware threat suddenly and spectacularly evolved. Three unprecedented outbreaks transformed the landscape for ransomware, probably forever. The attacks targeted businesses and used worms and recently leaked exploits to self-propagate, encrypting data and demanding a ransom th...

Enlarge / You might need more of this stuff if you want to use Chrome's new Site Isolation mode. Well, not this stuff exactly; it's RAM from a very obsolete VAX computer. (credit: Kevin Stanchfield) To further increase its enterprise appeal, Chrome 63—which hit the browser's stable release channel yesterday—includes a couple of new security enhancements aimed particularly at the corporate ma...


Source: Kaspersky (securelist.com)

Dec 06, 2017
Introduction – key events in 2017 2017 was a year of great changes in the world of cyberthreats facing financial organizations. Firstly, in 2017 we witnessed a continuation of cyberattacks targeting systems running SWIFT — a fundamental part of the world’s financial ecosystem. Attackers were able to use malware in financial institutions to manipulate applications responsible for cross-border t...

We recently published the State of Software Security Developer Guide, based on real application security testing data. Among the key takeways, the data in the report offers strong evidence that eLearning, security training, and DevSecOps practices have a positive effect on developers' effectiveness at fixing flaws in their code. In this episode of the AppSec in Review podcast, Evan Schuman and...


Source: Kaspersky (securelist.com)

Dec 05, 2017
Introduction The end of the year is a good time to take stock of the main cyberthreat incidents that took place over the preceding 12 months or so. To reflect on the impact these events had on organizations and individuals, and consider what they could mean for the overall evolution of the threat landscape. Looking back over 2017, what stands out most is the growing number of blurred boundarie...

The importance of application security has increased dramatically over the past couple of years in the face of rising threats. Meanwhile, software development is changing fast, with continuous delivery and DevOps adoption continuing to grow. It seems inevitable that the we'll be talking more and more in the coming year about securing DevOps and DevSecOps. As we enter 2018, it’s a good time to ...


Source: Veracode.com

Dec 02, 2017
About a year ago, attackers managed to tap into thousands of IoT devices to create a botnet infected with Mirai malware and wreak havoc on some major websites. This Mirai botnet, made up of 100,000 IoT devices from DVRs to security cameras, unleashed a massive DDoS attack on DNS provider Dyn, which brought down dozens of websites, including Twitter, Spotify, Netflix and The New York Times.  Th...