Breaking News



Enlarge (credit: Mission Impossible) The Tor Project recently announced the release of its prototype for a Tor-enabled smartphone—an Android phone beefed up with privacy and security in mind, and intended as equal parts opsec kung fu and a gauntlet to Google. The new phone, designed by Tor developer Mike Perry, is based on Copperhead OS, the hardened Android distribution profiled first by Ar...


Source: Kaspersky (securelist.com)

Nov 21, 2016
In the book The Hitchhiker’s Guide to the Galaxy there’s a character called the Babel fish, which is curiously able to translate into and from any language. Now, in the present-day world, the global cybersecurity industry speaks one language – English; however, sometimes you really do wish there was such a thing as a Babel fish to be able to help customers understand the true meaning of the mar...


Source: Ars Technica Security RSS

Nov 21, 2016
(credit: Ben Hudson) Symantec, one of the biggest consumer computer security firms in the world, is about to become even bigger with plans to buy LifeLock—an identity-theft protection service. The proposed $2.3 billion (£1.86 billion) deal has been okayed by the boards of directors of both companies, and is expected to close in the first quarter of 2017, pending regulatory approval. LifeLoc...


Source: Ars Technica Security RSS

Nov 19, 2016
Enlarge Almost three million Android phones, many of them used by people in the US, are vulnerable to code-execution attacks that remotely seize full control of the devices, researchers said Thursday. Until recently, the flaw could have been exploited by anyone who took the time to obtain two Internet domains that remained unregistered despite being hardwired into the firmware that introduc...


Source: Veracode.com

Nov 18, 2016
The subject of Risk is an old topic in Program and Project Management circles, identifying risks and developing strategies is the vision of success or the apparition of failure.  There are thousands of floors of compliance personnel developing Risk Strategies around the world, multiples of those floors for single companies! The benefits of developing a working Risk Strategy in Application Secu...


Source: Veracode.com

Nov 18, 2016
Identifying the scope of Risk for an Application Security Program is not as difficult a task as it seems. Risk Strategies for network, server and desktop environments exist in almost every company and working with the compliance group is a great starting point.  If you do not have the assistance of a compliance group then there are some great resources out there, at Veracode the Security Progr...

We recently surveyed 308 security professionals in the US and UK tasked with application security to find out their top AppSec concerns, stumbling blocks and tactics. Their biggest AppSec concern? Overwhelmingly, it was reducing the risk of attacks while building, buying and integrating more software than ever. A majority (58 percent) of survey respondents cited this as a concern. Across regio...


Source: Kaspersky (securelist.com)

Nov 16, 2016
 Download the PDF Yet another year has flown past and, as far as notable infosec happenings are concerned, this is one for the history books. Drama, intrigue and exploits have plagued 2016 and, as we take stock of some of the more noteworthy stories, we once again cast our gaze forward to glean the shapes of the 2017 threat landscape. Rather than thinly-veiled vendor pitching, we hope to ground...