Breaking News




Source: Kaspersky (securelist.com)

Sep 16, 2016
We have already seen some cryptor attacks where malicious programs with different functions have been used in combination. For example, one version of the Shade cryptor checks victim computers for signs of accounting activity; if it finds any, it doesn’t encrypt the files, but instead installs remote control tools in the infected system. The bot can then be used by cybercriminals to steal money...


Source: Kaspersky (securelist.com)

Sep 16, 2016
In the previous article, we described the mechanisms used by Trojan-Banker.AndroidOS.Gugi.c to bypass a number of new Android 6 security features. In this article, we review the entire Gugi mobile-banking Trojan family in more detail. The use of WebSocket by Gugi The mobile-banking Trojan family, Trojan-Banker.AndroidOS.Gugi is interesting due to its use of the WebSocket protocol to interact wi...


Source: Kaspersky (securelist.com)

Sep 16, 2016
A few days ago we reported to Google the existence of a new malicious app in the Google Play Store. The Trojan presented itself as the “Guide for Pokémon Go”. According to the Google Play Store it has been downloaded more than 500,000 times. Our data suggests there have been at least 6,000 successful infections, including in Russia, India and Indonesia. However, since the app is oriented toward...


Source: Kaspersky (securelist.com)

Sep 16, 2016
The concept of a smart city involves bringing together various modern technologies and solutions that can ensure comfortable and convenient provision of services to people, public safety, efficient consumption of resources, etc. However, something that often goes under the radar of enthusiasts championing the smart city concept is the security of smart city components themselves. The truth is t...


Source: Veracode.com

Sep 16, 2016
The rapid adoption of DevOps practices in the enterprise has forced a lot of CISOs to rethink their security play books. Gone are the days of testing for security once software engineers are done developing a piece of software. With rapid iterations and continuous delivery of software there is no "done" anymore. Additionally, the fast-paced DevOps model gives engineers the power to provision t...

As strategic and essential as enterprise security is today, it is still, at its most fundamental level, an afterthought. We take the OS, apps, databases, network controls as they are given to us, and then we try and Band-Aid on top of it the best security we can. We use firewalls and filters and VPN tunnels and encryption to try and limit the damage software vulnerabilities can do. As a practi...


Source: Veracode.com

Sep 16, 2016
This post was originally published on May 2, 2016 at: https://thatsjet.com/2016/05/02/securing-the-sdlc/ I had the opportunity to speak last week at my local ISSA chapter on the topic of Securing the Software Development Lifecycle. Given the interest it generated among the attendees I realized that this is a topic for MUCH further discussion worthy of at least a few blog posts on thatsjet.com....

If you’ve ever wrapped a gift and ended up with a big stripe of the box showing down the middle, you know “measure twice, cut once” is a popular saying for a reason. The need to give equal attention to measuring and doing holds true for a plethora of activities and industries, and application security (AppSec) is no exception. You can implement all the latest and greatest AppSec tools, technol...