Breaking News



It certainly has taken long enough, but it seems like non-tech media outlets have figured out that applications make wonderful entry points for cyberthieves. Given the layers of complexity that many enterprise apps feature today, it's hardly surprising that they boast massive security holes. That message seems to be finally sinking in. Consider just a few recent media reports, from NBC News on...


Source: Ars Technica Security RSS

Oct 08, 2016
Putin us on. (credit: Presidential Press and Information Office) The Office of the Director of National Intelligence and the Department of Homeland Security today jointly charged that the Russian government was responsible for directing a series of intrusions into the networks of US political organizations and state election boards. In a “joint security statement,” officials from the two age...


Source: Veracode.com

Oct 07, 2016
It’s a special time of year for sports fans like me. After a great summer featuring the Olympics and the Euro Cup, it’s time once again for the Major League Baseball playoffs, while both of my favorite football leagues (NFL and Premier League) are well underway for the season. One of the things I love about sports is they seem to offer so many parallels to other aspects of life, including our ...

Fake bear dump. (credit: Stewart Butterfield) A pattern of mischaracterization, misrepresentation, and outright alteration of breached data has emerged in two of the latest headline-grabbing batches of hacked files. Investigators discovered that recently published data from anti-doping testing at the 2016 Olympics in Rio de Janeiro had been altered by parties connected to a Russia-based hack...


Source: Kaspersky (securelist.com)

Oct 06, 2016
 Download the full report (PDF) As a new VirusBulletin is upon us, it’s once again time to deep dive into interesting topics in anti-malware research. This time around, we’ve chosen to focus on attribution in APT research, its methods and complications, and how intermediate-to-advanced attackers are already manipulating attribution indicators in an attempt to mislead researchers and squander li...

October is National Cyber Security Awareness Month (NCSAM), a commendable public-private initiative focused on training businesses and users in practicing better digital hygiene. If there’s one drawback to awareness programs like NCSAM, it’s the potential for awareness to spike in the short-term and fall off in the long-term. Without follow-up training and continuous learning, security awarene...


Source: Veracode.com

Oct 06, 2016
I am not a developer, I’m a writer. However, it has become clear to me that these two professions have more in common than I had originally thought. Really, we are doing the same thing - just in different languages, and to different ends. The gratification that comes from starting with a blank page, building something that didn't exist before, and achieving a purpose, is the same. I write quic...


Source: Veracode.com

Oct 05, 2016
Veracode’s mission is to secure the software that powers the world.   And one of the most interesting parts of working here, is that in order to achieve that goal, we get to learn about the entire spectrum of computing technologies.  I think of enterprise software landscapes as similar to evolutionary biology.  There are generations and generations of different technologies all coexisting toge...