Breaking News




Source: Veracode.com

Sep 30, 2016
Can it really happen? The Hollywoodesque version of cyber voter fraud would go like this – an enemy nation state would support the candidate they felt best represents their interest. This government would possibly find ways to infuse money into the candidate’s campaign. Not content with simply influencing the election with illegal campaign funds and propaganda, the nation state would hack int...


Source: Ars Technica Security RSS

Sep 30, 2016
Enlarge (credit: Antoine Taveneaux) A controversial broker of security exploits is offering $1.5 million (£1.2 million) for attacks that work against fully patched iPhones and iPads, a bounty that's triple the size of its previous one. Zerodium also doubled, to $200,000, the amount it will pay for attacks that exploit previously unknown vulnerabilities in Google's competing Android operating...

With the wrong approach, your AppSec solution could go the way of your treadmill – a great piece of equipment, but not really producing results. Keep in mind that technology is only one part of an AppSec solution, and a technology-focused AppSec plan will end up like your technology-focused New Year’s resolution: a dust-coated treadmill with clothes draped all over it. The equipment is only on...


Source: Ars Technica Security RSS

Sep 29, 2016
Last week, security news site KrebsOnSecurity went dark for more than 24 hours following what was believed to be a record 620 gigabit-per-second denial of service attack brought on by an ensemble of routers, security cameras, or other so-called Internet of Things devices. Now, there's word of a similar attack on a French Web host that peaked at a staggering 1.1 terabits per second, more than ...


Source: Ars Technica Security RSS

Sep 28, 2016
Enlarge The organization that develops Firefox has recommended the browser block digital credentials issued by a China-based certificate authority for 12 months after discovering it cut corners that undermine the entire transport layer security system that encrypts and authenticates websites. The browser-trusted WoSign authority intentionally back-dated certificates it has issued over the p...


Source: Veracode.com

Sep 27, 2016
At Black Hat 2016, Thycotic conducted a survey of both self-identified white hat and black hat hackers. In part, the survey found that more than 75 percent of respondents believe no password is safe from hackers or the government, and nearly half said they would be willing to hack your password for a fee if asked by the FBI. It’s yet another bad rap on passwords, which have been the security g...


Source: Ars Technica Security RSS

Sep 27, 2016
A social hangout website for teenage girls has sprung a leak that's exposing plaintext passwords protecting as many as 5.5 million user accounts. As this post went live, all attempts to get the leak plugged had failed. Operators of i-Dressup didn't respond to messages sent by Ars informing them that a hacker has already downloaded more than 2.2 million of the improperly stored account credent...


Source: Ars Technica Security RSS

Sep 27, 2016
The Linux kernel today faces an unprecedented safety crisis. Much like when Ralph Nader famously told the American public that their cars were "unsafe at any speed" back in 1965, numerous security developers told the 2016 Linux Security Summit in Toronto that the operating system needs a total rethink to keep it fit for purpose. No longer the niche concern of years past, Linux today under...