Breaking News




Source: Veracode.com

Sep 16, 2016
As we outlined in the previous blog post, DevOps is in danger of not being properly secured unless it adopts technologies specifically designed for that purpose. Traditional application security technologies were not designed to work in a DevOps environment. Even from DevOps name, it is obvious, that DevOps-enabling tools should be designed for Development and Operations specialists. And for s...


Source: Ars Technica Security RSS

Sep 16, 2016
Enlarge (credit: Apple) Late last week, Apple released iOS 9.3.5 to patch three zero-day bugs that could be used to access personal data on an infected phone. Dubbed "Trident," the bugs were used to create spyware called Pegasus that was used to target at least one political dissident in the United Arab Emirates. Today, Apple has released updates for Safari 9 and OS X El Capitan and Yosemit...


Source: Ars Technica Security RSS

Sep 16, 2016
Enlarge / If you haven't changed your password for Last.fm since 2012, it's long past time—the passwords are now easily grabbed from the Internet. The contents of a March 2012 breach of the music tracking website Last.fm have surfaced on the Internet, joining a collection of other recently leaked "mega-breaches" from Tumblr, LinkedIn, and MySpace. The Last.fm breach differs from the Tumblr ...


Source: Ars Technica Security RSS

Sep 16, 2016
The latest version of OpenOffice. OpenOffice, once the premier open source alternative to Microsoft Office, could be shut down because there aren't enough developers to update the office suite. Project leaders are particularly worried about their ability to fix security problems. An e-mail thread titled, "What would OpenOffice retirement involve?" was started yesterday by Dennis Hamilton, v...


Source: Ars Technica Security RSS

Sep 16, 2016
Enlarge (credit: Ildar Sagdejev) In August 2011, multiple servers used to maintain and distribute the Linux operating system kernel were infected with malware that gave an unknown intruder almost unfettered access. Earlier this week, the five-year-old breach investigation got its first big break when federal prosecutors unsealed an indictment accusing a South Florida computer programmer of c...

(credit: Marc Falardeau) Another major site breach from four years ago has resurfaced. Today, LeakedSource revealed that it had received a copy of a February 2012 dump of the user database of Rambler.ru, a Russian search, news, and e-mail portal site that closely mirrors the functionality of Yahoo. The dump included usernames, passwords, and ICQ instant messaging accounts for over 98 million...


Source: Ars Technica Security RSS

Sep 16, 2016
Enlarge / The US Navy Bombe used during World War II to break Germany's Enigma encryption system. (credit: National Security Agency) When you're an applied cryptographer, teaching your preteen daughters what you do for a living isn't easy. That's why Justin Troutman developed PocketBlock, a visual, gamified curriculum that makes cryptographic engineering fun. In its current form, PocketBlock...

OPM officials did nearly everything wrong as far as security goes and then lied about it, House Oversight Committee Republicans said in a final report on the OPM breach. (credit: Photo illustration by Sean Gallagher, based on image by Colin) A report from the Republican majority on the House Oversight and Government Reform Committee published today places blame for the 2014 and 2015 data bre...