Breaking News




Source: Kaspersky (securelist.com)

Jul 05, 2018
Way back in 2013 our malware analysts spotted the first malicious samples related to the Trojan-Ransom.Win32.Rakhni family. That was the starting point for this long-lived Trojan family, which is still functioning to this day. During that time the malware writers have changed: the way their Trojans get keys (from locally generated to received from the C&C); the algorithms used (from using...

The enterprise challenge in generating secure code is well known: as software becomes a competitive advantage and customers expect regular updates, the need to release new features and content frequently often trumps the need to release secure code. Although that's a true conflict, it's not the full story. Psychology can play almost as big a role, with security teams often perceived by develop...


Source: Kaspersky (securelist.com)

Jul 03, 2018
In late April we found and wrote a description of CVE-2018-8174, a new zero-day vulnerability for Internet Explorer that was picked up by our sandbox. The vulnerability uses a well-known technique from the proof-of-concept exploit CVE-2014-6332 that essentially “corrupts” two memory objects and changes the type of one object to Array (for read/write access to the address space) and the other ob...


Source: Veracode.com

Jul 03, 2018
In February, we hosted a virtual summit titled “Assembling the Pieces of the DevSecOps Puzzle.” The goal of the summit was to provide organizations with tools and information to implement a DevSecOps strategy and move it from theory into practice.  During one of the summit’s webinars, Pejman Pourmousa, VP of Program Management at CA Veracode, explained the importance of rethinking AppSec polic...

Software development deadlines are getting shorter. Business requirements are getting more complex, and cybersecurity threats are becoming more real. According to the Accenture report on 2018 State of Cyber Resilience, the average number of targeted attacks has more than doubled between 2017 and 2018. The good news is that security teams are adapting to these constant threats, with the targete...

We recently announced our CA Veracode Verified program. To better suit the needs of organizations that are producing and updating apps at DevOps speed, we are attesting to the security of the overall development process of an application, rather than to the security of an application at one point in time. In this way, your prospects and customers can rest assured that security was embedded int...


Source: Veracode.com

Jun 28, 2018
The days of developers creating every line of code from scratch are over. The intense demand for newer, better software means development speeds have become correspondingly intense. In turn, developers need to rely on the pre-built functionality in open source libraries to keep up. The problem with this practice is that it also introduces a whole new layer of vulnerabilities into organizations...


Source: Kaspersky (securelist.com)

Jun 27, 2018
Ransomware is not an unfamiliar threat. For the last few years it has been affecting the world of cybersecurity, infecting and blocking access to various devices or files and requiring users to pay a ransom (usually in Bitcoins or another widely used e-currency), if they want to regain access to their files and devices. The term ransomware covers two main types of malware: so-called window bloc...