Breaking News




Source: Kaspersky (securelist.com)

Sep 26, 2017
We’re already used to the fact that complex cyberattacks use 0-day vulnerabilities, bypassing digital signature checks, virtual file systems, non-standard encryption algorithms and other tricks. Sometimes, however, all of this may be done in much simpler ways, as was the case in the malicious campaign that we detected a while ago – we named it ‘Microcin’ after microini, one of the malicious com...

Whenever there’s a major data breach announced in the news, I think about how there must be other breaches happening that we don’t even know about. Because, although cyberattackers frequently target known vulnerabilities in software, the victims are unlikely to know they were vulnerable until it is too late. As today’s software is increasingly assembled from bits and pieces of open source and ...


Source: Veracode.com

Sep 26, 2017
We’re excited to announce the public launch of our new Veracode Community – a central destination for developers and security professionals to exchange best practices, and discuss trends in AppSec and secure development. As businesses continue to increase their reliance on software, you’re feeling pressure for faster version releases, while simultaneously reducing the risk of a breach. The Ver...

An IBM keyboard signed by ctrl-alt-del inventor David Bradley. (credit: Ross Grady) Once again, Bill Gates has bemoaned the creation of the ctrl-alt-del shortcut. Talking at Bloomberg Global Business Forum, Gates reiterates that he wishes IBM had created a dedicated button for the feature. We're republishing this piece from 2013, because we still think that Gates' telling of the story is a li...


Source: Veracode.com

Sep 21, 2017
The AppSec Skills Gap Is Widening Nearly 20% A Year. Here's How We Fix It. A recent survey from Veracode and DevOps.com found that the majority of IT and development professionals weren’t required to take security courses in college – and they’re not receiving the necessary training from their employers. So, we have to ask: where does the fault lie? Should universities ramp up their security e...

Enlarge / With Windows breaking less often, scenes like this should become a thing of the past. (credit: Lee Adlaf) Windows 10 is getting better and better, Microsoft insists, as it works to build confidence in the operating system in the run up to the next major update. The company says that the Creators Update (version 1703) has seen a 39 percent drop in driver and operating system stabili...


Source: Kaspersky (securelist.com)

Sep 19, 2017
In the field of information security, sandboxes are used to isolate an insecure external environment from a secure internal environment (or vice versa), to protect against the exploitation of vulnerabilities, and to analyze malicious code. At Kaspersky Lab, we have several sandboxes, including an Android sandbox. In this article, we will look at just one of them that was customized to serve the...

As software increasingly plays a critical role in how organizations conduct business, we are seeing two trends emerge: 1. Organizations want more software produced faster. 2. Cyberattackers are finding software a more attractive target. For developers, all the above means that their jobs are changing. The need to get software out the door faster has led to a shift to DevSecOps – where software...