Breaking News




Source: Kaspersky (securelist.com)

Aug 03, 2017
Steganography is the practice of sending data in a concealed format so the very fact of sending the data is disguised. The word steganography is a combination of the Greek words στεγανός (steganos), meaning “covered, concealed, or protected”, and γράφειν (graphein) meaning “writing”. Unlike cryptography, which conceals the contents of a secret message, steganography conceals the very fac...


Source: Veracode.com

Aug 03, 2017
As important as application security testing is, it's really just the first step in a continuous process to identify and fix flaws. And, depending on your application, you may have hundreds of flaws which require remediation. Some of the most common questions I hear when consulting with customers, particularly new customers, are, “how can I make sure I’m remediating the flaws I find,” followed...


Source: Ars Technica Security RSS

Aug 03, 2017
Enlarge / One of the ads displayed by a fraudulently updated version of the Web Developer extension for Chrome. (credit: dviate) Twice in five days, developers of Chrome browser extensions have lost control of their code after unidentified attackers compromised the Google Chrome Web Store accounts used to issue updates. The most recent case happened Wednesday to Chris Pederick, creator of th...


Source: Kaspersky (securelist.com)

Aug 01, 2017
News Overview The second quarter of 2017 saw DDoS attacks being more and more frequently used as a tool for political struggle. The Qatar crisis was accompanied by an attack on the website of Al Jazeera, the largest news network in the area, Le Monde and Le Figaro websites were targeted in the heat of the presidential election in France, and in Great Britain they recalled a year-old incident wi...


Source: Kaspersky (securelist.com)

Jul 31, 2017
In mid-July 2017, we found a new modification of the well-known mobile banking malware family Svpeng – Trojan-Banker.AndroidOS.Svpeng.ae. In this modification, the cybercriminals have added new functionality: it now also works as a keylogger, stealing entered text through the use of accessibility services. Accessibility services generally provide user interface (UI) enhancements for users with ...

Zane Lackey of Signal Sciences spoke at Black Hat 2017 on a topic near and dear to my heart: Practical Tips for Defending Web Applications in the Age of DevOps. DevOps — and really, any Agile or Agile-like rapid software development approach — is a huge enabler for business. Changes to software are envisioned, implemented, tested, and deployed incredibly fast. Deployments can happen multiple t...

Security updating is an awkward thing. Microsoft knows from experience that people will delay or ignore essential patches, leaving their systems exposed to exploitable flaws. In response, Windows 10 is proactive in installing critical fixes and in rebooting to ensure that those fixes are actually active. This is good for patch adoption, but it's bad when a reboot comes in the middle of a...

Enlarge / A Kaby Lake desktop CPU, not that you can tell the difference in a press shot. (credit: Intel) A recently published Knowledge Base article suggests that Microsoft is going to block Windows Updates for owners of the latest Intel and AMD processors if they try to run Windows 7 or 8.1. Last year, Microsoft announced a shift in the way it would support Windows. Going forward, new proce...