Breaking News




Source: Kaspersky (securelist.com)

Jun 26, 2018
The adware PBot (PythonBot) got its name because its core modules are written in Python. It was more than a year ago that we detected the first member of this family. Since then, we have encountered several modifications of the program, one of which went beyond adware by installing and running a hidden miner on victim computers: Miner code installed through PBot Two other versions of PBot we de...


Source: Veracode.com

Jun 26, 2018
One of the sad truths about security is that it has typically been viewed by enterprise C-level executives as akin to an insurance policy – necessary, but would never produce profits, boost revenue, or attract new customers. But are those long-held perceptions changing? A recent CA study found that they might be. The study found that companies that prioritized security efforts in app developme...


Source: Ars Technica Security RSS

Jun 26, 2018
Enlarge / A shiny wafer full of Kaby Lake refresh parts. (credit: Intel) Last week, developers on OpenBSD—the open source operating system that prioritizes security—disabled hyperthreading on Intel processors. Project leader Theo de Raadt said that a research paper due to be presented at Black Hat in August prompted the change, but he would not elaborate further. The situation has since beco...


Source: Kaspersky (securelist.com)

Jun 20, 2018
At Kaspersky Lab we analyze the technologies available on cybersecurity market and this time we decided to look at what OS developers are offering for embedded systems (or, in other words, the internet of things). Our primary interest is how and to what degree these OSs can solve cybersecurity-related issues. We’d like to point out that this review reflects the author’s subjective opinion, and ...


Source: Kaspersky (securelist.com)

Jun 19, 2018
In March 2018 we published our research on Olympic Destroyer, an advanced threat actor that hit organizers, suppliers and partners of the Winter Olympic Games 2018 held in Pyeongchang, South Korea. Olympic Destroyer was a cyber-sabotage attack based on the spread of a destructive network worm. The sabotage stage was preceded by reconnaissance and infiltration into target networks to select the ...


Source: Veracode.com

Jun 14, 2018
Training developers on application security is critical to the success of every security program, but many companies deploy training improperly or insufficiently, argues Maria Loughlin, VP of Engineering at CA Veracode. Companies can increase the bang for their training buck by matching their training delivery and curriculum to the needs of their organization. Consider the channel A successful...

We are very excited to announce the GA release of SourceClear Custom Policies. Custom Policies improves issue remediation and allows you to take greater control of your software delivery workflow. Why Do You Need Custom Policies? More than ever, development groups are relying heavily on open source software libraries to provide a rich feature set that can’t be built from scratch in a reasonabl...

What happened? In March 2018 we detected an ongoing campaign targeting a national data center in the Central Asia that we believe has been active since autumn 2017. The choice of target made this campaign especially significant – it meant the attackers gained access to a wide range of government resources at one fell swoop. We believe this access was abused, for example, by inserting malicious ...