Breaking News




Source: Kaspersky (securelist.com)

Sep 18, 2017
A little while back we were investigating the malicious activities of the Freakyshelly targeted attack and came across spear phishing emails that had some interesting documents attached to them. They were in OLE2 format and contained no macros, exploits or any other active content. However, a close inspection revealed that they contained several links to PHP scripts located on third-party web r...

We’re pleased to announce that our colleague Colin Domoney, a consultant solutions architect for Veracode, was recently nominated for a Security Leader of the Year award. Organised by Information Age, Tech Leaders Awards is Britain's flagship celebration of tech leaders, honouring those at the forefront of disruption and innovation and playing a central role in driving business value with tech...


Source: Veracode.com

Sep 16, 2017
As important as application security testing is, it's really just the first step in a continuous process to identify and fix flaws. And, depending on your application, you may have hundreds of flaws which require remediation. Some of the most common questions I hear when consulting with customers, particularly new customers, are, “how can I make sure I’m remediating the flaws I find,” followed...

The days of security and development working side by side in separate silos are over. With the DevOps-induced security “shift left,” security testing now falls in the realm of the developer, and leaves security in more of an enabling, rather than enforcing, role. And this new role requires a new understanding of developer priorities and processes. The security function cannot be effective in a...


Source: Ars Technica Security RSS

Sep 15, 2017
Enlarge / The Trusted Execution Environment means that even if the application and operating system are compromised, the green code and data can't be accessed. (credit: Microsoft) Microsoft announced Thursday a new feature coming to its Azure cloud platform named "Confidential Compute." The feature will allow applications running on Azure to keep data encrypted not only when it's at rest (in...


Source: Ars Technica Security RSS

Sep 14, 2017
Enlarge / Kaspersky Lab CEO and Chairman Eugene Kaspersky speaks at a conference in Russia on July 10, 2017. (credit: Anton NovoderezhkinTASS via Getty Images) The Department of Homeland security ordered government agencies to stop using any software products made by Kaspersky Lab today. Officials cited concern about possible ties between Kaspersky officials and Russian intelligence. Agencie...


Source: Ars Technica Security RSS

Sep 14, 2017
Enlarge (credit: Apple) The first public demo of Apple’s Face ID phone unlocking system didn’t go exactly as planned. During the company’s big iPhone X reveal this week, Apple software engineering chief Craig Federighi suffered a semi-cringeworthy moment when he was unable to unlock the new handset onstage using the new authentication tech. The device prompted Federighi to use a passcode ins...


Source: Kaspersky (securelist.com)

Sep 13, 2017
Medical data is slowly but surely migrating from paper mediums to the digital infrastructure of medical institutions. Today, the data is “scattered” across databases, portals, medical equipment, etc. In some cases, the security of the network infrastructure of such organizations is neglected, and resources that process medical information are accessible from outside sources. Results that had be...