Breaking News



New research: Only 52% of developers using components in their apps update them when a new vulnerability is announced Open source components have gone mainstream. With every company undoubtedly becoming a software company, open source and commercial components are a vital element in developing applications at the speed of DevOps. But while they’re a powerful tool for adding features and functi...


Source: Ars Technica Security RSS

Apr 11, 2018
Enlarge (credit: Pablo Viojo / Flickr) The World Wide Web Consortium (W3C) and FIDO Alliance today announced that a new spec, WebAuthn ("Web Authentication") had been promoted to the Candidate Recommendation stage, the penultimate stage in the Web standards process. WebAuthn is a specification to allow browsers to expose hardware authentication devices—USB, Bluetooth, or NFC—to sites on the ...

As software becomes a bigger component of the value delivered by companies in every industry, it’s no exaggeration to say that every company is becoming a software company. We find our customers pushing the envelope on how to tool up their internal software factory to make software better, faster and more efficiently. Those goals are also driving increased use of open source libraries. This sa...


Source: Ars Technica Security RSS

Apr 05, 2018
Enlarge / A Sandy Bridge wafer. Sandy Bridge is the oldest chip family that's guaranteed to get Spectre variant 2 fixes. (credit: Intel) Intel has scaled back its plans to produce microcode updates for some of its older processors to address the "Spectre variant 2" attack. Core 2 processors are no longer scheduled to receive updates, and, while some first generation Core products have microc...


Source: Kaspersky (securelist.com)

Apr 04, 2018
In recent months, the topic of cryptocurrency has been a permanent news fixture — the value of digital money has been see-sawing spectacularly. Such pyrotechnics could hardly have escaped the attention of scammers, which is why cryptocurrency fluctuations have gone hand in hand with all kinds of stories. These include hacked exchanges, Bitcoin and Monero ransoms, and, of course, hidden mining. ...

Enlarge / Mining: no longer welcome in Chrome. (credit: Jeremy Buckingham / Flickr) After a policy that previously permitted them, Google has decided to remove any and all Chrome extensions that mine for cryptocurrencies after finding that too many developers didn't play by the company's rules. Google allowed Chrome extensions that performed mining with the proviso that the extensions clearl...

Paiman Nodoushan has been working at CA Veracode for about two months. In that time, he's met a lot of his peers and claims he already remembers over 50% of their names, no small feat. Jokes aside, he's been getting to know his team, our projects, and the ins and outs of our entire SaaS operation. In our quick interview, he describes the team at Veracode as hard working and passionate, and goe...

Over the past year, our scans of thousands of applications and billions of lines of code found a widespread weakness in applications, which is a top target of cyber attackers. And when you zoom in from a big picture view down to a micro-level, there are a few industries that are struggling to keep up with the rapidly changing cybersecurity landscape and combat the tactics of malicious actors t...