Breaking News




Source: Veracode.com

Feb 03, 2018
In my three-plus years working with enterprise clients to help grow and mature their application security programs, I have seen the gamut of well-run programs and not-so-well run programs.  For the not-so-well-run programs, it is often the same reasons why the program is not successful and not reaching higher maturity levels.  The following are the top 5 mistakes I see most often: 1. No though...


Source: Kaspersky (securelist.com)

Feb 01, 2018
On Monday, Jan 29th, IRS officially opened its 2018 season. Some taxpayers already filed their taxes and cybercriminals know it too. So, right after two days of the official 2018 season opening, we got phishing messages with a fake refund status Websites: The link in the email leads to a hacked Brazilian restaurant, redirecting to Website with Australian domain zone. So, the whole scheme is...


Source: Kaspersky (securelist.com)

Feb 01, 2018
It often happens that inventions and technologies that start out good end up turning into dangerous tools in the hands of criminals. Blockchain is no exception to this rule, especially in its most common cryptocurrency incarnation. Cryptocurrencies crop up in all kinds of spam: from traditional advertising (courses about investment and trade) to more fraudulent and malicious varieties. Quite of...

The shift to DevOps and DevSecOps is happening. Organizations in all industries are creating software not just faster, but also in a more precise, collaborative and incremental way. In fact, we’ve seen the shift in our own customer base, where the percentage of applications scanned for security on a weekly basis jumped 50 percent last year. And this shift casts a wide net, affecting everything...


Source: Veracode.com

Feb 01, 2018
“The more things change the more they stay the same” could be the application security motto for 2017. Last year featured breaches stemming from the same vulnerabilities that have been wreaking havoc for years. In fact, we saw SQL injection in about 30 percent of the apps we scanned in 2017 – a number that hasn’t budged much since 2011. 2017 also shone a harsh spotlight on the risk of open sou...


Source: Veracode.com

Feb 01, 2018
The hardest part of growing up is that everything you’re allowed to do is communicated in a general sense and everything that you’re not allowed to do is enumerated specifically and in detail AFTER you’ve gotten in trouble for doing it. So you’re told things like, “Go play in the yard.” Yet you get chewed out for very specifically flooding the yard to play mud football. Apparently the lawn, th...

The days of security and development working in separate and isolated silos are over. Security is now a task shared by the development and security teams throughout the software lifecycle – from inception to production. Security testing has become primarily the responsibility of developers, with security taking on more of an enabling role – crafting and communicating policies, assisting with r...


Source: Ars Technica Security RSS

Jan 30, 2018
Enlarge / A closeup shot of an Intel Haswell die, with a pin for size reference. (credit: Intel) Microsoft has released a new Windows patch to disable Intel's hardware-based mitigation for the Spectre attack due to bugs introduced by Intel's mitigation. In the wake of the Spectre and Meltdown attacks that use the speculative execution behavior of modern processors to leak sensitive informati...