Breaking News



“Value stream mapping” – that’s a Lean methodology for logistics and supply-chain processes, right? What does that have to do with software security? Good question! In the ’80s, value stream mapping applied to logistics and supply chain processes in the Japanese manufacturing industry. The success of the methodology for manufacturing led to wider adoption, including adoption in Lean software d...


Source: Kaspersky (securelist.com)

Jan 25, 2018
In April 2017, we published a detailed review of a malicious program that used DNS tunneling to communicate to its C&C. That study prompted us to develop a technology to detect similar threats, which allowed us to collect a multitude of malware samples using DNS tunneling. In this article, we will examine some of the most notable malicious programs that use DNS tunneling. Kaspersky Lab’s se...

CA Technologies has released a new report, based on research conducted by industry analyst firm Freeform Dynamics, that sheds light on some of the obstacles for organizations seeking the advantages of a development approach that prioritizes application security, without sacrificing time-to-market and innovation. The report also offers evidence that integrating security throughout the developme...

CA Technologies has released a new report, based on research conducted by industry analyst firm Freeform Dynamics, that sheds light on some of the obstacles for organizations seeking the advantages of a development approach that prioritizes application security, without sacrificing time-to-market and innovation. The report also offers evidence that integrating security throughout the developme...


Source: Kaspersky (securelist.com)

Jan 22, 2018
In the past years, the problem of vulnerabilities in industrial automation systems has been becoming increasingly important. The fact that industrial control systems have been developing in parallel with IT systems, relatively independently and often without regard for modern secure coding practices is probably the main source of ICS security problems. As a result of this, numerous custom solut...


Source: Ars Technica Security RSS

Jan 20, 2018
(credit: Malwarebytes) Proving once again that Google Chrome extensions are the Achilles heel of what's arguably the Internet's most secure browser, a researcher has documented a malicious add-on that tricks users into installing it and then, he said, is nearly impossible for most to manually uninstall. It was available for download on Google servers until Wednesday, 19 days after it was pri...


Source: Veracode.com

Jan 18, 2018
2017 was quite a year for application security. From big breaches to breakthroughs, 2017 featured a lot of scary headlines reflecting the sorry state of application security, but also news about companies moving the needle on AppSec, and regulators waking up to the reality about how data is exposed. Not surprisingly, our most popular 2017 blog posts mirror the trends and headlines – and reveal...


Source: Kaspersky (securelist.com)

Jan 16, 2018
At the beginning of October 2017, we discovered new Android spyware with several features previously unseen in the wild. In the course of further research, we found a number of related samples that point to a long-term development process. We believe the initial versions of this malware were created at least three years ago – at the end of 2014. Since then, the implant’s functionality has been ...