Breaking News




Source: Veracode.com

Jul 26, 2017
Let’s face it – cyberwar is no longer science fiction. Our economies – and our democratic system – are under attack. Security researchers are often reluctant to attribute attacks to particular nation states. But it’s become increasingly clear that Russia attempted to meddle in the 2016 U.S. presidential election, and perhaps other elections in the UK and Europe. Last summer, Russia-backed hack...


Source: Veracode.com

Jul 26, 2017
The move to Agile and DevSecOps development processes has fostered a lot of attention on the need to shift security testing left in the development cycle. And this is absolutely a pivot in the right direction. Moving security testing into the realm of the developer makes security testing faster, easier, more effective and less expensive. However, it’s important not to lose sight of the fact th...


Source: Kaspersky (securelist.com)

Jul 25, 2017
We recently reported about SambaCry, a new family of Linux Trojans exploiting a vulnerability in the Samba protocol. A week later, Kaspersky Lab analysts managed to detect a malicious program for Windows that was apparently created by the same group responsible for SambaCry. It was the common C&C server that both programs used – cl.ezreal.space:20480 – that suggested a relationship between ...

Enlarge (credit: Tim Malabuyo) A mysterious piece of malware that gives attackers surreptitious control over webcams, keyboards, and other sensitive resources has been infecting Macs for at least five years. The infections—known to number nearly 400 and possibly much higher—remained undetected until recently and may have been active for almost a decade. Patrick Wardle, a researcher with secu...


Source: Kaspersky (securelist.com)

Jul 24, 2017
Spring Dragon is a long running APT actor that operates on a massive scale. The group has been running campaigns, mostly in countries and territories around the South China Sea, since as early as 2012. The main targets of Spring Dragon attacks are high profile governmental organizations and political parties, education institutions such as universities, as well as companies from the telecommuni...

We are pleased to announce updates to the Veracode integrations to Microsoft Visual Studio Team Services (VSTS) and Team Foundation Server (TFS), and to Visual Studio. The VSTS/TFS integration makes static and dynamic security findings available as work items in the VSTS/TFS issue tracker, and automatically updates the related defects when they are fixed or have approved mitigations. The Visua...

Veracode recently partnered with ESG to conduct a survey of 400 IT, cybersecurity and developer professionals regarding their take on the benefits of AppSec for contemporary software development and deployment. The survey results revealed some positive trends, including the fact that many developers are focusing on security for security’s sake, rather than solely to meet compliance requirement...

Enlarge (credit: Harald Deischinger) On Friday, representatives of the notorious hacking entity known as Fancy Bear failed to appear in a federal court in Virginia to defend themselves against a civil lawsuit brought by Microsoft. As the Daily Beast first reported on Friday, Microsoft has been waging a quiet battle in court against the threat group, which is believed to be affiliated with th...