Breaking News



At Jenkins World on Aug. 31, Veracode’s Pete Chestna (@PeteChestna) will join fellow industry experts, including DevOps.com’s Alan Shimel and Forrester’s Robert Stroud, to address the hurdles organizations face as they try to create a DevSecOps culture. DevSecOps adoption is on the rise – and there’s no doubt that the practice can cause some friction and hinder the development process. Recent ...


Source: Ars Technica Security RSS

Aug 26, 2017
Enlarge (credit: Michael Theis) Security researchers have unearthed a sprawling list of login credentials that allows anyone on the Internet to take over home routers and more than 1,700 "Internet of things" devices and make them part of a destructive botnet. The list of telnet-accessible devices, currently posted at this Pastebin address, was first posted in June, but it has been updated se...


Source: Kaspersky (securelist.com)

Aug 25, 2017
 Incident Response Guide (PDF) Despite there being no revolutionary changes to the cyberthreat landscape in the last few years, the growing informatization of business processes provides cybercriminals with numerous opportunities for attacks. They are focusing on targeted attacks and learning to use their victims’ vulnerabilities more effectively while remaining under the radar. As a result, bu...

At Jenkins World on Aug. 31, Veracode’s Pete Chestna (@PeteChestna) will join fellow industry experts, including DevOps.com’s Alan Shimel and Forrester’s Robert Stroud, to address the hurdles organizations face as they try to create a DevSecOps culture. DevSecOps adoption is on the rise – and there’s no doubt that the practice can cause some friction and hinder the development process. Recent ...


Source: Kaspersky (securelist.com)

Aug 24, 2017
One good thing about having a lot of Facebook friends is that you simply act as a honey pot when your friends click on malicious things. A few days ago I got a message on Facebook from a person I very rarely speak to, and I knew that something fishy was going on. After just a few minutes analyzing the message, I understood that I was just peeking at the top of this iceberg. This malware was spr...


Source: Kaspersky (securelist.com)

Aug 24, 2017
During the preparation of the “IT threat evolution Q2 2017” report I found several common Trojans in the “Top 20 mobile malware programs” list that were stealing money from users using WAP-billing – a form of mobile payment that charges costs directly to the user’s mobile phone bill so they don’t need to register a card or set up a user-name and password. This mechanism is similar to premium ra...

The Veracode Application Security Platform integrates seamlessly with the development, security and risk-tracking tools you already use. And, our flexible API allows you to create your own custom integrations or use community integrations, built by the open source community and other technology partners. But what do these integrations mean for a security professional charged with AppSec? How d...


Source: Kaspersky (securelist.com)

Aug 22, 2017
Spam: quarterly highlights Delivery service Trojans At the start of Q2 2017, we registered a wave of malicious mailings imitating notifications from well-known delivery services. Trojan downloaders were sent out in ZIP archives, and after being launched they downloaded other malware – Backdoor.Win32.Androm and Trojan.Win32.Kovter. The usual trick of presenting dangerous content as important de...