Breaking News



Speed and security are the name of the game in software development today. Why? Because software is now key to innovation and competitive advantage for every enterprise in every industry. This means that not only is the pace of software development rapidly increasing, but also that attacks against the application layer are proliferating. In turn, software development speed and security are now...


Source: Ars Technica Security RSS

Jul 21, 2017
(credit: Michael Rosenstein) Last August, after being alerted by GitHub's security team that the certificate authority WoSign had errantly issued a certificate for a GitHub domain to someone other than GitHub, Google began an investigation in collaboration with the Mozilla Foundation and a group of security professionals into the company's certificate issuance practices. The investigation un...


Source: Kaspersky (securelist.com)

Jul 20, 2017
The first half of 2017 began with two intriguing ransomware events, both partly enabled by wormable exploit technology dumped by a group calling themselves “The ShadowBrokers”. These WannaCry and ExPetr ransomware events are the biggest in the sense that they spread the quickest and most effectively of known ransomware to date. With this extraordinary effectiveness and speed, one might expect t...


Source: Ars Technica Security RSS

Jul 20, 2017
Mark Vartanyan, seen here in 2014. (credit: Mark Vartanyan / Instagram) A Russian man who helped create and spread the notorious Citadel malware back in 2011 was sentenced Wednesday to five years in prison by a federal judge in Atlanta. According to the Associated Press, Mark Vartanyan will receive two years' credit for time already served in Norway, where he had been living previously. He w...


Source: Ars Technica Security RSS

Jul 20, 2017
Enlarge / John Oliver takes on FCC Chairman Ajit Pai in net neutrality segment. (credit: HBO Last Week Tonight) The US Federal Communications Commission says it has no written analysis of DDoS attacks that hit the commission's net neutrality comment system in May. In its response to a Freedom of Information Act (FoIA) request filed by Gizmodo, the FCC said its analysis of DDoS attacks "stemm...


Source: Kaspersky (securelist.com)

Jul 19, 2017
This spring, the author of the NukeBot banking Trojan published the source code of his creation. He most probably did so to restore his reputation on a number of hacker forums: earlier, he had been promoting his development so aggressively and behaving so erratically that he was eventually suspected of being a scammer. Now, three months after the source code was published, we decided to have a ...

While performing a manual penetration test recently, I encountered a session management system that flew in the face of almost all the recommended security practices. Rather than use a pre-built implementation associated with a development framework, the developers had written one from scratch that, among other things: Generated session tokens based on the user ID and numeric counters. Append...

Enlarge / Eric Rosenbach, who served as the chief of staff to the secretary of defense from 2015 until 2017, seen here in 2014. (credit: Center for Strategic & International Studies) A new group at Harvard University staffed by the former campaign managers of the Hillary Clinton and Mitt Romney campaigns, along with other top security experts, have banded together to help mitigate variou...