Breaking News




Source: Veracode.com

Oct 29, 2016
Those new to AppSec might wonder – how often do I have to test my apps for security? One school of thought is: do a one-time scan of all or most apps in production, fix the most egregious defects and either consider security testing “done” – or maybe schedule another scan in several months, even for the next year. The problem with this model is that it doesn’t work with the way software is cur...


Source: Ars Technica Security RSS

Oct 29, 2016
Enlarge Authorities said they arrested an 18-year-old iPhone app developer on charges of felony computer tampering after he unleashed code that threatened to take down emergency 911 systems in a large swath of Arizona and possibly other states. Meetkumar Hiteshbhai Desai stands accused of publishing Web links that caused iPhones to repeatedly dial 911, according to a release published Thurs...


Source: Ars Technica Security RSS

Oct 28, 2016
More bots. Thanks, Internet of Things. Mirai—the malware responsible for creating a massive "botnet" of hacked Internet-connected cameras, digital video recorders, and other devices that interrupted Internet services for many last week—is still in action, according to data from the network security company Arbor Networks. An ever-shifting army of about 500,000 compromised Internet of Things...


Source: Ars Technica Security RSS

Oct 28, 2016
Enlarge MRecently a cache of 2,337 e-mails from the office of a high-ranking advisor to Russian president Vladimir Putin was dumped on the Internet after purportedly being obtained by a Ukrainian hacking group calling itself CyberHunta. The cache shows that the Putin government communicated with separatist forces in Eastern Ukraine, receiving lists of casualties and expense reports while ev...

(credit: Wikimedia Commons user Tabercil) Thirty-six-year-old Ryan Collins from Pennsylvania was sentenced to 18 months in prison after pleading guilty to hacking the Apple and Google accounts of more than 100 celebrities, including Jennifer Lawrence, Aubrey Plaza, Rihanna, and Avril Lavigne. Collins stole personal information, including nude photos, from the celebrities. The photos were fam...


Source: Ars Technica Security RSS

Oct 28, 2016
A demonstration of SQL injection in action. (video link) Thirty-one-year-old Laurie Love is currently staring down the possibility of 99 years in prison. After being extradited to the US recently, he stands accused of attacking systems belonging to the US government. The attack was allegedly part of the #OpLastResort hack in 2013, which targeted the US Army, the US Federal Reserve, the F...

Google Brain has created two artificial intelligences that evolved their own cryptographic algorithm to protect their messages from a third AI, which was trying to evolve its own method to crack the AI-generated crypto. The study was a success: the first two AIs learnt how to communicate securely from scratch. The setup of the crypto system. P = input plaintext, K = shared key, C = encrypte...


Source: Kaspersky (securelist.com)

Oct 27, 2016
The Gootkit bot is one of those types of malicious program that rarely attracts much attention from researchers. The reason is its limited propagation and a lack of distinguishing features. There are some early instances, including on Securelist (here and here), where Gootkit is mentioned in online malware research as a component in bots and Trojans. However, the first detailed analysis was pub...