Breaking News



Enlarge / Using the attached device, an attacker's remote control on the right is able to hijack the original remote control on the left. (credit: Jonathan Andersson) The advent of inexpensive consumer drones has generated a novel predicament for firefighters, law-enforcement officers, and ordinary citizens who encounter crafts they believe are interfering with their safety or privacy. In a ...

Cybersecurity professionals are some of the most highly sought after candidates in the job market. With most businesses taking advantage of web applications to streamline their operations, every company is a software company - and they all need security. Before now, the position of security professional remained a bit cryptic. More traditional roles in marketing or sales demonstrated obvious n...


Source: Veracode.com

Oct 26, 2016
What vulnerability did you deploy today? You’ve run your static and dynamic scans, implemented a secure development lifecycle, and made security job one -- but how sure are you? Some security testing just can’t be automated. In the end, the only way to know for sure is to perform a manual penetration test. Why use Manual Penetration Testing Traditionally, MPT on its own can be expensive and do...


Source: Ars Technica Security RSS

Oct 26, 2016
Enlarge / We're also mad you're connected to the Internet, toaster et al. (credit: Disney) Welcome to the Internet of Evil Things. The attack that disrupted much of the Internet on October 21 is still being teased apart by investigators, but evidence thus far points to multiple "botnets" of Internet-connected gadgets being responsible for blocking access to the Domain Name Service (DNS) inf...


Source: Ars Technica Security RSS

Oct 26, 2016
(credit: fcpages.com) A surprisingly large number of critical infrastructure participants—including chemical manufacturers, nuclear and electric plants, defense contractors, building operators and chip makers—rely on unsecured wireless pagers to automate their industrial control systems. According to a new report, this practice opens them to malicious hacks and espionage. Earlier this year, ...


Source: Kaspersky (securelist.com)

Oct 25, 2016
It’s unusual for a day to go by without finding some new variant of a known ransomware, or, what is even more interesting, a completely new one. Unlike the previously reported and now decrypted Xpan ransomware, this same-but-different threat from Brazil has recently been spotted in the wild. This time the infection vector is not a targeted remote desktop intrusion, but a more massively propagat...


Source: Ars Technica Security RSS

Oct 25, 2016
(credit: UCR Today) There's a new method for rooting Android devices that's believed to work reliably on every version of the mobile operating system and a wide array of hardware. Individuals can use it to bypass limitations imposed by manufacturers or carriers, but it could also be snuck into apps for malicious purposes. The technique comes courtesy of a Linux privilege-escalation bug that,...

One of the counterintuitive features of DevOps culture is a willingness to fail. In our success-oriented culture, this might sound like exactly the wrong direction in which to take your development teams. But a willingness to fail quickly, and often, can paradoxically lead your teams to greater success — provided you do it in a structured way and you learn from your failures. There’s a lot of ...