Attackers compromised ASUS to deliver backdoored software updates

Unknown attackers have compromised an update server belonging to Taiwanese computer and electronics maker ASUS and used it to push a malicious backdoor on a huge number of customers, Kaspersky Lab researchers discovered. Judging by information hard-coded in the malware, the attackers’ aim was to compromise about 600 specific computers, but the malware it thought to have been ultimately delivered to over a million of users. Asus Live Updater was used in a big supply … More

The privacy risks of pre-installed software on Android devices

Many pre-installed apps facilitate access to privileged data and resources, without the average user being aware of their presence or being able to uninstall them. On the one hand, the permission model on the Android operating system and its apps allow a large number of actors to track and obtain personal user information. At the same time, it reveals that the end user is not aware of these actors in the Android terminals or of … More

Denial of Service vulnerability discovered in Triconex TriStation Software Suite Emulator

Applied Risk ICS Security Consultant Tom Westenberg discovered a DoS vulnerability in an emulated version of the Triconex TriStation Software Suite. Triconex is a Schneider Electric brand which supplies systems and products in regards to critical control and industrial safety-shutdown technology. The Triconex Emulator is software that allows users to emulate and execute TriStation 1131 applications without connecting to a Tricon, Trident, or Tri-GP controller. Using the Emulator, users can test applications in an offline … More

Checkmarx announces enhancements to Software Exposure Platform

Checkmarx, the Software Exposure Platform for the enterprise, unveiled major advancements to accelerate adoption of the most comprehensive, unified software security solution on the market. As the application layer increasingly is the source of successful attacks, risks are amplified as organizations move to agile development and DevOps without implementing proper DevSecOps practices. The latest release of the Checkmarx Software Exposure Platform adds to the management and orchestration layer of the industry’s first unified software security … More

QuintessenceLabs’ new software daemon feeds high-speed true random to entropy-limited apps

QuintessenceLabs has announced the release of a new software daemon that directly addresses a common performance and security problem. qRand monitors entropy in systems, identifies when they are “entropy starved,” and delivers high-speed full entropy whenever it’s needed. Initially for use in Linux systems, qRand supplements entropy for special like /dev/random that provide randomness when requested. Indeed, /dev/random (and similar) only succeed when enough entropy is available, otherwise they “block,” degrading performance. Some applications counter … More

Egress releases new software to enhance protection against email data breaches

People-centric data security provider Egress has announced its latest releases, which use machine learning to improve sender and end user experience, and enhance protection against data breaches. The new software, Egress Risk-based Protection and Egress Smart Authentication, determine the actual risk of a data breach as information is sent and accessed via email, to ensure the right security is applied. Both solutions tackle a common problem with security tools: that one-size-fits-all approaches often leave users … More

Phishing, software supply chain attacks greatest threats for businesses

Attackers continue to use phishing as a preferred attack method, but have been forced to adapt their approach as anti-phishing tools and techniques are becoming more sophisticated. The phishing threat “Phishing attacks have become increasingly polymorphic, which means attackers don’t use a single URL, domain, or IP address to send mail, but make use of a varied infrastructure with multiple points of attack. The nature of the attacks themselves has also evolved, with modern phishing … More

Veridium releases new software-only platform for mobile biometric authentication

Veridium, a leading developer of user-centric authentication solutions, announced the availability of its new behavioral biometric, Veridium InMotion for VeridiumID, a software-only platform for mobile biometric authentication. Veridium InMotion utilizes user behavior analytics (UBA) to better protect users’ identities and prevent malicious activity before it’s too late. Veridium’s UBA framework identifies patterns of human behavior and applies statistical analysis to detect anomalies that could indicate potential threats. Veridium InMotion increases the reliability of all native … More

Riptide Software releases new penetration testing service

Riptide Software’s new penetration testing suite has been released. The continued growth of managed IT services has allowed Riptide to offer new cybersecurity services, such as penetration testing, to new and existing customers. The team has continued to bring on new employees and will continue to do so throughout 2019. “Protecting our clients against network intrusion and other cyber threats has become a high priority as the number and sophistication of attacks grows each year,” … More

Three reasons employee monitoring software is making a comeback

Companies are increasingly implementing employee and user activity monitoring software to: Ensure data privacy Protect intellectual property and sensitive data from falling into the wrong hands Stop malicious or unintentional data exfiltration attempts Find ways to optimize processes and improve employee productivity. Modern user activity monitoring software is incredibly flexible, providing companies with the insights they need while offering the protection they demand. By examining three prominent use cases, it’s evident that employee monitoring software … More