Search results for: zero trust


Windows zero-day exploit offered for sale on underground market

Someone is selling an exploit for a Windows zero-day on an underground market for Russian-speaking cyber criminals, and the current price is set at $90,000. Trustwave researchers have discovered the advertisement in early May and believe it to be genuine, although they point out that it’s impossible to know for sure unless one buys the exploit and tries it out. “Zero days have long been sold in the shadows. In this business you usually need … More

Apache Milagro

Milagro: A distributed cryptosystem for the cloud

A new open source project within the Apache Incubator aims to create an alternative to outdated and problematic monolithic trust hierarchies such as commercial certificate authorities. Apache Milagro (incubating) is a distributed cryptosystem for cloud computing. A joint undertaking by MIRACL (formerly Certivox), NTT Innovation Institute, and NTT Labs, it will establish a new internet security framework made of cryptographic service providers called Distributed Trust Authorities, who independently issue shares of keys to application endpoints … More


Application security market will grow to $6.77 billion by 2021

According to a new market research report by MarketsandMarkets, the global application security market size is estimated to grow from USD 2.24 Billion in 2016 to USD 6.77 Billion by 2021, at a CAGR of 24.8% from 2016 to 2021. Application security is to safeguard applications from vulnerabilities such as SQL injection and cross-site scripting via security testing techniques, which scan the web and mobile applications for security flaws throughout the application development lifecycle. As … More

Web servers and sites under attack via ImageMagick zero-day flaw

A zero-day remote code execution flaw has been found in ImageMagick, an image processing library that allows image uploads from untrusted users (site visitors) and is widely used by web services (social media, blogging sites, etc.). The flaw (CVE-2016–3714) is extremely easy to take advantage of – a booby-trapped image file that carries the exploit that will force the ImageMagick software to run malicious code on the server will do the trick. What’s more, it … More


Exposing the Cybercrime as a Business model

Trustwave released a new report which reveals the top cybercrime, data breach and security threat trends from 2015. Experts gathered real-world data from hundreds of breach investigations the company conducted in 2015 across 17 countries. Key highlights Weak application security: 97 percent of applications tested by Trustwave in 2015 had at least one vulnerability. 10% of the vulnerabilities discovered were rated as critical or high risk. The median number of vulnerabilities discovered per application by … More


Security tips and tricks for businesses and consumers

In 2015, the number of zero-day vulnerabilities discovered more than doubled to a record-breaking 54, a 125 percent increase from the year before, reaffirming the critical role they play in lucrative targeted attacks, according to Symantec’s Internet Security Threat Report. As attackers evolve, there are many steps businesses and consumers can take to protect themselves. As a starting point, Symantec recommends the following best practices: For businesses Don’t get caught flat-footed: Use advanced threat and … More


Bug in OS X Messages client exposes messages, attachments

When in March Apple pushed out security updates for its many products, much attention has been given to a zero-day bug discovered by a team of Johns Hopkins University researchers, which could have allowed attackers to decrypt intercepted iMessages. Another vulnerability (CVE-2016-1764) that affects the OS X Messages client has passed practically unnoticed, as its description simply said “clicking a JavaScript link can reveal sensitive user information.” But on Friday more details about it have … More


Modern IRM: Securing the future of work

No matter what business you’re in, the one thing you produce more than anything else is text. Every day, you and your colleagues are creating, discussing, and documenting valuable intellectual property. But in order for it to reach its potential, it must be shared. That’s the challenge that modern enterprises face: to be competitive in a dynamic market, you have to enable teams to share fluidly and efficiently, and often across borders. But protecting critical … More

RSA Conference Innovation Sandbox

Innovation Sandbox Contest 2016 finalists announced

RSA Conference announced the 10 finalists for its annual Innovation Sandbox Contest. The competition is dedicated to encouraging out-of-the-box ideas and the exploration of new technologies that have the potential to transform the information security industry. On Monday, February 29, 2016, each of this year’s finalists demonstrate its technology to conference attendees, as well as a judging panel that includes: Asheem Chandna, partner at Greylock Partners Gerhard Eschelbeck, VP of security and privacy engineering at … More


Endpoint security really can improve user experience

Traditional security policies are intrusive and impact user productivity. This is unfortunately the opinion of most end users. In fact, according to a recent study performed by Dimensional Research: The Value of a Great Desktop Experience, as many as 62% of business users identified security that is not intrusive as an important factor to a great desktop user experience. This opinion has been influenced over the years by the effect traditional antivirus software has had … More


Wi-Fi and security are better together for SMBs

Wireless adoption is growing fast globally, with Wi-Fi access becoming ubiquitous in businesses, stores, corporate environments and public spaces; literally everywhere we go. As a small to midsized business (SMB), you may be considering or already offering Wi-Fi as a service to your customers. It’s a great idea. SMBs are adding Wi-Fi access in their environments to increase customer satisfaction, build loyalty, repeat visits, and enable unique marketing opportunities. Customers appreciate and come to expect … More


You can’t stop what you can’t see: Mitigating third-party vendor risk

Third-party vendors are a liability for host organizations, often unwittingly creating backdoors and exposing sensitive data. In fact, according to the Ponemon Institute “Aftermath of a Data Breach Study,” 53 percent of organizations felt vulnerable to another breach due to negligent third parties including vendors and outsourcers. Consider some of the most notorious attacks in the last couple of years—all of which exploited a third-party vendor: The Office of Personnel Management (OPM) breach happened as … More