How can defenders gain advantage in the 0day market?
According to MIT, Harvard, and HackerOne researchers, the answer is not throwing more money at bug hunters, but incentivize them to find the the same vulnerabilities that the …
Google blocks Java plugin in new Chrome by default
Google has released Chrome 42 to the stable channel, and among the changes announced is one that will automatically block Oracle’s Java plugin and other plugins that use …
Adobe fixes Flash Player zero-day exploited in the wild
Adobe released a new version of Flash Player (17.0.0.169) for Windows and Macintosh, and for Linux (11.2.202.457). These security updates fix a host of critical …
Microsoft releases 11 security bulletins
Administrators and security teams are in for a busy day tackling 11 Microsoft security bulletins, Adobe updates and Oracle has pre-announced that their quarterly update …
New trend in cybercriminal activity: APT wars
Kaspersky Lab has recorded a rare and unusual example of one cybercriminal attacking another. In 2014, Hellsing, a small and technically unremarkable cyberespionage group …
Lack of skilled infosec pros creates high-risk environments
82 percent of organizations expect to be attacked in 2015, but they are relying on a talent pool they view as largely unqualified and unable to handle complex threats or …
Key trends for risk-prone behavior in the workforce
Businesses are ill prepared for the high-risk, high-growth mindset of the GenMobile workforce, creating alarming disparity around security practices in the corporate world. …
Compromised credentials haunt cloud app usage
Netskope found that more than seven out of ten uploads from users with compromised accounts are to apps with a “poor” rating in the Netskope Cloud Confidence …
Misconfigured DNS servers may leak domain info, warns US-CERT
US-CERT is urging administrators of Domain Name System servers to check whether their machines are misconfigured to respond to global Asynchronous Transfer Full Range (AXFR) …
Former lottery infosec head accused of hacking computers to buy winning ticket
The former head of information security at the Multi-State Lottery Association (MUSL), who was arrested in January 2015, stands accused of having tampered with the computer …
18-year-old bug can be exploited to steal credentials of Windows users
A new technique for exploiting an 18-year-old bug in Windows Server Message Block (SMB), which would allow attackers to intercept user credentials, had been uncovered by …
Main sources of data breaches: Phishing, RAM scrapers, web app insecurity
US telecom giant Verizon has published its 2015 Data Breach Investigations Report, which is based on an analysis of nearly 80,000 security incidents, including more than 2,100 …
Featured news
Resources
Don't miss
- Popular code formatting sites are exposing credentials and other secrets
- Fake “Windows Update” screens fuels new wave of ClickFix attacks
- Microsoft cracks down on malicious meeting invites
- How an AI meltdown could reset enterprise expectations
- The breaches everyone gets hit by (and how to stop them)