Security News

Search News Articles
  What is Server Side Request Forgery (SSRF)?

Server Side Request Forgery (SSRF) refers to an attack where in an attacker is able to send a crafted request from a vulnerable web application. SSRF is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network. Additionally, it’...

Read this Article
  ThreadFix Platform Provides Application Security at DevOps Speed

Denim Group, the leading independent application security firm, today announced the release of the latest version of ThreadFix, the company’s application vulnerability resolution platform for developers and security professionals. ThreadFix 2.5 automates application security in the DevOps Continuous...

Read this Article
  Chrome, Firefox and Opera vulnerable to Punycode phishing attack

Punycode is a way of representing Unicode, the standard method by which computers encode text of non-Roman languages such as Arabic or Mandarin and accented characters such as "ü". Using Punycode, URLs containing Unicode characters are represented as ASCII characters consisting of letters, digits an...

Read this Article
  Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability

A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. ...

Read this Article
  Okta Files to Go Public

Okta filed its S-1 with the SEC, officially marking its intent to go public. This planned IPO had been rumored in early 2016, but less than optimal capital market conditions in 2016 likely contributed to the delay. The S-1 followed last week’s news that Okta acquired Stormpath, an identity API provi...

Read this Article
  Apache Struts 2 zero-day is being exploited in the wild

Users urged to update ASAP as evidence emerges of increasingly widespread attacks. The exploit affects the Apache Struts web development framework for Java web applications. The Apache Foundation, the open-source organisation that maintains the popular web server and its associated plug-ins, patched...

Read this Article
  CA Technologies to pay $614M for Burlington cybersecurity firm

Burlington security software company Veracode will be acquired by CA Technologies for $614 million in cash, the companies announced Monday. The acquisition is expected to close in the next several months....

Read this Article
  Governor Cuomo Announces First-In-The-Nation Cyber Security Regulation Protecting Consumers And Financial Institutions From Cyber-Attacks To Take Effect March 1

Governor Andrew M. Cuomo today announced the first-in-the-nation cybersecurity regulation to protect New York's financial services industry and consumers from the ever-growing threat of cyber-attacks will take effect on March 1, 2017. The final regulation requires banks, insurance companies, and oth...

Read this Article
  Here’s how the US government can bolster cybersecurity

What the U.S. government's role should be in cybersecurity isn't as clear-cut as one might think. That's because most of the IT infrastructure is in the hands of the private sector, which is constantly churning out new -- and sometimes vulnerable -- tech products. But it's not always the biggest fan...

Read this Article
  Facebook rolls out safer logins with a security key

Facebook users can now use a security key to authenticate their identity during the login process. If you use a security key, hackers won’t be able to get into your Facebook account, even if they have your username and password. ...

Read this Article
  Study: 62% of security pros don’t know where their sensitive data is

Ask organizations today about the value of data and you’re likely to hear it measured in terms of competitive advantage, customer experience, and revenue generation. As Dante Disparte and Daniel Wagner put it in a December 2016 HBR article, data is “becoming a centerpiece of corporate value creation...

Read this Article
  Acunetix v11 Integrates Vulnerability Management

Acunetix, the pioneer in automated web application security software, has announced the release of version 11. New integrated vulnerability management features extend the enterprise’s ability to comprehensively manage, prioritise and control vulnerability threats – ordered by business criticality. V...

Read this Article
  Dropbox hack leaks 68 million usernames and passwords

Back in 2012, Dropbox disclosed that a hacker had accessed its internal systems and accessed a list of user email accounts. It didn't say the list included passwords. Now Motherboard, security expert Troy Hunt, and online leak-tracker LeakedSource have each reported they reviewed stockpiles of acco...

Read this Article
  The real reason airline computers crash

Why do computer crashes keep bringing major airlines to their knees, leaving hundreds of thousands of passengers stranded at airports? Human error. Mistakes. Good old fashioned screw ups....

Read this Article
  Pokemon Go maker: Coding error gave company access to your emails

The makers of Pokemon Go -- the insanely popular smartphone game -- were forced to make emergency fixes to the game because the app gave the company an unprecedented level of access into players' personal lives....

Read this Article
  Global bank hackers strike again

The criminals who stole $101 million from Bangladesh's central bank appear to have struck again. SWIFT, which runs the communications network that links much of the global financial system, warned clients on Friday that a second bank has been attacked as "part of a wider and highly adaptive campaig...

Read this Article
  VMware Security Advisories

VMware product updates address a critical security issue in the VMware Client Integration Plugin...

Read this Article
  Cyber-extortion losses skyrocket, says FBI

New estimates from the FBI show that the costs from so-called ransomware have reached an all-time high. Cyber-criminals collected $209 million in the first three months of 2016 by extorting businesses and institutions to unlock computer servers. At that rate, ransomware is on pace to be a $1 billion...

Read this Article
  Combating the cybersecurity job crunch

The Internet of Things is the perfect example of that phenomenon, let alone the security implications of millions of newly connected devices. For already stretched thin security practitioners, that means more data to account for, more tools to manage and more reports to coalesce and generate. The pr...

Read this Article
  Phishers Spoof CEO, Request W2 Forms

Fraudsters who perpetrate tax refund fraud prize W-2 information because it contains virtually all of the data one would need to fraudulently file someone's taxes and request a large refund in their name. Indeed, scam artists involved in refund fraud stole W-2 information on more than 330,000 people...

Read this Article
Previous 1 Next