News

0 Comments
Semmle security researcher Man Yue Mo has disclosed a critical remote code execution vulnerability in the popular Apache Struts web application framework that could allow remote attackers to run malicious code on the affected servers. Apache Struts is an open source framework for developing web applications in the Java programming language and is widely used
0 Comments
Consistency and clarity are necessary when managing a company’s resources. Administrators need to know the Active… Directory basics to see how the different services in this Microsoft tool work together for centralized management. Active Directory is a combination of several services that run on Windows Server. Administrators new to IT should work to understand the
0 Comments
A new malware program called the Skygofree Trojan was discovered targeting Android smartphones and tablets with… extensive spyware capabilities in order to gain access to user information and gather data from apps. How does this Trojan work and what makes it unique compared to other types of spyware? Antimalware vendors have a category — greyware
0 Comments
Endpoint protection software for desktops and servers is adding more and more functionality to respond to the challenging threat climate. Many endpoint protection suites also offer policy integration and data protection for the tablets and smartphones of an increasingly mobile workforce. But according to the North American readers we surveyed, the changes may not be
0 Comments
A new set of Spectre-like flaws that can, theoretically, be exploited to steal sensitive information was discovered in Intel products. Two separate teams of researchers discovered the new vulnerabilities within a few weeks of each other in January and reported it to Intel. Intel was then able to identify two closely related variants and disclosed
0 Comments
Sam Thomas, a security researcher from Secarma, has discovered a new exploitation technique that could make it easier for hackers to trigger critical deserialization vulnerabilities in PHP programming language using previously low-risk considered functions. The new technique leaves hundreds of thousands of web applications open to remote code execution attacks, including websites powered by some
0 Comments
The final version of a report on botnet security, commissioned by a 2017 White House cybersecurity executive order,… was recently published. What are the recommendations in this NIST report? What’s missing in the report that enterprises should be aware of? If there is one thing NIST is known for in the information security community, it
0 Comments
Well, there’s something quite embarrassing for Apple fans. Though Apple servers are widely believed to be unhackable, a 16-year-old high school student proved that nothing is impossible. The teenager from Melbourne, Australia, managed to break into Apple servers and downloaded some 90GB of secure files, including extremely secure authorized keys used to grant login access
0 Comments
The White House published the Cybersecurity National Action Plan, or CNAP, in February to address what the president sees as weakness in cybersecurity preparedness across the country — problems within the federal government, private sector business, even within citizens’ private lives. The cybersecurity plan is a continuation of the Obama administration’s efforts to increase the
0 Comments
There is more to ransomware response than restoring data from known good backups. Having a comprehensive ransomware… incident response plan is crucial for information security programs — it can serve as the foundation of those programs — and every incident response plan should include a feedback loop to update the information security program when new
0 Comments
Fast Company and Inc. are among the financial publications that have cautioned business readers about data compromise: It’s only a matter of when and how the breach will occur. Unfortunately for publisher Mansueto Ventures, the when occurred sometime in early 2016.   Employees’ personally identifiable information — Social Security numbers and more — was stolen and used for filing false state-local tax returns. Workers were left to sort out the mess, according to Keith J. Kelly of the New York
0 Comments
Looking for how to hack WiFi password OR WiFi hacking software? Well, a security researcher has revealed a new WiFi hacking technique that makes it easier for hackers to crack WiFi passwords of most modern routers. Discovered by the lead developer of the popular password-cracking tool Hashcat, Jens ‘Atom’ Steube, the new WiFi hack works explicitly
0 Comments
The Meltdown and Spectre side-channel attacks that exploit weaknesses in major processors scored the top spot in two of three Pwnie Award categories — Best Privilege Escalation Bug and Most Innovative Research — but missed on the prize for the most overhyped vulnerability. The Pwnie Awards, a longtime staple of the Black Hat security conference,
0 Comments
WhatsApp, the most popular messaging application in the world, has been found vulnerable to multiple security vulnerabilities that could allow malicious users to intercept and modify the content of messages sent in both private as well as group conversations. Discovered by security researchers at Israeli security firm Check Point, the flaws take advantage of a
0 Comments
Thank you for joining! Access your Pro+ Content below. June 2016 How to find the best next-generation firewall Share this item with your network: Next-generation firewalls are integrated, hardware- or software-based, network security tools designed to detect and block sophisticated attacks. The NGFWs available on the market today can vary significantly from one another in
0 Comments
Security researchers at Trustwave have released a new open-source tool that uses facial recognition technology to locate targets across numerous social media networks on a large scale. Dubbed Social Mapper, the facial recognition tool automatically searches for targets across eight social media platforms, including—Facebook, Instagram, Twitter, LinkedIn, Google+, the Russian social networking site VKontakte, and
0 Comments
At RSA Conference 2018, a Kaspersky Lab researcher showed how software development kits for popular ad networks… can cause data leaks in many mobile apps. What type of user data is being exposed, and how are the SDKs causing these leaks? Companies building mobile applications, like any modern software application, use third-party libraries and software