News

0 Comments
Developers around the world depend on open source components to build their software products. According to industry estimates, open source components account for 60-80% of the code base in modern applications. Collaboration on open source projects throughout the community produces stronger code, squashing the bugs and catching the vulnerabilities that impact the security of organizations
0 Comments
Application security testing can present many questions, and one of the most common is which systems should be tested for vulnerabilities. Should testing be performed on systems in the development environment, the staging environment, the production system or some combination of those? Because clients are often pressured into testing applications used in production, there can
0 Comments
It seems as though not a day goes by without news spreading over another major cyber attack. Hackers are becoming increasingly efficient at targeting everything from small startups to Fortune 500 companies and even entire government agencies, and as the world moves further away from traditional types of warfare and more toward engaging in all-out
0 Comments
Mitre has entered the security product testing and evaluation fray, and the organization is using its Mitre ATT&CK framework to judge vendors. Seven vendors of endpoint detection and response (EDR) products submitted their endpoint security products to Mitre for evaluation testing. The objective of the evaluation was to demonstrate how the endpoint detection and response
0 Comments
The world’s biggest hotel chain Marriott International today disclosed that unknown hackers compromised guest reservation database its subsidiary Starwood hotels and walked away with personal details of about 500 million guests. Starwood Hotels and Resorts Worldwide was acquired by Marriott International for $13 billion in 2016. The brand includes St. Regis, Sheraton Hotels & Resorts,
0 Comments
Multinational computer technology company Dell disclosed Wednesday that its online electronics marketplace experienced a “cybersecurity incident” earlier this month when an unknown group of hackers infiltrated its internal network. On November 9, Dell detected and disrupted unauthorized activity on its network attempting to steal customer information, including their names, email addresses and hashed passwords. According
0 Comments
The Department of Justice announced Wednesday charges against two Iranian nationals for their involvement in creating and deploying the notorious SamSam ransomware. The alleged hackers, Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah, 27, have been charged on several counts of computer hacking and fraud charges, the indictment unsealed today at New Jersey court revealed.
0 Comments
In the recent “Cybercrime tactics and techniques: Q3 2018” report by Malwarebytes, banking Trojans were found to be the number one most detected malware for both businesses and consumers. Why have banking Trojans surged this year and how have they evolved over the past quarter? We asked Adam Kujawa, director of malware intelligence at Malwarebytes,
0 Comments
Positive Technologies researchers found two serious vulnerabilities that affect ATMs made by NCR. Researchers were able to launch black box attacks that forced the machines to dispense cash without authorization. What are these ATM vulnerabilities, and how does a black box attack work? Researchers from Positive Technologies — Vladimir Kononovich and Alexey Stennikov — found
0 Comments
Researchers at Qihoo 360 Netlab discovered hackers using vulnerable MikroTik routers to hijack TaZmen Sniffer Protocol traffic and send it to domains under their control. What is TZSP traffic and how are attackers gaining control of routers with this MikroTik router hack? The TaZmen Sniffer Protocol (TZSP) is an open protocol designed to encapsulate other
0 Comments
Building on work that had sought to create fake partial fingerprints for fooling biometric scanners, researchers have used machine learning and artificial intelligence to construct full images of fake fingerprints. Philip Bontrager, Aditi Roy, Julian Togelius and Nasir Memon, researchers at New York University Tandon, and Arun Ross, researcher at Michigan State University, developed DeepMasterPrints,
0 Comments
Building on work that had sought to create fake partial fingerprints for fooling biometric scanners, researchers have used machine learning and artificial intelligence to construct full images of fake fingerprints. Philip Bontrager, Aditi Roy, Julian Togelius and Nasir Memon, researchers at New York University Tandon, and Arun Ross, researcher at Michigan State University, developed DeepMasterPrints,
0 Comments
The real identity of Tessa88—the notorious hacker tied to several high-profile cyber attacks including the LinkedIn, DropBox and MySpace mega breaches—has been revealed as Maksim Vladimirovich Donakov (Максим Владимирович Донаков), a resident of Penza, Russian Federation. In early 2016, a hacker with pseudonym Tessa88 emerged online offering stolen databases from some of the biggest social
0 Comments
This is why you should always think twice before opening innocent looking email attachments, especially word and pdf files. Cybersecurity researchers at Cisco Talos have once again discovered multiple critical security vulnerabilities in the Atlantis Word Processor that allow remote attackers to execute arbitrary code and take over affected computers. An alternative to Microsoft Word,
0 Comments
Mozilla’s security-focused Firefox Monitor tool is expanding to be more proactive at notifying users about past data breaches, but one expert worries about the consequences. Mozilla began testing the initial integration between Firefox Monitor and Have I Been Pwned (HIBP) — a website that enables users to find out if their email addresses were in
0 Comments
Even in the best-case scenario, with effective network security infrastructure in place and an expert staff at the ready, network security can be a thorny task. Then, consider most organizations contend with serious resource limitations, and the picture becomes darker. As network security threats continue to evolve, here are some of the top network security