On Wednesday at the Mobile Pwn2Own hacking contest taking place at the PacSec Applied Security Conference in Tokyo, security researchers demonstrated two iPhone exploits that leverage Apple’s Safari mobile web browser.
At Mobile Pwn2Own, team MBSD, of Japanese firm Mitsui Bussan Secure Directions, Inc., earned $40,000 for their exploit efforts which enabled them to successfully compromise the Samsung device running Google’s Android.
The best way to anticipate a move by an adversary is to put yourself in their position and ask, what would I do in the same situation? Studying the ways in which you would attack a given situation provides a strategic advantage when planning your defense.
In this podcast, Richard Boscovich, assistant general counsel in the Microsoft Digital Crimes Unit, talks about the new Microsoft Cybercrime Center and the ongoing battle to stop the proliferation of botnets around the world.
Costin Raiu of Kaspersky Lab's global research and analysis team talks about the global implications of the Icefog APT campaign and discloses that a major command-and-control shutdown is currently underway.
Serialization-deserialization vulnerabilities can be extremely harmful, but seem to be less widely understood than the ones that involve direct user input. This column is dedicated to taking a deeper look at these vulnerabilities.
By including security into the DevOps model, organizations can attain that improved agility and operational excellence while also improving the necessary checks and balances before changes are pushed into production.
One of the biggest inhibitors to securing an organization’s most critical information is treating all data as if it had the same value. While it would be nice to be able to secure every bit of data or information on your network, that is a nearly impossible task.