Security Experts:

WRITE FOR US
Virus & Threats

LATEST SECURITY NEWS HEADLINES

rss icon

Syrian Electronic Army Launched Cyber Attack Against Israeli Water System: Expert
Hackers Attack Saudi Official Websites: Reports
Zeus Malware Staging a Massive Comeback, Says Trend Micro
NYPD Detective Accused of Hiring Hackers to Snoop on Co-Workers
China, US to Try New Tone in Desert Outing
long dotted

NEWS & INDUSTRY UPDATES

Microsoft to Close Critical IE Security Holes on Patch Tuesday
Microsoft is set to fix 34 security vulnerabilities in this month's Patch Tuesday.
Read More..
New DIY Google Dorks Based Hacking Tool Released
The tool, which goes for as little as $10, has built-in SQL injection options as well as the ability to add custom exploits, a researcher said.
Read More..
Adobe Warns of New Critical Vulnerability in ColdFusion
Adobe has issued a Security Advisory for a newly disclosed critical security vulnerability (CVE-2013-3336) in Adobe ColdFusion.
Read More..
Microsoft Releases 'Fix It' to Address Recent IE Vulnerability Used in Watering Hole Attacks
Microsoft has released a one-click Fix it to help protect customers from a recently-disclosed security vulnerability affecting Internet Explorer 8.
Read More..
Building Control System at Google Found Hackable
Billy Rios and Terry McCorkle, researchers for Cylance, discovered that Google was using an outdated version of the Niagara framework building management system.
Read More..
Popular Media Websites Compromised to Deliver Malware to Visitors
Several media sites, including two Washington, DC-based radio stations, have been compromised to infect unsuspecting visitors' systems with fake antivirus software.
Read More..
Size Matters: When Open Source Code Quality is Better than Proprietary Software
Smaller open source projects tend to be more secure than proprietary applications, but the opposite is the case for software with more than a million lines of code, according to a new report from Coverity.
Read More..
Detecting Password Cracking With 'Honeywords'
Two researchers propose using fake passwords known as "honeywords" to trick attackers that have managed to steal a file of usernames and hashed passwords.
Read More..
New Internet Explorer Zero-Day Exploited in Watering Hole Attack Campaign
What was thought to be a year-old Internet Explorer vulnerability being exploited on the U.S. Department Labor website is actually a 0-day vulnerability being exploited in a more widespread campaign.
Read More..
New Ramnit Malware Steals One-Time Passwords to Defraud Online Bankers
Attackers have improved their social engineering tactics to target banks in the U.K.
Read More..

FEATURES, INSIGHTS // Virus & Threats

rss icon

Mark Hatton's picture
Three Mistakes Companies Make When it Comes to 'Vulnerability Management'
Mark Hatton - Vulnerabilities
When it comes to security, you can scan for vulnerabilities all day long and even convince yourself that you know where that threat is hiding, but until you’re able to capture, correlate and contextualize it, it means nothing.
Read full story
Wade Williamson's picture
Google Puts Its Money on Chrome OS
Wade Williamson - Vulnerabilities
Not only is Google raising the bar, installing a ladder and raising the bar again in terms of vuln bounties - they are doing so for an operating system that is virtually non-existent in the wild.
Read full story
Tal Be'ery's picture
Lessons From Yahoo Hack: Don't Let Hackers Party on Your 3rd Party Code
Tal Be'ery - Application Security
Organizations should always assume third party code—coming from partners, vendors, mergers and acquisitions—is vulnerable, and take relevant precautions.
Read full story
Tal Be'ery's picture
A Hard Knock Life - Ruby on Rails Vulnerabilities and System Hardening
Tal Be'ery - Application Security
Tal explains the technical details behind recent Ruby on Rails vulnerabilities and shows how web applications’ administrators can avoid these and similar problems with some proper system hardening.
Read full story
Tal Be'ery's picture
Lessons From the Recent DKIM Mail Verification Vulnerability
Tal Be'ery - Email Security
In this column, Tal analyzes the technical details of the DKIM vulnerability, evaluates possible implications of the exploit, and points to some general lessons.
Read full story
Alan Wlasuk's picture
Website 'Tells' That Will Get You Hacked
Alan Wlasuk - Vulnerabilities
By wandering around a public website with easily obtainable tools, it's easy to pick up on several security ‘tells’ that your website gives away, indicating how easy it could be to hack.
Read full story
Tal Be'ery's picture
Total Recall - The Details Behind Firefox 16 Recall
Tal Be'ery - Vulnerabilities
Last week, Mozilla removed the latest version of their Firefox Web browser just a day after it was released. Since Mozilla gave us little to work with, we will dive into the technical details of the vulnerability - a JavaScript vulnerability.
Read full story
Wade Williamson's picture
Black Hole Dominates on the Web
Wade Williamson - Malware
Data in Microsoft's Security Intelligences report shows the broad impact of the Black Hole exploit kit in terms of its role in the delivery of threats.
Read full story
Chris Hinkley's picture
'Tis The Season of E-commerce: How to Safeguard Against Mobile Payment Vulnerabilities
Chris Hinkley - Compliance
As e-commerce ramps up again in advance of the holiday season, businesses need to take mobile payments security seriously. Here are three ways to protect your customers’ information when accepting mobile payments.
Read full story
Alan Wlasuk's picture
Misguided Security Through Obscurity - The Brownsburg Hack
Alan Wlasuk - Vulnerabilities
As I wander the world of website security, I run across many reasons why most websites (over 70%) are open to hacks from amateur and professional hackers alike.
Read full story