Sunday, May 27, 2018
Developers Failing to Use Secure Open Source Components

Developers Failing to Use Secure Open Source Components

Developers Failing to Use Secure Open Source Components Only half of developers using open source components in their software update them to use the most secure version, according to CA Veracode. The security firm polled 400 app developers from the UK, US and Germany and found just 52% update these components when a new vulnerability…
Cloud Protection Moves Into a New Phase

Cloud Protection Moves Into a New Phase

It’s RSA Conference season and a great time to talk about containers and security. No, not traditional shipping containers. Containers have become developers’ preferred deployment model for modern cloud applications, helping organizations accelerate innovation and differentiate themselves in the marketplace. This is part of the natural progression of the datacenter, moving from the physical, on-premise…
Does Your Family Need a VPN? Here are 3 Reasons it May Be Time

Does Your Family Need a VPN? Here are 3 Reasons it...

At one time Virtual Private Networks (VPNs) used to be tools exclusive to corporations and techie friends who appeared overly zealous about masking their online activity. However, with data breaches and privacy concerns at an all-time high, VPNs are becoming powerful security tools for anyone who uses digital devices. What’s a VPN? A VPN allows…
Passwords, Revisited

Passwords, Revisited

Ahh, Passwords.  We have work passwords, personal passwords, super secret passwords, even throw away passwords.  Have you ever stopped to wonder how “secure” your passwords actually are?  Thanks to cybersecurity writer and researcher Troy Hunt, you can now check. Troy runs the website ‘;– Have I been pwned? and recently pulled together the data he…
Security Pros Support Data Collection Regulations

Security Pros Support Data Collection Regulations

Security Pros Support Data Collection RegulationsWhile most security professionals believe that government officials lack a real understanding of the threats to digital privacy, they overwhelmingly agree that governments should regulate the way social media companies collect user data. At last week’s RSA Conference, more than 500 security professionals participated in a Venafi survey that asked myriad…
PyRo Mine Malware Uses NSA Tool to Collect Monero

PyRo Mine Malware Uses NSA Tool to Collect Monero

PyRo Mine Malware Uses NSA Tool to Collect MoneroAttackers are known to leverage any means available to go after cryptocurrencies, and Fortinet researchers reported this week that hackers are using a new crypto-mining malware they are calling PyRo Mine to quietly collect Monero. The Python-based malware uses an NSA exploit to spread to Windows machines…
Infosecurity Magazine System Upgrade: 30th March-1st April

Infosecurity Magazine System Upgrade: 30th March-1st April

Infosecurity Magazine System Upgrade: 30th March-1st AprilInfosecurity Magazine will be undergoing a system upgrade from Friday March 30th until Sunday April 1st 2018. During this time users will be unable to access their member accounts and any member only content.  All other content will be available to access as normal. Thank you for your patience during this upgrade. …
Cyrpto-Me0wing, Not a Cute Kitty of the Internet

Cyrpto-Me0wing, Not a Cute Kitty of the Internet

Cyrpto-Me0wing, Not a Cute Kitty of the InternetThe internet has been the gateway to fame for many a cat, but the latest vulnerability in Drupal, the "Kitty" malware, has gained popularity for more nefarious reasons. The critical remote code execution (RCE) vulnerability is an attack variant piggybacking on the Drupalgeddon 2.0 exploit. Researchers at Imperva reported…
Altaba Fined $35m for Yahoo Breach Notification Failings

Altaba Fined $35m for Yahoo Breach Notification Failings

Altaba Fined $35m for Yahoo Breach Notification FailingsThe company formerly known as Yahoo has agreed to pay a $35m penalty to the Securities and Exchange Commission after failing to notify the market promptly about a breach of hundreds of millions of accounts. The December 2014 breach of around 500 million accounts resulted in usernames, email addresses, encrypted…
Why You Need To Know About “Cryptojacking”

Why You Need To Know About “Cryptojacking”

As the value and quantity of digital currencies have rocketed, so too have the risks. In fact, crypto-related malware has spiked over the last year, breaking the top 10 most commonly found malware families. Some attacks are designed to steal the currency outright, by robbing digital wallets, but the majority of threats come in the…

Recent Posts