Misconfigured Jenkins Servers Leak Sensitive Data

Fri, 19 Jan 2018 16:20:18 +0000

A researcher has conducted an analysis of Jenkins servers and found that many of them leak sensitive information, including ones belonging to high-profile companies. London-based researcher Mikail Tunç used the Shodan search engine to find Jenkins servers accessible from the Internet and discovered roughly 25,000 instances. read more

Firms More Open to Receiving Vulnerability Reports: Ethical Hackers

Fri, 19 Jan 2018 13:35:15 +0000

Companies have become more open in the past year to receiving vulnerability reports from security researchers, according to ethical hackers surveyed by bug bounty platform HackerOne. read more

Strong Incident Response Starts with Careful Preparation

Fri, 19 Jan 2018 13:26:10 +0000

Through working every day with organizations’ incident response (IR) teams, I am confronted with the entire spectrum of operational maturity. However, even in the companies with robust IR functions, the rapidly evolving threat landscape, constantly changing best practices, and surplus of available tools make it easy to overlook important steps during planning. As a result, by the time an incident occurs, it’s too late to improve their foundational procedures.  read more

Dridex Campaign Abuses FTP Servers

Fri, 19 Jan 2018 12:45:57 +0000

A recently observed email campaign is abusing compromised FTP servers as download locations for malicious documents and infecting users with the Dridex banking Trojan, Forcepoint has discovered.  read more

AMD, Apple Sued Over CPU Vulnerabilities

Fri, 19 Jan 2018 08:45:44 +0000

Apple and Advanced Micro Devices (AMD) are also facing class action lawsuits following the disclosure of critical CPU vulnerabilities that affect billions of devices. read more

Triton Malware Exploited Zero-Day in Schneider Electric Devices

Thu, 18 Jan 2018 20:19:02 +0000

The recently discovered malware known as Triton and Trisis exploited a zero-day vulnerability in Schneider Electric’s Triconex Safety Instrumented System (SIS) controllers in an attack aimed at a critical infrastructure organization. read more

Cloudflare Launches Remote Access to Replace Corporate VPNs

Thu, 18 Jan 2018 20:14:07 +0000

Mobile and cloud computing have challenged the concept of perimeter security. There is no longer an easily definable perimeter to defend. VPNs are a traditional, but not ideal solution. Neither approach addresses the attacker who gets through the perimeter or into the VPN. Google long ago recognized the problems and introduced BeyondCorp as an alternative to perimeters and VPNs for its own worldwide employees. read more

Booby-Trapped Messaging Apps Used for Spying: Researchers

Thu, 18 Jan 2018 19:09:37 +0000

An espionage campaign using malware-infected messaging apps has been stealing smartphone data from activists, soldiers, lawyers, journalists and others in more than 20 countries, researchers said in a report Thursday. read more

Russia-Linked Attacks on Political Organizations Continue

Thu, 18 Jan 2018 19:03:56 +0000

The cyber-espionage group known as Fancy Bear was highly active in the second half of 2017, hitting political organizations worldwide, Trend Micro said this week. read more

Common Approaches to Automated Application Security Testing - SAST and DAST

Thu, 18 Jan 2018 18:41:51 +0000

Not All Automated Software Security Assessment Approaches Are Created Equal read more

Intel Tests Performance Impact of CPU Patches on Data Centers

Thu, 18 Jan 2018 14:55:04 +0000

Intel Patches for Meltdown and Spectre Cause More Frequent Reboots read more

Google Brings Security Analytics to G Suite

Thu, 18 Jan 2018 14:10:34 +0000

Google this week announced security center for G Suite, a tool that brings together security analytics, actionable insights, and best practice recommendations from Google.  read more

Cisco Patches Flaws in Email Security, Other Products

Thu, 18 Jan 2018 12:38:44 +0000

Cisco has patched several high severity vulnerabilities, including ones that allow privilege escalation and denial-of-service (DoS) attacks, in its Unified Customer Voice Portal (CVP), Email Security, and NX-OS products. read more

Researchers Earn $100,000 for Hacking Pixel Phone

Thu, 18 Jan 2018 06:23:30 +0000

A team of researchers has earned more than $100,000 from Google for an Android exploit chain that can be used to hack the company’s Pixel phone remotely simply by getting the targeted user to access a malicious website. read more