Tag: Featured


Researcher Says NSA’s Ghidra Tool Can Be Used for RCE

March 20, 2019

Via: Threat Post

Ghidra, a free, open-source software reverse-engineering tool that was released by the National Security Agency at RSA, has been found to be a potential conduit to remote code-execution. Ghidra is a disassembler written in Java; software that breaks down executable […]

Application security

How the Google and Facebook outages could impact application security

March 20, 2019

Via: Help Net Security

With major outages impacting Gmail, YouTube, Facebook and Instagram recently, consumers are right to be concerned over the security of their private data. While details of these outages haven’t yet been published – a situation I sincerely hope Alphabet and […]

Network security, Vulnerabilities

Why You Should Integrate IoT Security Into Your Vulnerability Management Program

March 19, 2019

Via: Security Intelligence

It’s safe to say that the internet of things (IoT) is mature enough that it’s on everyone’s radar by now. The IoT as we know it has been around for more than a decade, but it wasn’t until about five […]

Cyber-crime, Phishing

Google took down 2.3 billion bad ads in 2018, including 58.8M phishing ads

March 18, 2019

Via: Security Affairs

Google revealed that it took down 2.3 billion bad ads in 2018, including 58.8 million phishing ads for violation of its policies. Google introduced 31 new ads policies in 2018, aiming at protecting users from scams and other fraudulent activities […]

Hacker, Network security

CSRF flaw in WordPress potentially allowed the hack of websites

March 14, 2019

Via: Security Affairs

Security researcher Simon Scannell from RIPS Technologies has discovered a new CSRF vulnerability in WordPress, that could potentially lead to remote code execution attacks. The flaw is a cross-site request forgery (CSRF) that resides in the comment section of WordPress […]

Network security

Clinic hit by ransomware recovers in hours thanks to solid incident response plan

March 13, 2019

Via: Hot for Security

Maffi Clinics, a chain of plastic surgery clinics in the United States, is notifying patients about a ransomware incident that briefly affected its systems. Unlike most cases involving ransomware, though, this one didn’t leave a scar, illustrating the power of […]

Data loss, Network security

Is your company leaking sensitive data via its Box account?

March 12, 2019

Via: Help Net Security

Companies that use Box for sharing files and folders inside and outside the company are inadvertently leaving sensitive corporate and customer data exposed, cybersecurity firm Adversis warns. Their own research discovered much non-sensitive data but also database dumps of customer […]

Cloud security

2 security tricks your cloud provider won’t tell you

March 12, 2019

Via: InfoWorld

Cloudops (cloud operations) and secops (security operations) are quickly evolving practices. While I’m seeing some errors, what’s more common is that ops teams are leaving important things out. If these missing aspects are not addressed, secops will become problematic quickly. […]

Application security, Hacker, Threats & Malware, Virus & Malware

Hackers use Slack to hide malware communications

March 11, 2019

Via: CSO Online

A group of hackers is using a previously undocumented backdoor program designed to interact with attackers over Slack. While abusing legitimate services for malware command-and-control purposes is not a new development, this is the first time researchers have seen Slack, […]

Cloud security

CSA launches compliance assessment program for cloud service providers

March 6, 2019

Via: Help Net Security

The Cloud Security Alliance (CSA) announced STAR Continuous Self Assessment, the first release of an evolving continuous-compliance assessment program for cloud services that gives cloud service providers (CSPs) the opportunity to align their security validation capabilities with cloud security compliance […]