WhatsApp, Signal group chats not as secure as users might believe

Researchers have discovered flaws in the way WhatsApp, Signal, and Threema messaging apps handle secure (encrypted) group communication, which could result in unauthorized users getting added to closed groups and monitoring future conversations within them. A common problem highlighted by the research is that end-to-end encryption, which all of these messaging apps purport to offer, […]

Oracle WebLogic Exploit Used in Cryptocurrency Mining Campaign

Enterprises that failed to install Oracle’s critical WebLogic patch last October could find their PeopleSoft and cloud-based servers churning out cryptocurrency, a new discovery shows. A security researcher found attackers had mined 611 Monero coins, which carries a current value of $226,070, by exploiting the WebLogic Flaw in vulnerable servers around the globe. Reports began to […]

Researchers uncover major security vulnerabilities in ICS mobile applications

IOActive and Embedi researchers found 147 cybersecurity vulnerabilities in 34 mobile applications used in tandem with SCADA systems. According to the researchers, if the mobile application vulnerabilities identified are exploited, an attacker could disrupt an industrial process or compromise industrial network infrastructure, or cause a SCADA operator to unintentionally perform a harmful action on the system. The […]

Open source software security challenges persist, but the risk can be managed

This year’s Equifax breach was a reminder that open source software and components pose a giant risk to enterprise security despite their many benefits, especially when not properly maintained. Open source code is now in widespread use by companies of all sizes, in all industry verticals. There are open source operating systems, productivity software, tools for administrators […]

Microsoft plugs 56 vulns, including Office flaw exploited in attacks

As part of the January 2018 Patch Tuesday, Microsoft has released fixes for 56 CVE-listed vulnerabilities, including the Meltdown and Spectre flaws, and a flaw (CVE-2018-0802) in Microsoft Office 2007, 2010, 2013, and 2016 that is being exploited in attacks in the wild. The Office vulnerability can be triggered by the opening of a specially crafted file with an […]

What is DevSecOps? Developing more secure applications

The simple premise of DevSecOps is that everyone in the software development life cycle is responsible for security, in essence bringing operations and development together with security functions. DevSecOps aims to embed security in every part of the development process. It is about trying to automate core security tasks by embedding security controls and processes […]

Microsoft says older Windows versions will face greatest performance hits after Meltdown, Spectre patches

Microsoft has confirmed that users of older versions of Windows should expect to “notice a decrease in system performance” after they apply system patches to protect against the Meltdown and Spectre processor bugs. The bugs, which affect mostly Intel processors but also some ARM and AMD chips, expose the majority of the world’s computers and phones to […]

CISOs’ Cyber War: How Did We Get Here?

Jack Miller, Chief Information Security Officer of SlashNex, has spent a great deal of time on the front lines of the biggest conflict of our age: the cyber war. In almost 20 years as a security professional, he has reached the conclusion that while we are all fighting the good fight and winning some battles, we […]

Microsoft hits the brakes, stops rolling out Meltdown/Spectre patches for AMD devices

Since Microsoft released the Meltdown and Spectre patches, complaints have been pouring in from people who have AMD computers that crashed to a Blue Screen of Death (BSOD) after the patches were installed. This morning, Microsoft temporarily suspended the rollout of those security patches for computers that have AMD CPUs. “Microsoft has reports of customers with some AMD devices […]

Meltdown-Spectre: Four things every Windows admin needs to do now

The confetti from New Year’s Eve celebrations had barely been swept up before the first major security incident of 2018 arrived. News of a serious security flaw in modern processors broke on January 2, after engineers at every big technology company had spent a feverish few weeks and months dissecting the problem of “speculative execution side-channel attacks” and building […]