Is Your Organization Merely PCI-Compliant or Is It Actually Secure?

The Host Identity Protocol might be the answer to inadequate check-the-box security standards.
Source: Vulnerabilitys & Threats

Using Market Pressures to Improve Cybersecurity

Post-MedSec, Chris Wysopal discusses what impact the investor community — if not consumers — can have on squashing vulnerabilities and improving cybersecurity.
Source: Vulnerabilitys & Threats

St. Jude Pacemaker Gets Firmware Update 'Intended as a Recall'

The devices that were the subject of a vulnerability disclosure debate last summer now have an FDA-approved fix.
Source: Vulnerabilitys & Threats

New York's Historic FinSec Regulation Covers DDoS, Not Just Data

Starting today, New York banks and insurers must report to authorities within 72 hours on any security event that has a ‘reasonable likelihood’ of causing material harm to normal operations.
Source: Vulnerabilitys & Threats

The Changing Face & Reach of Bug Bounties

HackerOne CEO Marten Mickos reflects on the impact of vulnerability disclosure on today’s security landscape and leadership.
Source: Vulnerabilitys & Threats

DoJ Launches Framework for Vulnerability Disclosure Programs

The Department of Justice releases a set of guidelines to help businesses create programs for releasing vulnerabilities.
Source: Vulnerabilitys & Threats

Facebook Offers $1 Million for New Security Defenses

The social media giant has increased the size of its Internet Defense Prize program in order to spur more research into ways to defend users against the more prevalent and common methods of attack.
Source: Vulnerabilitys & Threats

Using DevOps to Move Faster than Attackers

Black Hat USA talk will discuss the practicalities of adjusting appsec tooling and practices in the age of DevOps.
Source: Vulnerabilitys & Threats

Cloud AV Can Serve as an Avenue for Exfiltration

Black Hat USA researchers show how bad guys can use cloud AV connections to bypass air-gaps and extremely segmented networks to keep stolen data flowing.
Source: Vulnerabilitys & Threats

New SQL Injection Tool Makes Attacks Possible from a Smartphone

Recorded Future finds new hacking tool that’s cheap and convenient to carry out that old standby attack, SQL injection.
Source: Vulnerabilitys & Threats