Posts

Using DevOps to Move Faster than Attackers

Black Hat USA talk will discuss the practicalities of adjusting appsec tooling and practices in the age of DevOps.
Source: Vulnerabilitys & Threats

Cloud AV Can Serve as an Avenue for Exfiltration

Black Hat USA researchers show how bad guys can use cloud AV connections to bypass air-gaps and extremely segmented networks to keep stolen data flowing.
Source: Vulnerabilitys & Threats

New SQL Injection Tool Makes Attacks Possible from a Smartphone

Recorded Future finds new hacking tool that’s cheap and convenient to carry out that old standby attack, SQL injection.
Source: Vulnerabilitys & Threats

Microsoft Patches Critical Zero-Day Flaw in Windows Security Protocol

Researchers at Preempt uncovered two critical vulnerabilities in the Windows NTLM security protocols, one of which Microsoft patched today.
Source: Vulnerabilitys & Threats

How Code Vulnerabilities Can Lead to Bad Accidents

The software supply chain is broken. To prevent hackers from exploiting vulnerabilities, organizations need to know where their applications are, and whether they are built using trustworthy components.
Source: Vulnerabilitys & Threats

The Impact of a Security Breach 2017

Despite the escalation of cybersecurity staffing and technology, enterprises continue to suffer data breaches and compromises at an alarming rate. How do these breaches occur? How are enterprises responding, and what is the impact of these compromises on the business? This report offers new data on the frequency of data breaches, the losses they cause, and the steps that organizations are taking to prevent them in the future.
Source: Vulnerabilitys & Threats

[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem

Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization’s security plans and strategies compare to what others are doing? Here’s an in-depth look.
Source: Vulnerabilitys & Threats

No-Name Security Incidents Caused as Many Tears as WannaCry, Pros Say

Half of security pros say they’ve worked just as frantically this year to fix other incidents that the public never heard about.
Source: Vulnerabilitys & Threats

The Folly of Vulnerability & Patch Management for ICS Networks

Yes, such efforts matter. But depending on them can give a false sense of security.
Source: Vulnerabilitys & Threats

Major Websites Vulnerable to their Own Back-End Servers

DoD, other websites found with back-end server flaws and misconfigurations that could give attackers an entryway to internal networks, researcher will demonstrate at Black Hat USA next month.
Source: Vulnerabilitys & Threats