Several Factors Mitigate VENOM's Utility for Attackers

The divisive VENOM vulnerability—marketing logo and all—has been good for three solid days of debate and angst over its severity, ease of exploitation and risks. The first public proof-of-concept exploit, however, may aid in calming some of the anxiety around the bug, which is proving difficult t...

Dradis v2.9 - Information Sharing For Security Assessments

Dradis is an open source framework to enable effective information sharing, specially during security assessments. It’s a tool specifically to help in the process of penetration testing. Penetration testing is about information: 1. Information discovery 2. Exploit useful information 3. Report the...

Study Finds Internet Users Follow Browser Security Warnings

Users heed Web browser security warnings more than previously thought, according to research unveiled this week. The research is part of first in-depth large-scale field study of browser security warnings, according to Devdatta Akhawe of the University of California, Berkeley and Adrienne Porter...

The Need For Threat-Centric Security

Defenders are at an asymmetric disadvantage when it comes to defending their networks. Attackers spend every minute of their day focused exclusively on penetrating your network to accomplish their mission…and opportunities abound. Today’s modern networks go beyond the walls of the enterprise to...

Android, Symbian Malware on the Rise

Yes. You read that headline correctly. F-Secure is talking about the beleaguered and nearly defunct Symbian operating system, upon which Nokia halted nearly all development in February before announcing that it had been put in maintenance mode in September. Despite a nearly 63 percent drop in...

Tenable Release Nessus 5.0 vulnerability scanner

Tenable Release Nessus 5.0 vulnerability scanner Tenable Network Security announced Nessus 5.0 vulnerability and configuration assessment solution for enterprises and security professionals. Nessus version 5.0 introduces key features and improvements, separated into the four major phases of the...

Security Worth Buying

I’m a dirty vendor. That may not be the best way to start a serious dialogue about security product effectiveness, but I hate to read a post on security theory by some insincere tie-wearing wonk only to discover afterwards that he or she is Lord High Poobah of Marketing at “Scaring You For Profit...

Didier Stevens on PDF Hacking and Security

Dennis Fisher talks with Didier Stevens, the security researcher who developed the innovative method for using the /launch command in PDF readers to execute code on remote machines. Stevens discusses the ramifications of the discovery, the security of PDFs in general and the user behavior that...

Microsoft Internet Explorer 56 Konqueror 2.2.23.0 Weblogic Server 567 - Invalid X.509 Certificate Chain

Microsoft Internet Explorer 56 Konqueror 2.2.23.0 Weblogic Server 567 - Invalid X.509 Certificate Chain source: https://www.securityfocus.com/bid/5410/info A flaw has been reported in the handling of X.509 certificates by a number of products, including several web browsers. It may be possible fo...