Beers with Talos Ep. #52: I don't trust you because I care

Beers with Talos BWT Podcast Ep. 52 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded April 26, 2019 - Since Craig decided to skip the podcast today, we decided to invite one of Austin’s top actual security...

Attack Madness: The “Final Four” Cyber Threats According to Security Professionals

In the spirit of March Madness, we’re evaluating the type of cyberattacks that most concern our community of security experts. When approximately one million cyberattacks are attempted per day, this “madness” takes on a whole new level for organizations looking to protect themselves against the...

Top 10 Benefits that Make Upgrading to the PSC a Priority

If you are running either of Carbon Black’s on-premise products CB Response & CB Protection, you are already seeing the benefits of a strong endpoint security solution. With something this effective already in place, why would you need to consider moving to a cloud platform? The answer is twofold...

Canadian Police Raid ‘Orcus RAT’ Author

Canadian police last week raided the residence of a Toronto software developer behind “Orcus RAT,” a product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. Its author maintains Orcus is a legitimate Remote Administration Tool that is...

How Our Threat Analytics Multi-Region Data Lake on AWS Stores More, Slashes Costs

Data is the lifeblood of digital businesses, and a key competitive advantage. The question is: how can you store your data cost-efficiently, access it quickly, while abiding by privacy laws? At Imperva, we wanted to store our data for long-term access. Databases would’ve cost too much in disk and...

New Video Series: How a Security Operations Command Center Took On the Largest Attacks the Internet Has Ever Seen

For over two decades I've made it my mission to stop "bad guys" on the Internet. Working day in and day out alongside an amazing team of security professionals inside our global Security Operations Command Center SOCC has given me the opportunity to do just that. I'm excited to share with you our...

Coffee Meets Bagel Dating App Warns Users of Breach

Popular dating app Coffee Meets Bagel has sent its users an email notifying them that their data may have been “acquired by an unauthorized party.” The news comes days after a massive database containing the information of around 6.2 million Coffee Meets Bagel users showed up on the Dark Web. Use...

BlueHat Shanghai 2019 Call for Papers is Now Open!

We know security experts with diverse skills and experiences are found around the world. This year, the BlueHat Security Conference is coming to Shanghai! BlueHat Shanghai 2019 will take place on May 29-30 at W Shanghai - The Bund. We want to provide a venue for security researchers to come...

Threatpost Poll: Is It Impossible to Secure Mobile Devices?

Between applications and operating systems, a slew of mobile threats continue to pop up – and when it comes to security, it’s getting harder and harder for enterprises to keep up. Just in the past week, Apple patched a massive flaw in its FaceTime allowing a bad actor to eavesdrop on victims; whi...

The world’s southernmost security conference

When asked about his best race, Ayrton Senna replied that it was when he raced karting cars. For him it was the best because it was only for the sake of sports and free from commercial sponsoring and commercial interests. I have this same feeling about computer security conferences, because they...

ok-file-formats buffer overflow vulnerability

ok-file-formats is a decoder for files in PNG, JPEG and WAV formats. ok-file-formats A buffer overflow vulnerability exists in the 'okwavdecodemsadpcmdata' function of the okwav.c file in versions 2018-10-16 and earlier. An attacker could exploit this vulnerability to execute code or cause a deni...

Research Drives Protection

The threat landscape has changed often in the 22 years I’ve been working at Trend Micro and it will continue to change for many more years. We in cybersecurity are constantly at battle with hackers and threat actors who look to infect our customers using the many tactics available to them. Our jo...

Why Supply Chain Hacks Are a Cybersecurity Worse Case Scenario

A blockbuster report from Bloomberg says that China has compromised servers used by major US companies. It's a problem that experts have long feared, and still don't know how to resolve...

Facebook Breach Sparks Concerns Around Third-Party Apps, Website Security

Days after Facebook acknowledged a data breach of its platform – impacting 50 million accounts – the company said it has found no evidence that attackers accessed any apps using Facebook Login. But security experts are still on edge that the breach could have let attackers access third-party apps...

Trump's New Executive Order Slaps a Bandaid on Election Interference Problems

Trump’s order creates a framework to sanction foreign meddling in elections, but experts say it’s not enough...

Call for Customer Presentations: Qualys Security Conference 2018

The annual Qualys user conference, QSC18, is quickly approaching, and we are looking for customer presentations showcasing how you use Qualys to enable security best practices and secure your digital transformation. If you would like to be considered as a presenter, please send a session title an...

Don’t Fall for Webcam Blackmail: Here’s How to Protect Yourself

By Waqas NordVPN Tips on How to Avoid Sextortion Scammers Who Claim to Have a Video of You on Adult Sites. Authorities and cybersecurity experts have issued a fresh warning about the so-called sextortion scam that is making a comeback with new variations. Webcam porn scams have been on the rise f...

Attending Black Hat USA 2018? Here’s what to expect from Microsoft.

Black Hat USA 2018 brings together professionals at all career levels, encouraging growth and collaboration among academia, world-class researchers, and leaders in the public and private sectors. This is an exciting time as our Microsoft researchers, partners, and security experts will showcase t...

NCCIC Webinar Series on Russian Government Cyber Activity

NCCIC is holding a webinar on Russian government cyber activity against critical infrastructure as detailed in NCCIC Alert TA18-074A today from 1–2:30 p.m. ET. The webinar will feature NCCIC subject matter experts discussing recent cybersecurity incidents, mitigation techniques, and resources tha...

CVE-2018-13300

In FFmpeg 3.2 and 4.0.1, an improper argument AVCodecParameters passed to the avprivrequestsample function in the handleeac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information...