Level up your cybersecurity journey with CLOUDSEC 2017

Beginning this month, Trend Micro will be hosting CLOUDSEC, one of the largest cybersecurity conferences across Asia-Pacific and Europe. The event features presentations and panel discussions from industry experts and thought leaders who will discuss high-level strategies, forward looking securit...

Do the Police Need a Search Warrant to Access Cell Phone Location Data?

The US Supreme Court is deciding a case that will establish whether the police need a warrant to access cell phone location data. This week I signed on to an amicus brief from a wide array of security technologists outlining the technical arguments as why the answer should be yes. Susan Landau...

Call for Papers: Qualys Security Conference 2017

Our annual user conference, QSC17, is quickly approaching and we are looking for customer presentations that showcase hot topics related to security and best practices via case studies leveraging the use of Qualys technologies. If you would like to be considered as a presenter, please send a...

Mystery Company Offers $250,000 Bounty for VM Escape Vulnerabilities

An unnamed company will start an eight-week, invite-only bug bounty program in September that offers a $250,000 payout for virtual-machine escape vulnerabilities tied to an unreleased product. Bugcrowd announced the program today, and said the high-priced bounty is the largest advertised bounty o...

UBUNTU-CVE-2017-11450

coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via JPEG data that is too short...

Google Changes How it Analyzes Misbehaving Mobile Apps

Mobile apps in the Google Play store are categorized by their purpose, i.e., productivity or games. But there is a science to how apps are arranged, in particular around security and privacy features, and especially in holding back those apps whose behaviors pose a risk to mobile users. Google on...

The vulnerability of the MPEG-4 AVC software platform, Flash Player, allows attackers to execute arbitrary code.

The vulnerability of the MPEG-4 AVC software platform, Flash Player, arises from an operation that occurs outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code memory corruption remotely...

luxuryhotelexperts.com XSS vulnerability

Vulnerable URL: http://www.luxuryhotelexperts.com/property.php?hotelID=586"'--! Details: Description| Value ---|--- Patched:| Yes, at 27.11.2017 Latest check for patch:| 27.11.2017 09:18 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 3434657 VIP website status:...

Thousands of Security Experts Work Together to Collectively Combat Petya / NotPetya Ransomware Attack

On Tuesday, Carbon Black’s community of security experts began working together with Carbon Black Threat Research to rapidly analyze the new ransomware family that was hitting organizations from Russia to Britain. More than 100 customers and partners communicated IOCs as the attack hit. “I heard...

Is Continuing to Patch Windows XP a Mistake?

Last week, Microsoft issued a security patch for Windows XP, a 16-year-old operating system that Microsoft officially no longer supports. Last month, Microsoft issued a Windows XP patch for the vulnerability used in WannaCry. Is this a good idea? This 2014 essay argues that it's not: The zero-day...

Join Wallarm at ISSA’s Cornerstones of Trust event on June 20th

Next week, local chapter of Information Systems Security Association check them out at http://www.sv-issa.org is organizing a focused security conference looking into the issues of securing end users, enterprise technologies and security processes. Come meet Wallarm to learn about trends and best...

Google find Windows nuke-level vulnerability and cannot be fixed-bug warning-the black bar safety net

Google security experts recently in the Microsoft Windows operating system find an unpatched vulnerability, and the security risk is high. Project zero researchers TavisOrmandy and NatalieSilvanovich this week announced that they on the Windows in the found they say“the worst”RCE, but did not...

The vulnerabilities of programs for viewing and editing PDF files such as Adobe Reader, Adobe Acrobat, Adobe Acrobat Document Cloud, and Adobe Reader Document Cloud allow attackers to trigger service interruptions.

The vulnerability of the JPEG 2000 stream processing service software for viewing and editing PDF files in Adobe Reader, Adobe Acrobat, Adobe Acrobat Document Cloud, and Adobe Reader Document Cloud is related to a memory leak. Exploiting this vulnerability can allow an attacker to cause a service...

Air Force Hopes To Attract Hackers With Bug Bounty Program

On Wednesday, the United States Air Force became the latest division of the U.S. Armed Forces to announce a public-facing bug bounty program. The program, Hack the Air Force, invites vetted white hat security experts to hack key public-facing Air Force websites. The Air Force follows in the...

Auto Lender Exposes Loan Data For Up To 1 Million Applicants

A California auto loan company left the names, addresses, credit scores and partial Social Security numbers of up to 1 million people exposed on an insecure online database. The company behind the database is Alliance Direct Lending Corporation, according to Kromtech Security Research Center, whi...

Equation and a wave of massive 0day attacks leaks, Microsoft this minor vaginal bleeding-exploit warning-the black bar safety net

Early in the morning get up and think of Sunny days still good? However cyberspace just gave birth to a wave of bomb has a blast! Shadow Brokers again leaked out a shocked the world of confidential documents, which contains a plurality of fine Windows Remote exploit tools, and can cover over 70% ...

Exploit Kit Activity Quiets, But is Far From Silent

Over the past six months, the roar of exploit kits has quieted to a whimper. But that doesn’t mean exploit kit threats are nonexistent. According to security experts, gangs behind them are regrouping, tweaking code and finding fresh software exploits to target. Here are the exploit kits and explo...

Verizon Rebuts Critics of Data-Collecting App

Verizon broke its silence today on what many believed would be a controversial rollout of an app made by Evie Labs called AppFlash, that had been identified by privacy advocates as spyware. The wireless carrier and broadband ISP defended itself Friday saying its critics were flat-out wrong. Veriz...

Experts Doubt Hacker's Claim Of Millions Of Breached Apple Credentials

Security experts say they are skeptical that a group of hackers called Turkish Crime Family actually possess a cache of hundreds of millions of Apple iCloud account credentials. A more plausible explanation, they say, is that crooks used credential stuffing attacks to amass a limited number of...

Paper Spells Out Tech, Legal Options for Encryption Workarounds

FBI Director James Comey’s dogged attachment to the argument that strong encryption hinders criminal investigations by law enforcement is heading into its third year with little signs of abatement. That insistence comes despite three years of arguments to the contrary from security experts, who...