James Mickens on the Current State of Computer Security

James Mickens gave an excellent keynote at the USENIX Security Conference last week, talking about the social aspects of security -- racism, sexism, etc. -- and the problems with machine learning and the Internet. Worth watching...

j-learning.com XSS vulnerability

Open Bug Bounty ID: OBB-665111 Description| Value ---|--- Affected Website:| j-learning.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Identifying Programmers by their Coding Style

Fascinating research de-anonymizing code -- from either source code or compiled code: Rachel Greenstadt, an associate professor of computer science at Drexel University, and Aylin Caliskan, Greenstadt's former PhD student and now an assistant professor at George Washington University, have found...

learning-radiology.com XSS vulnerability

Open Bug Bounty ID: OBB-662335 Description| Value ---|--- Affected Website:| learning-radiology.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Black Hat 2018: Voice Authentication is Broken, Researchers Say

LAS VEGAS – We live in a world increasingly dominated by voice-enabled smart digital assistants. More and more we rely on Amazon’s Alexa to tell us if we have any new messages. We ask Google Home smart speakers to remind us of calendar appointments. Some banks even allow users to use their voice ...

This Week in Security News: Hijacks and Healthcare

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, Singapore looks into the effectiveness of virtual browsers in an attempt to reduce cyberattacks on healthcare systems. Also, cybercriminals...

SQL Injection Vulnerability in Frontend of IM-Learning Intelligent Learning Management System of Guangyi East

IM-Learning Intelligent Learning Management System is a web-based academy with key technologies that can be customized and expanded. A SQL injection vulnerability exists in the frontend of the IM-Learning Intelligent Learning Management System in Guangyi East. An attacker can exploit this...

IM-Learning Intelligent Learning Management System Vulnerability in Backend

IM-Learning Intelligent Learning Management System is a web-based academy with key technologies that can be customized and extended. An arbitrary password login vulnerability exists in the backend of Guangyi East IM-Learning Intelligent Learning Management System, which can be exploited by...

Protecting the protector: Hardening machine learning defenses against adversarial attacks

Harnessing the power of machine learning and artificial intelligence has enabled Windows Defender Advanced Threat Protection Windows Defender ATP next-generation protection to stop new malware attacks before they can get started often within milliseconds. These predictive technologies are central...

Detecting Phishing Sites with Machine Learning

Really interesting article: A trained eye or even a not-so-trained one can discern when something phishy is going on with a domain or subdomain name. There are search tools, such as Censys.io, that allow humans to specifically search through the massive pile of certificate log entries for sites...

[SECURITY] Fedora 28 Update: moodle-3.4.4-1.fc28

Moodle is a course management system CMS - a free, Open Source software package designed using sound pedagogical principles, to help educators crea te effective online learning communities...

[SECURITY] Fedora 27 Update: moodle-3.3.7-1.fc27

Moodle is a course management system CMS - a free, Open Source software package designed using sound pedagogical principles, to help educators crea te effective online learning communities...

Podcast: enSilo CEO on Black Hat USA 2018 Trends

Las Vegas – Threatpost’s Lindsey O’Donnell sits down with enSilo CEO Roy Katmor to talk about the top trends that we are seeing this week at Black Hat USA 2018 – from machine learning to connected-car security. Download here:...

Arbitrary File Upload Vulnerability in IM-Learning Intelligent Learning Management System of Guangyi East

IM-Learning Intelligent Learning Management System is a web-based academy with key technologies that can be customized and expanded. An arbitrary file upload vulnerability exists in the Guangyi East IM-Learning Intelligent Learning Management System. An attacker can exploit the vulnerability to...

Cybersecurity Certifications: Why They Matter and How to Know Which Ones To Pursue

Whether you’re just starting off in the cybersecurity field or are already working as a security professional, there are many certifications for you to consider across various specializations and difficulty levels. Not to mention certifications covering a range of disciplines and emerging securit...

Protecting the modern workplace from a wide range of undesirable software

Security is a fundamental component of the trusted and productive Windows experience that we deliver to customers through modern platforms like Windows 10 and Windows 10 in S mode. As we build intelligent security technologies that protect the modern workplace, we aim to always ensure that...

ThreatList: Financial Services Firms Lag in Patching Habits

Almost half 45 percent of financial services firms in a recent survey have reported a data breach in the last two years – with many of those attacks being completely avoidable if known vulnerabilities were patched. In a Ponemon Institute survey of nearly 3,000 cybersecurity professionals at...

Identifying People by Metadata

Interesting research: "You are your Metadata: Identification and Obfuscation of Social Media Users using Metadata Information," by Beatrice Perez, Mirco Musolesi, and Gianluca Stringhini. Abstract: Metadata are associated to most of the information we produce in our daily interactions and...

This Week in Security News: Scams and Security Risks

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, the EU and Japan finalized an agreement enabling the cross-border transfer of data. Also, businesses are turning to machine learning to comb...

What’s the real value—and danger—of smart assistants?

You've heard them called virtual assistants, digital personal assistants, voice assistants, or smart assistants. Operated by artificial intelligence, technologies such as Siri, Alexa, Google Assistant, and Cortana have become ubiquitous in our culture. But what exactly do they do? And how serious...