55 matches found
Apple Launches Bug Bounty with Maximum $200,000 Reward
LAS VEGAS—Apple closed out Black Hat today with a long-awaited announcement that next month it will launch a bug bounty. The Apple Security Bounty will be an invitation-only program, open to two dozen researchers at the outset, said Ivan Krstic, head of security engineering and architecture. The...
WhatsApp Encryption: A Good Start, but Far from a Security Panacea
WhatsApp’s addition of end-to-end encryption is a good start, but does not present users with a complete solution that protects against the prying eyes of intrusive governments and nosey third-parties. That’s the consensus among privacy and security experts that commend Facebook-owned WhatsApp fo...
PayPal Wants To Integrate Password with Human Body
You would have been holding a number of online accounts for different services, but how many of you hold a different and unique password for every single account? Probably a very few of you. The majority of people have one or two passwords that are quite simple and easy to remember and comfortabl...
Malware Detection Must Soon Recognize Evasive Behaviors
Criminals and advanced attackers have long fortified malware with features that help malicious code stay hidden from analysis. We’ve seen malware samples that determine if they’re being executed in a sandbox or virtual machine, or over remote desktop protocol connections, and stay quiet until...
Avaya to Patch one-X IP phone zero-day vulnerability
SAN FRANCISCO — Two zero-day vulnerabilities in Avaya’s latest one-X 9608 IP telephones have been discovered and are expected to be patched on Friday by the provider. Researcher Ang Cui, a Ph.D. candidate at Columbia University and chief scientist at Red Balloon Security, will demonstrate an...
Crypto Pioneers Write Letter on NSA Surveillance to Obama
Perhaps the biggest condemnation of President Obama’s address last Friday announcing reforms to the NSA’s surveillance programs was his failure to mention any of the agency’s alleged involvement in subverting cryptography standards and the impact that has had on the trustworthiness of products...
News Roundup: What The Experts Are Saying About The Flame Worm
UPDATE: Are the winds of cyber war blowing, or is the newly discovered Flame worm just a tempest in a teapot? Just days after it was disclosed to the public, the Flame worm is fanning the flames of controversy within the security world. Threatpost takes a look at what people are saying. Calling...
Katie Moussouris on the Microsoft Blue Hat Prize
Dennis Fisher talks with Katie Moussouris of Microsoft about the company’s new Blue Hat Prize for innovative defensive security technology, why Microsoft didn’t start a bug bounty program and whether this will become an annual contest. Podcast audio courtesy of sykboy65 Subscribe to the Digital...
Live in Vegas: Latest from Black Hat and DEFCON
UPDATED: The Black Hat Briefings and DEFCON hacker shows hadn’t even gotten under way before making news. Even before braving the 115 degree heat of the Las Vegas strip, researchers have been pulling the covers off their work in recent weeks, and Threatpost has been there, reporting on new method...
Hacked security firm backs out of security conference !
It has really got to hurt when you run a computer security company and an outlaw hacker group manages to steal and post on the Internet embarrassing emails connecting you to much-publicized plans for crushing the enemies of large corporations through unsavory means like disinformation and...
DHS, NIST, Financial Services Group Form Security Research Partnership
As the finger-pointing and name-calling surrounding the WikiLeaks issue continue in Washington, the White House this week facilitated a cooperative agreement among several key public and private organizations designed to spur joint information security research projects. On Tuesday, the Obama...
Barracuda Networks Launches Bug Bounty Program
Following the lead of Mozilla and Google, Barracuda Networks is launching a bug bounty program that will pay out cash rewards for vulnerabilities found in the company’s own products. The move by Barracuda, a maker of mail security and data protection products, is the first such bug bounty program...
DUgallery 3.0 Authentication Bypass
Hi Everybody! Application : DUgallery 3.0 Risk : High Risk Connecting : Remote Admin Normally, DUGallery 3.0 Admin Pannel is : http://.Com/Accessories/admin/default.asp But We Can Connect Admin Pannel No UserName and No PassWord this page ; http://.Com/Accessories/admin/edit.asp?iPic=PictureID We...
DUgallery 3.0 / Remote Admin Bug
Hi Everybody! Application : DUgallery 3.0 Risk : High Risk Connecting : Remote Admin Normally, DUGallery 3.0 Admin Pannel is : http://.Com/Accessories/admin/default.asp But We Can Connect Admin Pannel No UserName and No PassWord this page ; http://.Com/Accessories/admin/edit.asp?iPic=PictureID We...
Microsoft PowerPoint does not properly handle malformed shapes
Overview Microsoft PowerPoint contains a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft PowerPoint contains a vulnerability that could be exploited when PowerPoint opens a specially crafted document. Accordin...