Android Is Helping Kill Passwords on a Billion Devices

By officially certifying the FIDO2 standard, the mobile OS will soon allow logins to sites and services without having to put in a password...

Trend Micro Antivirus for Mac 2019 is Certified by AV-TEST with Top Scores for Protection, Performance, and Usability

Current and potential users of the latest edition of Trend Micro Antivirus for Mac v9.0, for 2019 will be pleased to know that it achieved MacOS Certification and top scores in all three categories in the recent AV-TEST Product Review and Certification Report – Dec/2018. Trend Micro Antivirus for...

Man-in-the-Middle (MitM)

qt is vulnerable to man-in-the-middle MitM attacks. The vulnerability exists as QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted...

Man-in-the-Middle (MitM)

python is vulnerable to man-in-the-middle MitM attacks. The vulnerability exists as the ssl.matchhostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a \0 character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows...

Become a Certified Hacker With This Hands-On Training Course

It seems as though not a day goes by without news spreading over another major cyber attack. Hackers are becoming increasingly efficient at targeting everything from small startups to Fortune 500 companies and even entire government agencies, and as the world moves further away from traditional...

CVE-2018-17612

Summary of CVE-2018-17612 : Sennheiser HeadSetup (and HeadSetup Pro) improperly published the private signing key in the public distribution and installed CA/root certificates into the local Trusted Root CA store. The root cause is the inclusion of the private key in the SennComCCKey.pem file, en...

Program Looks to Tap Military Vets for Cyber-Jobs

Cisco Talos, NetApp and Maryland’s state government announced an initiative to help military veterans in that state transition into civilian positions in cybersecurity. The hope is that it will address twin goals: To help the hundreds of thousands of discharged veterans flowing into the workplace...

eurovent-certification.com XSS vulnerability

Open Bug Bounty ID: OBB-692564 Description| Value ---|--- Affected Website:| eurovent-certification.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3...

Google Makes 2 Years of Android Security Updates Mandatory for Device Makers

When it comes to security updates, Android is a real mess. Even after Google timely rolls out security patches for its Android platform, a major part of the Android ecosystem remains exposed to hackers because device manufacturers do not deliver patches regularly and on a timely basis to their...

GAIN Electronic Co. Ltd SAGA1-L Series Incorrect Certification Vulnerability

GAIN SAGA1-L Series is a SAGA1-L series industrial remote control product from GAIN Electronic. A security vulnerability exists in GAIN SAGA1-L Series products using firmware versions prior to A0.10. An attacker in close physical proximity could exploit the vulnerability to reprogram the product...

Let’s Continue the Skills Gap Conversation

Most analysis is that the cybersecurity skills gap or shortage is getting worse. ESG reported in CSOOnline that 2018 had the highest levels, at 51%, where organizations "claimed their organization had a problematic shortage of cybersecurity skills." It’s a complex problem, but I believe with...

Accelerating PCI Data Security Standard projects with Deep Security as a Service

Does your organization need to meet PCI DSS requirements? Are you struggling with multiple security tools? Or stretching your already overstretched team to prepare for an audit? Time to hit the accelerator with Trend Micro! If your applications deal with credit or payment card data, you need to g...

ZDResearch Advanced Web Hacking Training 2018 – Learn Online

Are you looking to master web hacking? Interested in a bug-hunting career? Do you want to land a job in cybersecurity? Are you already working as a security engineer, but want to further advance or refine your skills? If yes, read on. ZDResearch Advanced Web Hacking AWH course, including optional...

ZDResearch Advanced Web Hacking Training 2018 – Learn Online

Are you looking to master web hacking? Interested in a bug-hunting career? Do you want to land a job in cybersecurity? Are you already working as a security engineer, but want to further advance or refine your skills? If yes, read on. ZDResearch Advanced Web Hacking AWH course, including optional...

cicerone.org XSS vulnerability

Open Bug Bounty ID: OBB-679192 Description| Value ---|--- Affected Website:| cicerone.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CISSP Certification Course — Become An IT Security Professional

If you dream of making it big in the IT security community, the CISSP certification is a necessary milestone. Certified Information Systems Security Professional CISSP is a globally recognised certification in the field of information security, which has become a gold standard of achievement that...

CISSP Certification Course — Become An IT Security Professional

If you dream of making it big in the IT security community, the CISSP certification is a necessary milestone. Certified Information Systems Security Professional CISSP is a globally recognised certification in the field of information security, which has become a gold standard of achievement that...

Announcing “Cb Threat Hunters,” Carbon Black’s First Skill-Based Program

Carbon Black is excited to announce “Cb Threat Hunters,” the company’s first skill-based program debuting at Cb Connect 2018. Cb Threat Hunters gives you the opportunity to develop your threat-hunting skills to stay ahead of evolving attacks. With this program, our expert team will arm you with t...

RHEL 7 : redhat-certification (RHSA-2018:2373)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2373 advisory. The redhat-certification package provides partners with a unified web-based user interface to certify their products for use on Red Hat...

Redha redhat-certification denial of service vulnerability

Redhat redhat-certification is a certification service from Red Hat, an American company. A denial of service vulnerability exists in the way documents are loaded in Redha redhat-certification, which stems from the program's failure to control resource consumption and can be exploited by a remote...