Click Here to Kill Everybody Reviews and Press Mentions

It's impossible to know all the details, but my latest book seems to be selling well. Initial reviews have been really positive: Boing Boing, Financial Times, Harris Online, Kirkus Reviews, Nature, Politico, and Virus Bulletin. I've also done a bunch of interviews -- either written or radio/podca...

QSC18 Virtual Edition: Vulnerability Risk Management

When vulnerability risk management is proactive, organizations don’t have to hurriedly react to attacks that exploit bugs for which patches are available, as happened with WannaCry. “The vast majority of WannaCry remediation took place as an emergency type process,” Jimmy Graham, a Qualys Directo...

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of June 11, 2018

As a native Texan, I’ve seen more than my fair share of bugs - actual physical bugs that love the hot, humid Texas climate and my curly hair for some reason. The Zero Day Initiative ZDI sees many bugs of the software variety, including those that affect SCADA control systems. Fritz Sands recently...

Threat Roundup for June 1-15

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 01 and June 15. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristic...

Tips for safe summer travels: your cybersecurity checklist

Summer is just around the corner in the Northern Hemisphere, and with it comes vacation plans for many. Those looking to take some time away from work and home are likely making plans to secure their home, have their pets taken care of, and tie up loose ends at work. But how about securing your...

SQL Injection Discovery Tool: SleuthQL

SleuthQL is a python3 script to identify parameters and values that contain SQL-like syntax. Once identified, SleuthQL will then insert SQLMap identifiers into each parameter where the SQL-esque variables were identified. SleuthQL aims to augment an assessor’s ability to discover SQL injection...

Target Credential Issues by Authentication Protocol - No Issues Found

Valid credentials were provided for an authentication protocol on the remote target and Nessus did not log any subsequent errors or failures for the authentication protocol. When possible, Nessus tracks errors or failures related to otherwise valid credentials in order to highlight issues that ma...

Learn How Trillions of DNS Requests Help Improve Security

Akamai's global platform is comprised of 240,000 servers in 3,750 locations within 134 countries. Additionally, our platform interacts with 1.3 billion client devices every day and we ingest 2.5 exabytes of data a year. So why are these stats important? The answer is that this visibility provides...

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of May 7, 2018

This week marked National Teacher Appreciation Week here in the United States. I was happy to see that many other countries celebrate educators in all the other months of the year. All of us have at least one teacher, instructor or professor who really made a difference in our lives. There are tw...

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of April 30, 2018

When I was little, I discovered the joy of jumping on the bed. While it was fun to jump on the bed, I wanted to make it more challenging so I started to imitate the ski jumpers I had seen during the 1976 Winter Olympics and jump from my parents’ dresser to the bed. I quickly found out there’s a...

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of April 9, 2018

The interviewing process can be mentally draining. You have to look your best, say the right things, and prove that you’re the best person for the job. When I interview candidates, I love to come up with the one crazy question that isn’t on the usual list of questions that might be asked. I...

Malware monitor - leveraging PyREBox for malware analysis

This post was authored by Xabier Ugarte Pedrero In July 2017 we released PyREBox, a Python Scriptable Reverse Engineering Sandbox as an open source tool. This project is part of our continuous effort to create new tools to improve our workflows. PyREBox is a versatile instrumentation framework...

Cybersecurity Insurance

Good article about how difficult it is to insure an organization against Internet attacks, and how expensive the insurance is. Companies like retailers, banks, and healthcare providers began seeking out cyberinsurance in the early 2000s, when states first passed data breach notification laws. But...

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of March 12, 2018

This week marked the 11th annual Pwn2Own contest held during the CanSecWest conference in Vancouver and while the contest had fewer entries compared to previous years, it was still an exciting event filled with a little drama. Over the course of two days, the Zero Day Initiative awarded $267,000...

CVE-2017-18035

The /rest/review-coverage-chart/1.0/data//.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular repository to determine its existence and access review coverage statistic...

Design/Logic Flaw

The /rest/review-coverage-chart/1.0/data//.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular repository to determine its existence and access review coverage statistic...

CVE-2017-18035

The /rest/review-coverage-chart/1.0/data//.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular repository to determine its existence and access review coverage statistic...

Missing permission check in review coverage REST endpoint - CVE-2017-18035

The /rest/review-coverage-chart/1.0/data//.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular repository to determine its existence and access review coverage statistic...

Missing permission check in review coverage REST endpoint - CVE-2017-18035

The /rest/review-coverage-chart/1.0/data//.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular repository to determine its existence and access review coverage statistic...

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of January 1, 2018

Happy New Year! It’s out with the old, in with the new, right? Except we all know that the old tends to stick around, especially when it comes to vulnerabilities and patching them. Trend Micro predicts that that 2018’s biggest attacks will originate from known vulnerabilities. And speaking of kno...