We want YOU...to speak at UNITED 2017!

Are you an IT or security professional who secretly dreams of speaking to a group of passionate people facing the same challenges and celebrating the same victories as you? Dream no more: For the next three weeks, were accepting submissions for presentations at UNITED 2017 September 13-14 in...

Live Dashboards for Demonstrating Remediation Progress

Is your security team working on the right things to make your organization safer today? How can you prove it with data? Knowing Versus Doing Knowing your threat exposure is only half the picture. The other half is knowing which actions to take with your vulnerability management solution to secur...

Vulnerability Management Tips for the Shadow Brokers Leaked Exploits

Rebekah Brown and the Rapid7 team have delivered a spot-on breakdown of the recent Shadow Brokers exploit and tool release. Before you read any further, if you havent done so already, please read her post. Its probably not the only post youve read on this topic, but it is cogent, well-constructed...

Want to bolster your security program? Keep users from making decisions.

How many times have you witnessed security problems caused by a user making bad decisions? I'd venture to guess at least a few dozen if not hundreds. We've all seen where the perfect storm forms through weaknesses in technical controls, user training, and - most often - common sense and the outco...

Using CIS Controls To Stop Your Network From Falling in With the Wrong Crowd

Earlier this month Kyle Flaherty wrote a post on the Rapid7 Community Blog about how Rapid7 came out on top for coverage of the Center for Internet Security CIS Top 20 Security Controls. In light of recent DDoS events Id like to take a little time to discuss at a high level what the controls are,...

Facebook Bug Bounty Program Pays Out $5 Million in 5 Years

Facebook announced this week that it’s paid out more than $5 million to 900 researchers in the five years since it implemented its bug bounty program. The social network announced the figures, including some preliminary statistics around how the program has fared so far this year, in a blog post...

SWIFT Confirms Banks Still Being Targeted, Announces Mitigation Tool

SWIFT’s chief information security officer said Wednesday that the cooperative is still seeing cases where its customers’ environments have been compromised. “The threat is persistent, adaptive and sophisticated – and it is here to stay,” Alain Desausoi, the cooperative’s CISO said, adding...

Apple Launches Bug Bounty with Maximum $200,000 Reward

LAS VEGAS—Apple closed out Black Hat today with a long-awaited announcement that next month it will launch a bug bounty. The Apple Security Bounty will be an invitation-only program, open to two dozen researchers at the outset, said Ivan Krstic, head of security engineering and architecture. The...

One Way to Boost Proactive Cybersecurity

Its clear from media articles that new CISOs need to make an immediate impact on their organizations security program in the first 90 days with action items such as "make a quarterly plan for the next year"...

Tumblr Requires Password Reset

Yahoo has forced a password reset on Tumblr account holders after it discovered that someone had accessed email addresses, and salted and hashed passwords from early 2013. A Tumblr spokesperson would not disclose who had accessed the data, where it was found, nor how many email addresses were...

FTC And Asus Settle Over Router Security

The U.S. Federal Trade Commission announced a settlement with ASUSTeK Computer over sloppy security settings tied to its routers that left the personal data of 12,900 consumers’ publicly available. On Tuesday, the Taiwanese electronics company agreed to 20 years of periodic security audits along...

The 100 Million Dollar Getaway - Horror Stories 2015

In todays security landscape, companies face daily threats to their reputation and intellectual property. The typical response to these threats is to purchase a tool or a service claiming to be a magical silver bullet that can respond to all "cyber" threats. In reality, the quest for a security...

United Airlines Hands Out Million-Mile Bug Bounty

Poking about a United Airlines online property might not seem to be the wisest course of action for a professional hacker given the fallout over the Chris Roberts saga, but Jordan Wiens insists he wasn’t deterred. Wiens, who founded a security company in Florida called Vector 35 and not too long...

Grindr Account System - Auth Bypass Vulnerability

Document Title: =============== Grindr Account System - Auth Bypass Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1487 Video: https://www.youtube.com/watch?v=7WTLJ2d06kM Advisory1: http://www.vulnerability-lab.com/getcontent.php?id=1419 Advisory2:...

Grindr Account System - Auth Bypass Vulnerability

Document Title: =============== Grindr Account System - Auth Bypass Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1487 Video: https://www.youtube.com/watch?v=7WTLJ2d06kM Advisory1: http://www.vulnerability-lab.com/getcontent.php?id=1419 Advisory2:...

Google Ups Chrome Rewards, Offers More Money For Exploits

Google is again increasing the amount of money it offers to researchers who report vulnerabilities in Chrome as part of the company’s bug bounty program. Now, researchers will be able to earn $15,000 at the high end of the scale, and Google also is offering more cash for researchers who can submi...

Thousands of High-Risk Vulnerabilities Found in NOAA Satellite System

The informational systems that the National Oceanic and Atmospheric Administration NOAA run are loaded with several critical vulnerabilities that could leave it vulnerable to cyber attacks. According to the findings of an audit recently conducted by the Department of Commerce’s Office of the...

NOAA, Satellite Data, Riddled with Vulnerabilities

The informational systems that the National Oceanic and Atmospheric Administration NOAA run are fraught with vulnerabilities and what the U.S. Department of Commerce deems “significant security deficiencies” that could leave it vulnerable to cyber attacks. That’s according to the findings of an...

DHS Releases Hundreds of Documents on Wrong Project Aurora

In response to a Freedom of Information Act request for information about the Operation Aurora attack on Google and other organizations in 2009 the Department of Homeland Security released hundreds of pages of documents related not to that attack campaign, but to the Aurora project run at Idaho...

Power On Software On Guard for MacOS 3.2 Emergency Password Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/553/info On Guard, a security program for MacOS, includes an emergency password feature in the event that the administrative password is lost or forgotten. If the user name 'emergency' is entered, On Guard will generate a...