Security Testing and Ethical Hacking
- January 04, 2017
Google Project Zero discovers more antivirus vulnerabilities. This time, the issues are with how Kaspersky Lab handles SSL certificate validation and CA root certificates.
- September 15, 2016
Oracle's lack of response to security researchers raises more questions after a zero-day MySQL vulnerability was reported, though patches may have already been released.
- March 18, 2016
A team created a prototype machine learning vulnerability scanner that can think like a human in order to perform automated penetration testing.
- August 14, 2015
News roundup: Government email security got pummeled this week with news of hacks, breaches, unlabeled classified data and spying. Plus: Hacking a Corvette via text; Android sandbox bypass flaw; Oracle CSO blogs against reverse-engineering.
- July 24, 2015
News roundup: A wireless car hack demonstration has pushed vehicle security legislation and DMCA exemptions into the spotlight, and prompted a manufacturer recall. Plus: Hacking Team update; DHS email issues; and smartwatches vulnerable to attack.
- July 17, 2015
News roundup: Are the tides turning on mobile app safety? One white hat hacker's attempt to reverse-engineer the Subway app offers surprising results. Plus: CloudFlare Transparency Report; another call to eliminate RC4; Black Hat attendant survey.
- July 10, 2015
News roundup: Despite the benefits of encryption, FBI Director James Comey says it inhibits legal investigations. It's up to tech companies to help. Plus, read about major "computer glitches," Kali 2.0 and more.
- May 18, 2015
As details emerge about a security researcher's alleged hack -- and subsequent denial -- of an airplane, more questions are being asked than answers given.
- May 15, 2015
News roundup: Microsoft released security details of its new Edge browser, but is enough to restore user confidence? Plus: Millennial security threats; new ransomware, GPU-based malware; black hat cybersecurity services.
- April 28, 2015
Some people think bug bounty programs are the answers to vulnerability woes, yet others remain skeptical of the negative impacts they present. RSA Conference panelists discussed both sides of one of today's hottest and most controversial IT topics.
- April 03, 2015
News roundup: President Obama's executive order allowing sanctions on cyberattackers has been met with mixed reaction. Plus: Threat intelligence perception versus reality; healthcare breach consequences; Verizon tosses supercookie.
- March 31, 2015
The PCI SSC has issued prescriptive new supplemental guidance on penetration testing in an effort to reverse current trends and improve merchant compliance.
- March 11, 2015
The 2015 edition of the Verizon PCI report shows enterprises are, on the whole, getting better at achieving full PCI compliance. Unfortunately, few can sustain it.
- March 06, 2015
News roundup: Bug bounty programs can offer big rewards to researchers, unless Adobe is handing out the prizes. Plus: Signal 2.0 encryption app; app cloning risk increasing; Angler adopts 'domain shadowing' capability.
- March 02, 2015
Bug bounty programs are a cool idea and often work, so why haven't they taken off for non-tech companies?