August 2018

• August 31, 2018 31 Aug'18

  Another patched Apache Struts vulnerability exploited

  News roundup: A new Apache Struts vulnerability was exploited in the wild mere days after it was patched. Plus, Facebook removes app over privacy concerns and more.  Continue Reading

• August 31, 2018 31 Aug'18

  WannaCry ransomware

  The WannaCry ransomware is a worm that spreads by exploiting vulnerabilities in the Windows operating system.  Continue Reading

• August 30, 2018 30 Aug'18

  digital certificate

  A digital certificate, also known as a public key certificate, is used to cryptographically link ownership of a public key with the entity that owns it.  Continue Reading

• August 30, 2018 30 Aug'18

  Risk & Repeat: Are the Meltdown and Spectre flaws overhyped?

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss whether or not Meltdown and Spectre deserved to be nominated for the Pwnie Awards' Most Overhyped Bug.  Continue Reading

• August 30, 2018 30 Aug'18

  Congress wants CVE program changes from DHS and MITRE

  In a letter to DHS and MITRE, Congress said CVE program management has been 'insufficient' and called for the program to receive more consistent funding and additional oversight.  Continue Reading

• August 30, 2018 30 Aug'18

  How hard-coded credentials threaten ICS security

  Hard-coded credentials open industrial control systems up to unauthorized access by malicious actors and threaten ICS security. Expert Ernie Hayden explains the threat and what enterprises can do about it.  Continue Reading

• August 29, 2018 29 Aug'18

  ATM jackpotting: How does the Ploutus.D malware work?

  Ploutus.D malware recently started popping up in the U.S. after several ATM jackpotting attacks. Discover how this is possible and what banks can do to prevent this with Nick Lewis.  Continue Reading

• August 29, 2018 29 Aug'18

  Windows 10 zero-day disclosed on Twitter, no fix in sight

  Security researcher SandboxEscaper released proof-of-concept code for a Windows 10 zero-day on Twitter, but Microsoft has no details for a potential patch.  Continue Reading

• August 28, 2018 28 Aug'18

  Diversity at cybersecurity conferences is too important to ignore

  Diversity at cybersecurity conferences became a hot topic in early 2018. Innovation Women founder Bobbie Carlton discusses why it takes more work to get women in security on stage.  Continue Reading

• August 28, 2018 28 Aug'18

  Fortnite vulnerability on Android causes disclosure tension

  Epic Games patched a Fortnite vulnerability in its Android installer, but Google's disclosure policy comes under fire once again as Epic Games' founder called the disclosure 'irresponsible.'  Continue Reading

• August 28, 2018 28 Aug'18

  Red team assessments and post-assessment posture improvement

  Testing an organization's security maturity is crucial for an organization to improve their post-assessment posture. Learn how red teaming can help this situation with Matt Pascucci.  Continue Reading

• August 28, 2018 28 Aug'18

  SamSam ransomware: How can enterprises prevent an attack?

  SamSam ransomware infected the Colorado DOT after hitting hospitals, city councils and companies. Learn how this version differs from those we've seen in the past.  Continue Reading

• August 27, 2018 27 Aug'18

  How does Google's new detection model find bad Android apps?

  Malicious apps have been a consistent problem for the Google Play Store, so a new detection model has been released to help clean it up. Learn how this system works with Nick Lewis.  Continue Reading

• August 24, 2018 24 Aug'18

  Innovation Women founder strives to close gender gap at conferences

  Innovation Women founder Bobbie Carlton discusses the all-male, all-pale panels that overwhelm tech conferences and that moved her to change the number of female speakers.  Continue Reading

• August 24, 2018 24 Aug'18

  How to find the best privileged identity management tool

  To ensure IT security means first realizing that elevated privileges can also be an open door for hackers. Locking things down requires teamwork, good tools and more.  Continue Reading

• August 24, 2018 24 Aug'18

  NSA leaker Reality Winner sentenced to five years in jail

  NSA leaker Reality Winner sentenced to 63 months in prison for releasing classified documents detailing an attack by the Russian military against U.S. election systems.  Continue Reading

• August 24, 2018 24 Aug'18

  Weighing privileged identity management tools' pros and cons

  Products that help security pros manage access privileges are essential to IT security. Learn how to evaluate market offerings and acquire the best for your company.  Continue Reading

• August 24, 2018 24 Aug'18

  Hundreds of Facebook accounts deleted for spreading misinformation

  News roundup: Social media platforms shut down accounts spreading misinformation. The Facebook accounts deleted were tied to Iran, Russia. Plus, Ryuk ransomware spreads, and more.  Continue Reading

• August 24, 2018 24 Aug'18

  What risks does the OpenFlow protocol vulnerability present?

  Researchers found a vulnerability in OpenFlow that can cause problems. Learn how vendor-specific SDN controllers may cause these OpenFlow protocol vulnerabilities.  Continue Reading

• August 23, 2018 23 Aug'18

  AI bias and data stewardship are the next ethical concerns for infosec

  AI bias and the need for data stewardship to prevent issues surrounding the trend of hoarding data are the next big ethical concerns for infosec, according to Laura Norén.  Continue Reading