Manage

Platform security

• How Big Star Labs was able to use data collecting apps

  The ad-blocking vendor AdGuard found browser extensions and apps from Big Star Labs collecting browser history data. Discover how this was accomplished with Nick Lewis. Continue Reading

• Kronos banking Trojan: How does the new variant compare?

  Proofpoint researchers found a Kronos variant after it targeted victims in Germany, Japan and Poland. Learn how this variant compares to the original banking Trojan with Nick Lewis. Continue Reading

• Why is preloading HTTP Strict Transport Security risky?

  Despite being designed to improve security, infosec experts have warned against preloading the HSTS protocol. Learn about the risks of preloaded HSTS with Judith Myerson. Continue Reading

• Faxploit: How can sending a fax compromise a network?

  Check Point researchers found a fax machine attack allowing attackers to access scanned documents. Discover how this is possible and how users can avoid falling victim. Continue Reading

• Testing applications in production vs. non-production benefits

  To ensure proper application security testing, production and non-production systems should both be tested. In this tip, expert Kevin Beaver weighs the pros and cons. Continue Reading

• How does a Bluetooth vulnerability enable validation attacks?

  Bluetooth devices might be at risk after a new Bluetooth vulnerability was found targeting firmware and operating system software drivers. Learn how it works and can be mitigated.Continue Reading

• How is the Trezor cryptocurrency online wallet under attack?

  A phishing campaign targeting Trezor wallets may have poisoned DNS or hijacked BGP to gain access. Learn how the attack worked and how to mitigate it with expert Nick Lewis.Continue Reading

• SamSam ransomware: How is this version different from others?

  Sophos recently discovered a SamSam extortion code that performs company-wide attacks using a range of vulnerability exploits. Discover how this version differs from past variants.Continue Reading

• BlackTDS: How can enterprise security teams avoid an attack?

  Proofpoint researchers found a bulletproof hosting evolution, BlackTDS, this is believed to be advertised on the dark web. Learn what security teams should know with Nick Lewis.Continue Reading

• IonCube malware: Who do these malicious files put at risk?

  Malicious files posing as legitimate ionCube files were recently found by WordPress and Joomla admins. Learn how the ionCube malware works with expert Nick Lewis.Continue Reading

• Tom Van Vleck on the Multics operating system, security decisions

  Time-sharing systems got a lot right from a security standpoint. "We aimed toward a completely lights-out, 'no chance for mistakes' interface," says the security researcher.Continue Reading

• iOS updates: Why are some Apple products behind on updates?

  A study by Zimperium found that more than 23% of iOS devices aren't running the latest software. Matt Pascucci explains how this is possible, even though Apple controls iOS updates.Continue Reading

• Building a secure operating system with Roger R. Schell

  The 'father' of the Orange Book has first-hand knowledge of the standards required for classified computer systems and the issues with subversion.Continue Reading

• How do the Linux kernel memory protection features on Android work?

  Google has added Linux kernel memory protection and other security measures to the Android OS. Expert Michael Cobb explains how these features work to protect devices.Continue Reading

• Does the AFNetworking library inhibit iOS app security?

  Flaws in the AFNetworking code library threaten iOS app security. Expert Michael Cobb explains how to prevent falling victim to the flaws.Continue Reading