Manage

Platform security

• Why is preloading HTTP Strict Transport Security risky?

  Despite being designed to improve security, infosec experts have warned against preloading the HSTS protocol. Learn about the risks of preloaded HSTS with Judith Myerson. Continue Reading

• Faxploit: How can sending a fax compromise a network?

  Check Point researchers found a fax machine attack allowing attackers to access scanned documents. Discover how this is possible and how users can avoid falling victim. Continue Reading

• Testing applications in production vs. non-production benefits

  To ensure proper application security testing, production and non-production systems should both be tested. In this tip, expert Kevin Beaver weighs the pros and cons. Continue Reading

• How does a Bluetooth vulnerability enable validation attacks?

  Bluetooth devices might be at risk after a new Bluetooth vulnerability was found targeting firmware and operating system software drivers. Learn how it works and can be mitigated. Continue Reading

• How is the Trezor cryptocurrency online wallet under attack?

  A phishing campaign targeting Trezor wallets may have poisoned DNS or hijacked BGP to gain access. Learn how the attack worked and how to mitigate it with expert Nick Lewis. Continue Reading

• SamSam ransomware: How is this version different from others?

  Sophos recently discovered a SamSam extortion code that performs company-wide attacks using a range of vulnerability exploits. Discover how this version differs from past variants.Continue Reading

• BlackTDS: How can enterprise security teams avoid an attack?

  Proofpoint researchers found a bulletproof hosting evolution, BlackTDS, this is believed to be advertised on the dark web. Learn what security teams should know with Nick Lewis.Continue Reading

• IonCube malware: Who do these malicious files put at risk?

  Malicious files posing as legitimate ionCube files were recently found by WordPress and Joomla admins. Learn how the ionCube malware works with expert Nick Lewis.Continue Reading

• Tom Van Vleck on the Multics operating system, security decisions

  Time-sharing systems got a lot right from a security standpoint. "We aimed toward a completely lights-out, 'no chance for mistakes' interface," says the security researcher.Continue Reading

• iOS updates: Why are some Apple products behind on updates?

  A study by Zimperium found that more than 23% of iOS devices aren't running the latest software. Matt Pascucci explains how this is possible, even though Apple controls iOS updates.Continue Reading

• Building a secure operating system with Roger R. Schell

  The 'father' of the Orange Book has first-hand knowledge of the standards required for classified computer systems and the issues with subversion.Continue Reading

• How do the Linux kernel memory protection features on Android work?

  Google has added Linux kernel memory protection and other security measures to the Android OS. Expert Michael Cobb explains how these features work to protect devices.Continue Reading

• Does the AFNetworking library inhibit iOS app security?

  Flaws in the AFNetworking code library threaten iOS app security. Expert Michael Cobb explains how to prevent falling victim to the flaws.Continue Reading

• Samsung vulnerability affects up to 600 million Android devices

  A flaw in the default keyboard found on many Samsung Galaxy Android devices may leave as many as 600 million devices at risk for a man-in-the-middle attack.Continue Reading

• Google's Adrian Ludwig talks about fighting Android threats

  Google is fighting a constant battle against Android malware and vulnerabilities, and Adrian Ludwig, Google's lead for Android security, talks to SearchSecurity about how protections are getting better.Continue Reading