News

News

• August 25, 2015 25 Aug'15

  Choosing a threat intelligence platform: What enterprises should know

  Video: Threat intelligence tools are a growing market and enterprises need to be able to see through the hype to get the best product for them.

• August 20, 2015 20 Aug'15

  Is the future of cyberdefense a new branch of the military?

  An IT professional suggests the best way to improve cyberdefense and security in the public and private sectors may be a new branch of the military. But, according to one expert, the benefits of such a plan can be gained with the current setup.

• August 18, 2015 18 Aug'15

  Millions left at risk as Android Stagefright fix pushed to September

  The Android Stagefright vulnerability continues to put millions of users at risk because Google's first attempt at a patch did not work, and a new fix likely will not come until September.

• August 18, 2015 18 Aug'15

  From CCSP to CISSP: A look at (ISC)2 cybersecurity certifications

  Video: Cybersecurity certifications are not in short supply, but (ISC)2 still dominates the field with CISSP and the new CCSP certification from its CSA partnership.

• August 14, 2015 14 Aug'15

  Government email security woes widen with Pentagon breach and more

  News roundup: Government email security got pummeled this week with news of hacks, breaches, unlabeled classified data and spying. Plus: Hacking a Corvette via text; Android sandbox bypass flaw; Oracle CSO blogs against reverse-engineering.

• Sponsored News

  • Part I: Keep the Cloud Your Safe Place

    Sponsored by Forcepoint - Organizations of all sizes have been called upon to swiftly support remote work in order to safeguard the health of their workforce and local communities. As businesses are called upon to scale up remote work procedures for the physical safety of employees, IT teams must accelerate the adoption of technology that ensures their people and data are secure—without hurting productivity or morale. See More

  • Part II: Safeguard Data Everywhere

    Sponsored by Forcepoint - As security teams are tasked with the duty of rapidly scaling up protections for remote workers, one of the key considerations they must keep in mind is how to safeguard data no matter where it resides or travels. This is hardly a new problem. However, the vastly broadened scope of remote work today requires security teams to revisit policies and technologies. Some solutions that may have been sufficient for isolated use cases don't adequately protect a completely distributed workforce. See More

  • Part III: Protect Your People

    Sponsored by Forcepoint - In response to the rapid rise in remote work, cybersecurity teams have increased their efforts to protect their dispersed team’s cyber hygiene. The rapid rise in remote work to protect the health of employees has required cybersecurity teams to scale their efforts to similarly protect the cyber hygiene of these workers as they operate in new conditions. One of the key directives for cybersecurity departments looking to safeguard the people and data within a distributed enterprise is the implementation of cyber defenses that can move with employees and protect them—regardless of their location or device. See More

  View All Sponsored News
• August 14, 2015 14 Aug'15

  Dropbox adds support for U2F security keys

  Dropbox announced it is strengthening login options with support for universal 2nd factor (U2F) security keys with the aim of making two-step verification faster and easier.

• August 13, 2015 13 Aug'15

  Bitdefender hack the latest cyberattack on security vendors

  Bitdefender suffered a data breach in which a hacker stole a small number of unencrypted usernames and passwords for active customers. The hacker then demanded $15,000 in ransom.

• August 13, 2015 13 Aug'15

  Addressing wearables security, the next wave of BYOD concerns

  Wearables are the next wave of BYO devices infiltrating the enterprise. Domingo Guerra, president and co-founder of Appthority, talked to SearchSecurity at RSA Conference 2015 about how to address the onslaught.

• August 12, 2015 12 Aug'15

  Darkhotel APT found using Hacking Team Flash zero-day in exploits

  The Darkhotel advanced persistent threat group used an Adobe Flash zero-day vulnerability from the Hacking Team data leak, according to Kaspersky research.

• August 11, 2015 11 Aug'15

  Microsoft Office bug highlights August 2015 Patch Tuesday

  Microsoft's August 2015 Patch Tuesday may not be as packed with danger as a typical release, according to one expert, but does include critical bulletins for Microsoft Office and even one for the new Edge browser.

• August 07, 2015 07 Aug'15

  ICANN breached, members' encrypted passwords stolen

  News roundup: ICANN confirmed its members' credentials were stolen Wednesday, forcing the nonprofit to enforce a site-wide password reset. Plus: VPN provider being used for APTs; Thunderstrike strikes again; Windows 10 security in its first week.

• August 07, 2015 07 Aug'15

  Black Hat 2015: Machine learning security must add variety

  Machine learning is better at detecting malware than systems that scan for known signatures. But researchers at Black Hat 2015 say adding a twist widens the performance gap even further.

• August 07, 2015 07 Aug'15

  Black Hat 2015: Rebuilding IT security after a cyber disaster

  In the wake of a major cyberattack, the process of rebuilding IT security can be daunting, but Christina Kubecka has some tips from her experiences with Saudi Aramco after a massive attack in 2012.

• August 07, 2015 07 Aug'15

  Emerging security trends enterprises should keep an eye on

  Video: KPMG's Ronald Plesco discusses the main emerging security trends -- security analytics, the Internet of Things and virtualization -- and what else is on the horizon for the industry.

• August 06, 2015 06 Aug'15

  Black Hat 2015 opens with bleak view of Internet freedom

  Legal expert Jennifer Granick kicked off Black Hat 2015 with a warning to conference goers that Internet freedom and openness are dying.

• August 05, 2015 05 Aug'15

  Security machine learning methods needed to adapt to evolving threats

  Data science can sort through huge data stores in order to find and stop advanced attackers and malware, but new methods are needed to make sure the machine learning keeps up with evolving threats.

• August 05, 2015 05 Aug'15

  New report sheds light on the growing threat of bulletproof hosting services

  Cybercrime has developed substantially due to bulletproof hosting service efficiency. Trend Micro's report explains how and why these services evade law enforcement officials and remain online.

• August 04, 2015 04 Aug'15

  Is third-party vendor management the next IAM frontier?

  Identity and access management deployments are notoriously complex. And things are getting worse as legacy technology meets next-generation applications. As the traditional network perimeter continues to disappear, robust IAM becomes more important ...

• August 03, 2015 03 Aug'15

  Cybersecurity skills shortage demands new workforce strategies

  The race to find InfoSec professionals who can outpace advanced threats has companies worldwide facing hurdles.

• July 31, 2015 31 Jul'15

  Protests lead to drafting new Wassenaar Arrangement cybersecurity rules

  Major IT companies, such as Black Hat and Google, spoke out against the proposed Wassenaar Arrangement rules for cybersecurity software. And those protests caused the U.S. Department of Commerce to commit to drafting new rules.

• July 31, 2015 31 Jul'15

  Tor anonymity called into question as alternative browser surfaces

  News roundup: New threats add to the Tor anonymity debate, as a new browser aims to take anonymous browsing to the next level. Plus: Android security outlook is bad -- or is it? Also, another Xen host escape flaw and Wassenaar revisions put on hold.

• July 31, 2015 31 Jul'15

  Darkode criminal forum reborn less than two weeks after DOJ shutdown

  The recently shutdown Darkode cybercriminal community has been rebuilt, and claims the administrators are intact and security will be tightened to better avoid law enforcement.

• July 30, 2015 30 Jul'15

  Intel, Cisco pushing for enhanced security communication, integration

  Vendors, such as Intel and Cisco, are hoping to pave the way for a security ecosystem in which applications communicate threat intelligence amongst each other. Will it work?

• July 30, 2015 30 Jul'15

  Xceedium turns deaf ear, triggers vulnerability disclosure

  Swiss research group modzero disclosed a vulnerability that enabled remote attacks on Xceedium's Xsuite privileged access manager.

• July 29, 2015 29 Jul'15

  The same Chinese hackers linked to United, Anthem and OPM breaches

  Sources claim the same Chinese hackers are behind the attacks on United Airlines, Anthem Health Services and the U.S. Office of Personnel Management.

• July 29, 2015 29 Jul'15

  Security operations centers could be key to better security

  Video: Security operations centers are critical to continuous network monitoring and detecting data breaches. Eric Cole discusses SOCs and the role security automation plays in them.

• July 27, 2015 27 Jul'15

  Another government data breach: U.S. Census Bureau admits to hack

  The U.S. Census Bureau admits that it was attacked and had data exfiltrated from its systems. One expert says this latest government data breach is another example that federal systems are not safe from attack.

• July 27, 2015 27 Jul'15

  Valve fixes Steam password bug that led to compromised accounts

  A glaring error in the Steam password recovery system allowed hackers to take over accounts for Valve's popular gaming platform.

• July 24, 2015 24 Jul'15

  Alleged car hack prompts call for vehicle security act, DMCA exemption

  News roundup: A wireless car hack demonstration has pushed vehicle security legislation and DMCA exemptions into the spotlight, and prompted a manufacturer recall. Plus: Hacking Team update; DHS email issues; and smartwatches vulnerable to attack.

• July 23, 2015 23 Jul'15

  National Guard breach highlights the risk of accidental data exposure

  The National Guard reported an accidental data exposure affecting thousands of former and current employees was not related to the OPM breach.

• July 22, 2015 22 Jul'15

  Hackers targeting .NET shows the growing pains of open source security

  According to researchers, malware makers have been targeting .NET since Microsoft made the software open source. And experts debate to what extent open source security can be maintained.

• July 21, 2015 21 Jul'15

  Microsoft releases out-of-band patch for Windows zero-day

  A Windows zero-day affecting a wide swath of Microsoft products has been found in the Hacking Team data leak, so Microsoft has released an out-of-band patch to fix the vulnerability.

• July 20, 2015 20 Jul'15

  Black Hat and Google speak out against Wassenaar Arrangement

  The Wassenaar Arrangement is a multilateral export control association aimed at controlling a wide range of goods, including intrusion software. However, Black Hat and Google believe the proposed rules will have a negative impact on security.

• July 17, 2015 17 Jul'15

  DOJ takes down Darkode, but for how long?

  The U.S. Department of Justice, in coordination with 20 countries, has taken down the computer hacking forum known as Darkode, but experts say the community is already rebuilding.

• July 17, 2015 17 Jul'15

  Subway app reverse engineering highlights uptick in mobile app safety

  News roundup: Are the tides turning on mobile app safety? One white hat hacker's attempt to reverse-engineer the Subway app offers surprising results. Plus: CloudFlare Transparency Report; another call to eliminate RC4; Black Hat attendant survey.

• July 16, 2015 16 Jul'15

  Flash Player security failures turn up the hate

  There have been calls for the death of the Adobe Flash Player for years either due to performance issues or the threat of exploit. But with a recent rash of zero-day vulnerabilities, those calls are getting louder.

• July 15, 2015 15 Jul'15

  More Flash zero-day bugs follow Hacking Team breach

  Researchers discovered two more vulnerabilities in Adobe Flash player stemming from the breach of Italian surveillance software vendor Hacking Team.

• July 14, 2015 14 Jul'15

  July 2015 Patch Tuesday: Microsoft and Adobe attack Hacking Team zero-days

  July 2015's Patch Tuesday shows both Microsoft and Adobe working fast to patch four Hacking Team zero-day vulnerabilities exposed in the past week.

• July 14, 2015 14 Jul'15

  Windows Server 2003 end of life leaves many at risk

  The Windows Server 2003 end of life is upon us and many organizations still haven't made the upgrades or security remediations necessary to mitigate the coming risks.

• July 10, 2015 10 Jul'15

  FBI: We don't want a government backdoor, just access to encrypted data

  News roundup: Despite the benefits of encryption, FBI Director James Comey says it inhibits legal investigations. It's up to tech companies to help. Plus, read about major "computer glitches," Kali 2.0 and more.

• July 10, 2015 10 Jul'15

  OPM hackers stole 21.5 million records, 1.1 million fingerprints

  Investigators for the OPM data breach find that 21.5 million personal records were stolen in the attack, including 1.1 million fingerprints. The White House is still considering its response.

• July 10, 2015 10 Jul'15

  Homeland Security chief calls for federal breach reporting law

  The Homeland Security head wants federal laws requiring data breach reporting and information sharing, but one expert warns that government officials need better understanding of infosec technology before creating such laws.

• July 08, 2015 08 Jul'15

  Industrial espionage group hacked Apple, Facebook, Microsoft

  A mysterious hacker group has hit a number of major U.S. companies with the intent of committing industrial espionage, according to new security research reports.

• July 08, 2015 08 Jul'15

  Adobe patches Flash zero-day found in Hacking Team data breach

  Adobe patches a Flash zero-day vulnerability found as part of the massive data breach of Hacking Team. Experts recommend speedy remediation as the flaw has been added to multiple exploit kits.

• July 07, 2015 07 Jul'15

  Critical OpenSSL patch coming Thursday

  The OpenSSL project team will release a critical patch on Thursday and experts warn admins that the upgrade process could take days or weeks to complete.

• July 06, 2015 06 Jul'15

  Hacking Team internal documents released after massive data breach

  Controversial Italian surveillance software firm, Hacking Team, was attacked, resulting in a 400 GB leak of sensitive data. The response from the Hacking Team was threatening, but may have been part of the attack.

• July 02, 2015 02 Jul'15

  Why Web browser security is a goldmine for attackers

  Video: Robert 'RSnake' Hansen of WhiteHat Security discusses Web browser security, third-party software vulnerabilities and the sad state of browser security throughout the industry.

• June 30, 2015 30 Jun'15

  US government passwords stolen and leaked around the Web

  A report reveals that many stolen US government agency passwords traveled across the Web, including credentials from OPM, which was recently breached due to stolen passwords.

• June 26, 2015 26 Jun'15

  DNS vulnerability found in RubyGems software packaging client

  RubyGems software packaging client was found to have a DNS vulnerability that redirects users to malicious gem servers.

• June 26, 2015 26 Jun'15

  Click fraud to ransomware: Study highlights dangers of malware lifecycle

  New roundup: Sometimes the least of threats -- such as click fraud -- can end up being the bigger issues -- like ransomware. Plus: U.S. Navy won't let go of XP; U.S./China cyber code of conduct; and more!

• June 25, 2015 25 Jun'15

  Stolen passwords to blame for OPM breach; director may take the fall

  The OPM director told a Senate hearing that passwords stolen from a contractor led to the OPM breach. Now, her job is on the line and the number of breached records could be on the rise.

• June 24, 2015 24 Jun'15

  Growing threats make security vulnerability management essential

  At RSA Conference 2015, Qualys CTO Wolfgang Kandek said enterprises need to be smart about how they tackle security vulnerabilities because there are simply too many for organizations to handle.

• June 23, 2015 23 Jun'15

  Adobe releases emergency Flash zero-day patch

  Adobe releases an emergency Flash Player patch for a zero-day flaw said to be used in a Chinese hacker group's phishing scheme.

• June 23, 2015 23 Jun'15

  Study: government compliance-based vulnerability remediation is failing

  In its State of Software Security Report, Veracode has found the government has the most vulnerabilities and the lowest rate of remediation in developing Web and mobile apps.

• June 23, 2015 23 Jun'15

  NIST guidance: Better security from federal contractors

  With the recent OPM breach raising questions about the security of federal data within the government, NIST has issued new guidelines in order to secure data stored by federal contractors outside government facilities.

• June 23, 2015 23 Jun'15

  Watters: 'Cyber officers' are now risk officers for businesses

  More data is thought to be a good thing in terms of threat intelligence, but iSight CEO John Watters says enterprises need to be aware of the quality and context of the data when assessing risk.

• June 19, 2015 19 Jun'15

  Apple sandbox flaws allow password stealing, communication interception

  News roundup: Details have emerged about weaknesses in OS X and iOS that allow attackers to upload malware and steal passwords and data. Plus: More jump on HTTPS bandwagon; CSO/CDO salaries increase; 23% of software app components contain flaws.

• June 17, 2015 17 Jun'15

  Samsung vulnerability affects up to 600 million Android devices

  A flaw in the default keyboard found on many Samsung Galaxy Android devices may leave as many as 600 million devices at risk for a man-in-the-middle attack.

• June 16, 2015 16 Jun'15

  New Android Security Rewards program aims for end-to-end improvements

  Google launches new Android Security Rewards program that goes beyond traditional bug bounties and offers monetary rewards for security development.

• June 15, 2015 15 Jun'15

  White House pushes government cybersecurity changes

  As the estimated number of current and former federal employees affected by the OPM data breach triples, the White House pushes new government cybersecurity changes to avoid another breach.

• June 12, 2015 12 Jun'15

  White House, Apple join the fight for HTTPS encryption

  News roundup: The call for ubiquitous HTTPS has grown stronger as of late; the White House and Apple are hoping to help push the movement. Plus: The cost of cybersecurity management to rise 38%; a 165% ransomware increase; gender salary gap closes?

• June 11, 2015 11 Jun'15

  Dark Web scanner promises to cut data breach detection time to seconds

  As the focus of security moves to detection and response, a new product aims to find stolen corporate data within seconds or minutes of a data breach occurring by crawling the dark Web, but one expert questions the need for such a product.

• June 11, 2015 11 Jun'15

  FIDO Alliance gains momentum, adds government support

  Agencies from U.S. and U.K. governments now support the FIDO Alliance and its open standards for passwordless authentication.

• June 11, 2015 11 Jun'15

  Duqu malware makes a comeback and infiltrates Kaspersky systems

  The first strain of Duqu malware was found in late 2011. Now three and a half years later, Duqu 2.0 has emerged and is exploiting as many as three zero-day vulnerabilities in a new attack campaign.

• June 11, 2015 11 Jun'15

  From the frontlines: Horror stories on information breach response

  Video: KPMG's Ronald Plesco has seen some crazy things in his time helping organizations in security incident response, and he shares some of them with SearchSecurity.

• June 09, 2015 09 Jun'15

  June 2015 Patch Tuesday brings critical IE security fix, Flash update

  Microsoft's June 2015 Patch Tuesday features eight bulletins, including a critical update for Internet Explorer and Windows Media Player. Plus: Adobe releases fix for 13 Flash vulnerabilities.

• June 05, 2015 05 Jun'15

  Government data breach puts EINSTEIN defense system under question

  The FBI is investigating a government data breach in which up to 4 million records may have been stolen and China-based hackers are the prime suspects, but the efficacy of the DHS EINSTEIN defense system has been put under question.

• June 05, 2015 05 Jun'15

  Vulnerability study questions accuracy of CVSS scores

  A new study claims social media may be a useful indicator of vulnerability risk and lead to more accurate CVSS scores and prioritization.

• June 05, 2015 05 Jun'15

  Facebook, Google, Mozilla raise the bar with new user privacy controls

  News roundup: New settings and options to boost user privacy and security are emerging on major websites, but is it enough?

• June 05, 2015 05 Jun'15

  McGraw: Software security testing is increasingly automated

  Security software expert Gary McGraw says testing for security flaws must be automated if everything is going to be checked.

• June 03, 2015 03 Jun'15

  Adversaries never sleep: unknown malware downloaded every 34 seconds

  In its 2015 Security Report, Check Point Software has found adversaries are exploiting the ease of creating unknown malware to boost the chance of a successful attack, and sandboxing adoption may be the best way to mitigate risk.

• June 03, 2015 03 Jun'15

  Schneier: Weighing the costs of mass surveillance

  Security expert Bruce Schneier says his new book, Data and Goliath, lays out a compelling case against government mass surveillance.

• June 02, 2015 02 Jun'15

  Insecure mobile cloud backups leave millions of credentials exposed

  Researchers find that insecure implementation of cloud backups by mobile apps may affect hundreds of thousands of apps and leave as many as 56 million credentials exposed.

• June 02, 2015 02 Jun'15

  Malware analysis beyond the sandbox

  Researchers estimate that 70% of organizations will have implemented virtual servers by the end of 2015, representing a tipping point in enterprises’ adoption of virtualization. Virtual machines (VMs) must be protected from malware like other ...

• May 29, 2015 29 May'15

  IRS breach shows the importance of PII security

  A breach of the IRS' Internet tax form service "Get Transcript" exposed the personal information and tax filings of thousands of people.

• May 29, 2015 29 May'15

  Cybersecurity threat discussion (finally) in boardroom

  News roundup: Cybersecurity is finally garnering attention at the boardroom table, but not necessarily for the right reasons. Plus: Ponemon's "Cost of Data Breach"; D-Link vulnerabilities; NitlovePOS; bad bots.

• May 29, 2015 29 May'15

  Smartphone security threats plague Android and iPhone alike

  As the global smartphone market slows, it's becoming readily apparent that the rise of smartphone security threats isn't slowing -- and no OS is safe.

• May 28, 2015 28 May'15

  President urges Senate to act on Section 215 question

  With Section 215 of the Patriot Act meeting its demise on June 1, President Obama calls for the Senate to get busy.

• May 28, 2015 28 May'15

  Cisco Security Services set for 2x product growth in 2015

  Cisco's Bryan Palma discusses Cisco's strategy for security services and talks about the recent Neohapsis acquisition.

• May 26, 2015 26 May'15

  NetUSB router vulnerability puts devices in jeopardy

  A newly discovered router vulnerability could leave millions of connected devices open to denial-of-service attacks and remote code execution.

• May 22, 2015 22 May'15

  2015 DDoS attacks on the rise, attackers shift tactics

  News roundup: New research highlights the changing nature of DDoS attack frequency and methodology. Plus: New malware strains double in second half of 2014; two new address bar spoofing vulnerabilities.

• May 22, 2015 22 May'15

  Government backdoor security concerns prompt letter to president

  As privacy and security concerns rise, President Obama is urged to dismiss the call for government backdoors.

• May 21, 2015 21 May'15

  Too many false positives, security alerts inundate enterprise, study says

  A new study shows enterprises with security analytics are confident in their threat detection capabilities, while those without are overwhelmed by copious false positives and alerts.

• May 20, 2015 20 May'15

  Google changes Chrome extension policy amid security concerns

  Google's new Chrome extension policy mandates that all users and developers must install web browser extensions from the Chrome Web Store.

• May 20, 2015 20 May'15

  Logjam flaw crimps TLS encryption; NSA may have used it

  A newly discovered TLS vulnerability that affects thousands of websites, servers and browser users could allow attackers to bypass encryption.

• May 19, 2015 19 May'15

  Fortinet, DHS form security information sharing partnership

  Network security vendor Fortinet and DHS signed an agreement on security information sharing for better cyber protection in the public and private sectors.

• May 18, 2015 18 May'15

  Alleged airplane hack creates more questions than answers

  As details emerge about a security researcher's alleged hack -- and subsequent denial -- of an airplane, more questions are being asked than answers given.

• May 15, 2015 15 May'15

  Will Microsoft Edge security features make up for past sins?

  News roundup: Microsoft released security details of its new Edge browser, but is enough to restore user confidence? Plus: Millennial security threats; new ransomware, GPU-based malware; black hat cybersecurity services.

• May 13, 2015 13 May'15

  Security ethics survey shows honesty is a tricky business

  A security ethics survey conducted at the 2015 RSA Conference indicates that infosec professionals may be wary of media attention in breach and vulnerability reporting.

• May 12, 2015 12 May'15

  AlienVault updates SIEM platforms after vulnerabilities exposed

  Security software maker AlienVault scrambled to patch two of its products after a security researcher exposed longstanding vulnerabilities in them.

• May 12, 2015 12 May'15

  May 2015 Patch Tuesday isn't all about critical patches, experts say

  Microsoft's May 2015 Patch Tuesday has made 2015 this biggest year for patches through the first five months and is highlighted by two non-critical patches, according to experts.

• May 11, 2015 11 May'15

  Intel's Security Connected aims to be the glue for enterprise security

  Intel Security wants to offer a full set of security products, but believes highest value may come from being a bridge. Security Connected aims to integrate non-Intel products and place Intel at the center, although experts worry about complexity.

• May 08, 2015 08 May'15

  How the WordPress XSS vulnerability was patched so quickly

  WordPress was found to have two new zero-day XSS vulnerabilities that were being exploited, but a patch has already been issued to mitigate the issues.

• May 08, 2015 08 May'15

  Mobile malware statistics highlight unknown state of mobile threats

  News roundup: Contradicting mobile malware statistics published this year prove the mobile malware debate is alive and well. Plus: SAP vulnerabilities; spam-sending Linux malware; criminal attacks leading healthcare threat.

• May 07, 2015 07 May'15

  Malware detection tool tackles medical device security

  WattsUpDoc, an embedded system security tool used to detect malware in medical devices, is now in beta testing at two major U.S. hospitals.

• May 07, 2015 07 May'15

  Inside the WhiteHat Aviator Web browser controversy

  Robert 'Rsnake' Hansen of WhiteHat Security discusses the Aviator Web browser, why Google lashed out against it, the challenges of browser security and lessons learned for developing secure software.

• May 06, 2015 06 May'15

  Experts debate the value and future of data loss prevention tools

  Data loss prevention tools have been on the market for close to 10 years, but adoption and deployment are still inconsistent. Experts point to a shift in how enterprises will deploy DLP moving forward.

• May 06, 2015 06 May'15

  Microsoft debuts password-free Windows Hello, PatchTuesday changes

  Microsoft Ignite 2015 showed that Microsoft may have rethought the Tuesday part of Patch Tuesday, but Windows Update is stronger than ever.

• May 05, 2015 05 May'15

  Local Administrator Password Solution aims to stop credential replay

  Microsoft has released its Local Administrator Password Solution for a common admin login account across all domain-joined computers in hopes that it will decrease pass-the-hash attacks.

• May 04, 2015 04 May'15

  Anti-sandbox capabilities found in Dyre malware

  Seculert research discovers that a new version of the financial malware Dyre is avoiding sandbox detection by counting the number of cores.