• Sources: ByteDance, which is adding thousands of employees to its 40K staff, expects a net loss of ~$1B in 2018 and revenues of $18B this year and $29B in 2020 (Bloomberg)
  • Hacker shares source code of tools from Iranian cyber-espionage unit APT34, alleged personal info of Iranian intelligence officers, and more on Telegram (Catalin Cimpanu/ZDNet)
  • Samsung responds to reports of display issues in Galaxy Fold, says removing the top protective layer or adding adhesives to the main display may cause damage (The Verge)
  • A look at Microsoft’s hardware design labs and how the company designed the Surface Hub 2S (Jeremy Kaplan/Digital Trends)
  • Airbnb leads $160M Series B in debt and equity financing for Lyric, a hospitality platform offering short-term serviced apartments for business travelers (Deanna Ting/Skift)

Cisco Warns of High Severity Bug in NetFlow Appliance

Warning the device is susceptible to denial of service attacks, Cisco Systems on Wednesday released a patch for its NetFlow Generation Appliance. The flaw traces back to the hardware’s Stream Control Transmission Protocol (SCTP) used by the appliance, according to a Cisco Security Advisory posted Wednesday. Cisco warns the vulnerability, “could allow an unauthenticated, remote attacker to cause the device to hang or unexpectedly reload, causing a denial of service…

Read More >>

The Mea Culpa Meta Game

I love the psychology that goes into post-outage write-ups. Amazon just had a doozy, with S3 going down and crippling much of the internet for a day. The image above captures their approach to the narrative, which I would classify as dense and opaque. Key attributes of the write-up include: Small text Formal language Massive paragraphs No bullets or numbered lists No images The message they’re trying to send to…

Read More >>

132 Google Play Apps Booted For Malicious IFrames

Google removed 132 apps infected with malicious iFrames from its Google Play store after security researchers discovered a development platform used to create the apps was infected with malware and in turn compromised the apps. Palo Alto Networks’ Unit 42 researchers said the apps were infected with hidden iFrames used in HTML files that linked to malicious domains. It estimated a half dozen Android developers were using the infected development…

Read More >>

Managing Flaw Review with a Large Multi-Vendor Application

The previous blog post in this series discussed strategies for the large-scale deployment of the Veracode static code analysis tool across a large enterprise, focusing on strategies and techniques for ensuring rapid adoption within individual development teams typically responsible for self-contained homogenous applications. However, in a large enterprise, there are applications that are developed by multiple vendors and consist of a number of divergent codebases – this blog post discusses…

Read More >>

Cloudbleed Triggered 1.2M Times, Damage Kept to Minimum

Having had more than a week to digest Cloudbleed’s causes and impact, Cloudflare CEO Matthew Prince assessed the damage yesterday in a lengthy post-mortem as relatively low. Prince said there is no evidence the vulnerability, which leaked customer data from memory, was exploited by attackers. The bug, however, was triggered more than 1.2 million times from 6,500 sites that met the criteria under which it could be exploited. Related Posts…

Read More >>

How Much Should You be Spending on Cybersecurity?

We often hear clients and prospective clients asking “how much should I be spending on cybersecurity?” That is a very complex question and one that is not easily answered without first having an understanding of what is meant by cybers…

Read More >>

RSA Conference 2017 Recap

After four years of providing web-based support to Veracode's RSA Conference team from our offices in Burlington Mass, I had the pleasure of finally attending the conference myself. First impressions were a bit staggering to say the least. One thing that doesn't exactly come through amid all the web and social chatter that happens around RSAC is the sheer size of this conference as measured by attendees along with both…

Read More >>

RSA and the Power of CommUNITY

After attending RSA Conference 2017 it was clear the theme – The Power of CommUNITY – was a thread throughout the conference. This was seen in several places: Dr. Zulfikar Ramzan, CTO of RSA, mentioned this topic several times in his keynote on Tuesday morning. He urged us as an industry to “draw connections” and use “technologies [that] leverage business context from each other, they can prioritize the incidents that…

Read More >>