I’m at the RSA Conference this week. I considered the point of view that perhaps there’s something to be said for abstaining this year but ultimately my decision to maintain course was based on two premises: (1) RSA didn’t know the NSA had a backdoor w…
80% of SOHO Routers Contain Vulnerabilities
It has become increasingly obvious in recent months that routers are being targeted by attackers – even the NSA uses this attack vector as part of its Quantum Injection program. Now a new survey suggests that as much as 80% of the best-selling SOHO rou…
ISACA Issues First COBIT 5 Audit Programs
Global IT association ISACA has issued the first of more than 30 audit programs that will align with the COBIT 5 business framework, which helps enterprises govern and manage their information and technology.
Tinder App Allowed Users to Precisely Locate Others
Tinder is a very popular mobile dating app. It is designed to allow people to ‘meet’ virtually before deciding whether they would like to meet for real. Unfortunately, Tinder has a history of allowing one user to physically locate another, even if the …
96% of Applications Have an Average of 14 Vulnerabilities
The latest Cenzic report on application vulnerability trends shows that things aren’t getting any better. All software has bugs, and almost all of them have bugs that are security vulnerabilities. In fact, on average, they have 14 separate vulnerabilit…
96% of Applications Have an Average of 14 Vulnerabilities
The latest Cenzic report on application vulnerability trends shows that things aren’t getting any better. All software has bugs, and almost all of them have bugs that are security vulnerabilities. In fact, on average, they have 14 separate vulnerabilit…
Microsoft Pays Another $100K Bug Bounty
Microsoft has paid out its second $100,000 bug bounty since launching its reward program in mid-2013. The award brings total payouts for the program to $253,000 in under a year.
Zeus Trojan Now Hiding in Plain Sight – Using Pictures
A new variant of the notorious Zeus banking trojan is making the rounds, with a new approach that uses steganography, a technique that allows it to disguise data inside of an existing file without damaging it.
Scariest Search Engine on the Internet Just Got Scarier
CNN Money described Shodan as “The scariest search engine on the Internet.” Forbes called it a “terrifying search engine.” Unlike Google, Shodan searches for internet-connected devices (which could have known vulnerabilities) rather than information. F…
70% of Android Devices Vulnerable to a Remote Exploit
Rapid7’s Metasploit researchers have developed a new exploit for an old vulnerability that remains pervasive in the Android ecosystem some 9 months after it was patched by Google. With this new code, 70% of all Android users are vulnerable to a little …