AppSec 101: The Secure Software Development Life Cycle - https://www.checkmarx.com/2015...
Due to the growing demand for robust applications, the secure Software Development Life Cycle methodology is gaining momentum all over the world. Its effectiveness in combating vulnerabilities has made it mandatory in many organizations. The objective of this article is to introduce the user to the basics of the secure Software... The post AppSec 101: The Secure Software Development Life Cycle appeared first on . - Hacker News
Google announces “two improvements” to Google Play app approval process - https://nakedsecurity.sophos.com/2015...
Google recently added actual humans to the Android app approval system... ...now there's age rating and better feedback for rejected apps as well. - Hacker News
Cracking a Wi-Fi WPA2 Password, Thanks to Amazon - http://resources.infosecinstitute.com/crackin...
In a pen tester’s life, sooner or later you are cracking a password. This activity depends on the type of password and available hardware. Today I want show you a different approach to cracking... Go on to the site to read the full article - Hacker News
The Results Are In – Strata + Hadoop World San Jose Survey - http://www.voltage.com/blog...
[…] The post The Results Are In – Strata + Hadoop World San Jose Survey appeared first on Voltage Security. - Hacker News
Banks & Merchants are not ready for EMV - https://www.brandenwilliams.com/blog...
EMV, or that fancy chip thingie that many of you are starting to see in your banking cards here in the US, is an anti-fraud technology released in the 90s with global adoption. US markets are finally taking steps to encourage adoption here, and for the most part, nobody is ready. There is a key […] - Hacker News
Premera Breach: How Can We Protect Healthcare Cloud Data? - http://www.securitybloggersnetwork.com/2015...
Another breach, another 11m Healthcare customers affected, why are so many companies waiting to add protection to their data? As I read the news yesterday about the latest breach, I at first was surprised that another major Healthcare company was breached so soon after Anthem but then on second thought, companies are making themselves prime […] The post Premera Breach: How Can We Protect Healthcare Cloud Data? appeared first on Perspecsys. - Hacker News
Thousands of Android & iOS Apps Still Vulnerable to FREAK Flaw - http://www.tripwire.com/state-o...
A recent study found that more than 2,000 apps in the Apple App Store and Google Play Store are still vulnerable to FREAK – a widespread security flaw discovered earlier this month. Attackers exploiting the vulnerability can intercept HTTPS connections between vulnerable users and servers, thus forcing them to use weakened encryption, which can […]… Read More The post Thousands of Android & iOS Apps Still Vulnerable to FREAK Flaw appeared first on The State of Security. - Hacker News
Using IaaS to Slash DR Costs and Increase Testing and Trust - https://gregness.wordpress.com/2015...
We decided to bring together experts from Gartner, AWS, CloudVelox and cloud DR leader MyPoints for an in-depth and highly informative webinar that would give its viewers a competitive advantage when it comes to disaster recovery and IaaS. The result is one of the most informative webinars you might ever view on any IT topic. […] - Hacker News
Security Integration: Configuration Management and Auditing - http://linux-audit.com/securit...
Configuration Management and Auditing Increased strength when combining tools for automation and security of IT environments Tools like Ansible, Chef, and Puppet are used a lot for rapid deployment and keeping systems properly configured. These tools in itself are great for ensuring consistency over your systems. So what is Configuration The post Security Integration: Configuration Management and Auditing appeared first on Linux Audit. - Hacker News
OpenSSL Vulnerability Details Released - https://blogs.akamai.com/2015...
Akamai is aware that details are now available for the OpenSSL vulnerabilities we first told you about on Tuesday. The full OpenSSL Security Advisory is available here and outlines 14 different issues. At this time, most of the issues don't... - Hacker News
More <i>Data and Goliath</i> News - https://www.schneier.com/blog...
Right now, the book is #6 on the New York Times best-seller list in hardcover nonfiction, and #13 in combined print and e-book nonfiction. This is the March 22 list, and covers sales from the first week of March. The March 29 list -- covering sales from the second week of March -- is not yet on the Internet. On that list, I'm #11 on the hardcover nonfiction list, and not at all on the combined print and e-book nonfiction list. Marc Rotenberg of EPIC tells me that Vance Packard's The Naked Society made it to #7 on the list during the week of July 12, 1964, and -- by that measure -- Data and Goliath is the most popular privacy book of all time. I'm not sure I can claim that honor yet, but it's a nice thought. And two weeks on the New York Times best-seller list is super fantastic. For those curious to know what sorts of raw numbers translate into those rankings, this is what I know. Nielsen Bookscan tracks retail sales across the US, and captures about 80% of the book market. It reports... - Hacker News
Apple Releases Security Updates for Safari Browser - http://kellepcharles.blogspot.com/2015...
Apple Releases Security Updates for Safari Browser - Hacker News
A Five-Step Guide for Evaluating Web Performance Optimization and Acceleration Solutions - https://blogs.akamai.com/2015...
The experience your customers have while interacting with your company's online presence says so much about your business, its priorities, and your brand. Whether your company conducts online transactions or not, performance optimization have become more of a "need"... - Hacker News
Hacking Your Neighbor’s Wi-Fi: Practical Attacks Against Wi-Fi Security - http://resources.infosecinstitute.com/hacking...
While the access points in organizations are usually under the protection of organization-wide security policies, home routers are less likely to be appropriately configured by their owners in... Go on to the site to read the full article - Hacker News
Well-Designed RFP Crucial for Enterprise Key and Certificate Management - https://www.venafi.com/blog...
So, you’ve decided to select a vendor solution for your enterprise key and certificate management. You’ve made a wise decision—manual tracking methods or limited internal scripts cannot effectively manage and secure the number of keys... - Hacker News
Amazon doesn’t want you to know how many data demands it gets - http://www.zdnet.com/article...
The biggest mystery is why the retail and mobile giant has kept quiet for so long. - Hacker News
Clearswift shortlisted in leading industry awards – 1, 2, 3 times! - http://www.clearswift.com/blog...
Target agrees to pay $10 million to settle data breach lawsuit - https://nakedsecurity.sophos.com/2015...
Target has proposed a huge $10 million settlement for victims of its 2013 data breach in which at least 70 million records were compromised. - Hacker News
VERT Threat Alert: OpenSSL Vulnerability Advisory CVE-2015-0291 & CVE-2015-0204 - http://www.tripwire.com/state-o...
Vulnerability Description The CVE-2015-0291 vulnerability introduces the possibility of a denial of service attack against a system running OpenSSL 1.0.2. If a malicious client connects to an OpenSSL server and the server requests a certificate from the malicious client, the malicious client can return a malformed cert that may trigger a NULL pointer dereference causing […]… Read More The post VERT Threat Alert: OpenSSL Vulnerability Advisory CVE-2015-0291 & CVE-2015-0204 appeared first on The State of Security. - Hacker News
Facebook announces peer-to-peer payments between friends - http://www.welivesecurity.com/2015...
Facebook has announced a new feature of its Messenger product, which allows friends to send payments directly to each other, reports Tech Crunch. The post Facebook announces peer-to-peer payments between friends appeared first on We Live Security. - Hacker News
News, via Ars Technica's inimitable Dan Goodin, detailing the FireEye discovery of remnant iOS application FREAK HTTPS vulnerabilities, regardless of host device patching. 'Security researchers from FireEye recently examined the most popular apps on Google Play and the Apple App Store and found 1,999 titles that left users wide open to the encryption downgrade attack. Specifically, 1,228 Android apps with one million or more downloads were vulnerable, while 771 out of the top 14,079 iOS apps were susceptible. Vulnerable apps were those that used—or in the case of iOS, could use—an affected crypto library and connected to servers that offered weak, 512-bit encryption keys. The number of vulnerable apps would no doubt mushroom when analyzing slightly less popular titles.' - via Ars Technica's Dan Goodin Permalink - Hacker News
New High Severity OpenSSL Vulnerabilities Announced: CVE-2015-0291 & CVE-2015-0204 - http://www.tripwire.com/state-o...
On Monday, the OpenSSL project team announced new releases that would be available today to fix security issues in OpenSSL that have been discovered as part of a major security audit and code refactoring project.  When this announcement hit on Monday, there was a general panic in the IT and security community as it was […]… Read More The post New High Severity OpenSSL Vulnerabilities Announced: CVE-2015-0291 & CVE-2015-0204 appeared first on The State of Security. - Hacker News
Can Customers Survive a Windows 10 Full of 1.x Technology? - http://windowsitpro.com/windows...
When it releases, Windows 10 will have a lot of new, integrated technologies. read more - Hacker News
Restrict Azure connections to a specific virtual subnet - http://windowsitpro.com/azure...
Understand options to restrict access based on site-to-site and point-to-site connections. read more - Hacker News
Firewalls more critical than ever - http://h30499.www3.hp.com/t5...
Everyone complains about firewalls, but nobody is abandoning them, either. So how critical are they? The results of a recent survey may surprise you. Read the article for more information. - Hacker News
Google Play security tightened with human screening process - http://www.welivesecurity.com/2015...
Google is taking additional security measures to shut out malware from its app store by introducing a human screening process. The post Google Play security tightened with human screening process appeared first on We Live Security. - Hacker News
SIEM and Analytics; Better together - http://h30499.www3.hp.com/t5...
SIEM is evolving; The Cat and mouse game with the bad guys. It’s no longer just cyber criminals but state actors are also coming into the mix. The environment has reacted – 5 yrs ago the attitude was “log everything”, so caused vendors to scale up and scale out to handle it. Then write security rules to find issues. This approach causes people to start by building out massive platforms. Analytics in last couple of years has really started to change the game. More intelligent machine learning. Shift in how we look at the problem.   Is HP ArcSight ready for this challenge? Absolutely yes. ArcSight has evolved SIEM and is currently on 6th generation platform that can consume up to 10 TB of data a day, perform search in full-text english at 2 billion events per second, and analyze 13 billion events in seconds to visually perform analytics of users or netflow. - Hacker News
OpenSSL patches “high” severity flaws in latest release - http://www.zdnet.com/article...
The update fixes a security vulnerability with the highest severity rating, which could allow a hacker to launch a denial-of-service attack against a server. - Hacker News
Other ways to read this feed:Feed readerFacebook