Week in review: Information the FBI can collect with NSLs revealed, VPN protocol flaw gives away users’ true IP address
Here’s an overview of some of last week’s most interesting news and articles:Human element of security to the fore at IRISSCON 2015Training people to take more …
Signal secure messaging app now available on the desktop
The Open Whisper Systems nonprofit has released the beta version of their Signal secure messaging app for desktop computers.Signal is often recommended by privacy-minded …
Simply Secure offers free usability design help to developers of privacy, security tools
It is a truth universally acknowledged that privacy and security tools that are easy to use will be more popular that those that aren’t. Another such truth is that being …
A deadly campaign delivers Pony info-stealer followed by Cryptowall ransomware
After the tech support scam paired with ransomware, another deadly combination has been seen targeting PC users: info-stealer coupled with ransomware. According to Heimdal …
86% of PHP-based apps contain at least one XSS vulnerability
Four out of five applications written in PHP, Classic ASP and ColdFusion that were assessed by Veracode failed at least one of the OWASP Top 10. Given the volume of PHP …
High-impact DoS flaw patched in Node.js, update as soon as possible
The Node.js Foundation has pushed out a patch for its eponymous open source, cross-platform runtime environment for developing server-side web applications. The fix plugs two …
Apple’s Swift programming language is now open source
Apple announced that its Swift programming language is now open source. Swift is a powerful and intuitive programming language that gives developers the freedom and …
Infosec pros have little confidence in UK’s cybersecurity readiness
Tenable Network Security asked information security practitioners from the UK about confidence in their respective organizations’ abilities to assess risk, invest in …
Finance organizations risk data by failing to secure unique employee logins
Customers’ personal and financial data is being put at risk as many industry personnel are not assigned unique login and password details, new research from IS Decisions has …
A double whammy of tech support scam and ransomware hits US, UK users
Tech support scams and ransomware usually don’t go together, but there’s a first time for everything. Symantec researchers have spotted a generic tech support scam …
Elasticsearch servers actively targeted by botmasters
Elasticsearch is one of the most popular choices when it comes to enterprise search engines.Unfortunately, a couple of remote code execution flaws (CVE-2015-5377, …
3G/4G cellular USB modems are full of critical security flaws, many 0-days
An analysis of popular 3G and 4G cellural USB modems and routers used around the world revealed a myriad of serious vulnerabilities in each of them.The SCADA Strange Love team …
Featured news
Resources
Don't miss
- Four arrested in connection with M&S, Co-op ransomware attacks
- Ruckus network management solutions riddled with unpatched vulnerabilities
- What EU’s PQC roadmap means on the ground
- Open source has a malware problem, and it’s getting worse
- Train smarter, respond faster: Close the skill gaps in your SOC