The C99Shell PHP backdoor lives on
The C99Shell PHP backdoor, originally spotted in 2007, is still around, and is still a danger to both web server operators and end-users. After getting a tip from a designer …
Fake “Flash Player Pro” update delivers password-stealing Trojan
Researchers are warning about a new malware delivery campaign aimed at spreading Fareit, a password-stealing Trojan that can also download additional malware. This campaign is …
Windows vulnerable to FREAK attacks after all
Microsoft has released a security advisory on Thursday, confirming that all supported releases of Microsoft Windows are vulnerable to the recently documented FREAK (Factoring …
Cryptowall makes a comeback via malicious help files
A new spam wave has hit hundreds of mailboxes with malicious .chm attachments to spread the infamous Cryptowall ransomware. Cryptowall is an advanced version of Cryptolocker, …
Expert tips to address third party security risks
Risks to sensitive data have never been greater. With the rise in cyber attacks and data breaches, outsourcing to third parties can present an exponential threat to …
Adobe launches bug disclosure program, skimps on bounties
Adobe has launched its own web application vulnerability disclosure program. Set up through the bug bounty platform HackerOne, the program is limited to vulnerabilities …
Top priorities for internal audit professionals
Internal audit professionals are making strides in meeting cybersecurity and data privacy standards, according to Protiviti. Much work remains, with many of the surveyed …
SanDisk InfiniFlash storage targets Big Data workloads
SanDisk unveiled an all-flash storage platform that creates a new category for the IT industry, termed by IDC as Big Data Flash. Built using open source software, …
Financial firms are putting more stock in the cloud
Many financial firms are slowly putting more stock in the cloud. That’s a key finding from a new Cloud Security Alliance (CSA) survey, which targeted executives from …
NLPRank: An innovative tool for blocking APT malicious domains
Security researchers working at OpenDNS’ Security Labs have developed NLPRank, a new system that helps detect – quickly and relatively accurately – phishing …
Anthem refuses comprehensive IT security audit after the breach
Recently breached US health insurer Anthem has refused to let The Office of Personnel Management’s Office of Inspector General (OIG) perform a full security audit of its …
Angler exploit kit and domain shadowing: A deadly combination
Attackers wielding the infamous Angler exploit kit are increasingly using hijacked registrant accounts to create huge amounts of subdomains for both redirecting victims and …