Two Foxit Reader RCE zero-day vulnerabilities disclosed
Trend Micro’s Zero Day Initiative has released details about two remote code execution zero-day flaws affecting popular freemium PDF tool Foxit Reader. The first one …
Decryption key for Apple iOS Secure Enclave Processor firmware revealed
A hacker that goes by the handle “xerub” has apparently figured out the decryption key for Apple’s Secure Enclave Processor (SEP) firmware, and made it …
Attackers turn to auto-updating links instead of macros to deliver malware
SANS ISC handler Xavier Mertens has flagged and analyzed a malicious Word file that, somehow, is made to automatically download an additional malicious RTF file, ultimately …
New infosec products of the week: August 18, 2017
New Firebox M Series appliances help SMBs keep up with encrypted traffic WatchGuard Technologies announced hardware upgrades to its Firebox M Series to handle the …
How security pros look at encryption backdoors
The majority of IT security professionals believe encryption backdoors are ineffective and potentially dangerous, with 91 percent saying cybercriminals could take advantage of …
NotPetya aftermath: Companies lost hundreds of millions
The infamous NotPetya ransomware attack, which started in Ukraine on June 27 but later spread to many international businesses, has resulted in huge monetary losses for the …
How to spot malicious mobile apps
The pervasiveness of smartphones has resulted in an onslaught of mobile apps, and it’s pretty safe to say that, by now, there is an app for every imaginable purpose. …
The human point: Gaining visibility into the context behind user actions
In this podcast recorded at Black Hat USA 2017, Dr. Richard Ford, Chief Scientist at Forcepoint, talks about the security industry’s need of a paradigm shift toward …
DevOps skills gap: Do you have the necessary skills to succeed?
New research shows that software developers are not receiving the training they need to be successful as DevOps becomes the prevalent approach to building and operating …
Google Chrome remote code execution flaw detailed, PoC released
Vulnerability broker Beyond Security has released details about and Proof of Concept code for a remote code execution bug affecting Google Chrome. “The [type confusion] …
Three megatrends that will drive digital business into the next decade
Gartner revealed three distinct megatrends that will enable businesses to survive and thrive in the digital economy over the next five to 10 years. Artificial intelligence …
EV ransomware is targeting WordPress sites
WordPress security outfit Wordfence has flagged several attempts by attackers to upload ransomware that provides them with the ability to encrypt a WordPress website’s files. …