RSA App Exposes User Data Due to Common Developer Mistake

Late last week security researchers found the RSA security conference exposing conference attendee data via vulnerabilities in its mobile app. Because a 3rd party developer had hard coded data – including security keys and passwords – in the RSA Conference application, a researcher was able to use an API to download and decrypt data containing
Read more

3 Security Best Practices We Used to Build a Strong Foundation at Threat Stack

As a security company, Threat Stack prioritized the implementation of security best practices from day one. To share our experience, this post focuses on three basic best practices our engineering team implemented when we first started out. They’re quick to set up and can produce measurable improvements right out of the gate — and for … Continue reading "3 Security Best Practices We Used to Build a Strong Foundation at Threat Stack"
Read more

Keeping Your WAF Relevant: Emergency Feed Pushes New Mitigations in Just Hours

We previously reported that the overall number of new web application vulnerabilities in 2017 showed a 212% increase from 2016’s 6,615 to a whopping 14,082. This spike was due, in part, to high-profile vulnerabilities like Heartbleed, Shellshock, POODLE, Apache Struts 2 and more recently, Meltdown and Spectra. There is, however, good news in the form
Read more

Learn to Secure Network Equipment Against Attacks and Malware at May 16 Trusted Computing Group (TCG) Webcast with Cisco Systems, Inc., Huawei and Infineon

PORTLAND, Ore., April 26, 2018 – Trusted Computing Group (TCG) experts Bill Sulzen, Cisco Systems, Inc.; Michael Eckel, Huawei; and Steve Hanna, Infineon; will provide a tutorial on how to secure network equipment against sophisticated threats in a webcast Wednesday, May 16, 1:00 p.m. Eastern Daylight Time/10:00 a.m. Pacific Daylight Time. Much effort has been … Continue reading "Learn to Secure Network Equipment Against Attacks and Malware at May 16 Trusted Computing Group (TCG) Webcast with Cisco Systems, Inc., Huawei and Infineon" The post Learn to Secure Network Equipment Against Attacks and Malware at May 16 Trusted...
Read more

Analysis of a Malicious Blackhat SEO Script

An enormous number of SEO spam infections are handled by us here at Sucuri. In our most recent hacked website trend report, we analyzed over 34,000+ websites and identified that 44% of all website infection cases were misused for SEO spam campaigns. Once a website has been compromised, attackers often use it to distribute malware, host phishing content, send spam emails, and a variety of other nefarious purposes. This can be significantly devastating to a website’s reputation, user experience, and credibility. Continue reading Analysis of a Malicious...
Read more

HR and Phishing

I receive thousands of emails every month. I do a lot of (for me) critical activities online. I never receive legitimate emails demanding a suspicious online action any more. Except from HR departments. IT security people know this is a problem. The upper left image comes from the University of Minnesota’s phishing awareness blog. HR people … Continue reading HR and Phishing →
Read more

Establishing a Baseline for Remote Desktop Protocol

For IT staff and Windows power users, Microsoft Terminal Services Remote Desktop Protocol (RDP) is a beneficial tool that allows for the interactive use or administration of a remote Windows system. However, Mandiant consultants have also observed threat actors using RDP, with compromised domain credentials, to move laterally across networks with limited segmentation. To understand how threat actors take advantage of RDP, consider the following example (and Figure 1): A staff member from the HR department working on his or her desktop inadvertently installs a malicious backdoor...
Read more
Page 1 of 97112345...102030...Last »