The Federal TLS Chronicles: A Litany of Failed Certificate Governance

The Federal TLS Chronicles: A Litany of Failed Certificate Governance

via the always informative Catalin Cimpanu, writing at ZDNet, comes the anticipated TLS Certificate renewal failures for at least 80 United States federal websites due to the federal government shutdown. Color us ...

WP GDPR Compliance WordPress Plug-in Exploited

A WordPress plug-in known as the WP GDPR Compliance plug-in contains a dangerous privilege escalation vulnerability that attackers have been actively exploiting to compromise websites. [...] ...
Changing Face of Web Application Security

The Changing Face of Web Application Security

We all understand that security is driven by balancing risk with compliance requirements, and protecting important assets while minimizing the financial cost, but recent developments suggest that a shift in emphasis is ...
Security Boulevard
Netsparker Scan Statistics 2018

Netsparker’s Web Security Scan Statistics for 2018

On average, the online edition of the Netsparker web security solution identifies a vulnerability every 4.59 minutes. Since its launch in early 2015 it identified a total of 156,904 security issues. Since ...
State of the Internet Security - Credential Stuffing

State of the Internet Security – Credential Stuffing

Credential stuffing, and the botnets behind this activity, is the primary focus of the State of the Internet Security Report, Issue 4, 2018. Credential stuffing, the use of botnets to try to ...
Mozilla Firefox Slated To Block All Trackers: Crowd Goes Wild

Mozilla Firefox Slated To Block All Trackers: Crowd Goes Wild

Lawrence Abrams, writing at Bleeping Computer, reports on new privacy decisions at Mozilla Foundation targeting the privacy of the organization's Firefox browser: of which, is apparently slated to block all tracking bits ...
Third-Party Extensions Security Risk

Third-Party Extensions: The Hidden Security Risk

Third parties are a well-known risk for any company’s cybersecurity posture (just ask Target or dozens of other large enterprise that suffered a data breach due to an outside vendor or consultant ...
Security Boulevard
Apache Struts Vulnerability CVE-2018-11776

Apache Struts Vulnerability CVE-2018-11776

On Wednesday, August 22nd, the Apache team patched another vulnerability in the Apache Struts2 framework. Apache Struts is an open-source web application framework for developing Java web applications. The vulnerability exists when ...
Linux Kernel IP Vulnerability 2

Linux Kernel IP Vulnerability 2

| | Web security
On the week of July 15th, researcher Juha-Matti Tilli disclosed a vulnerability in the Linux kernel to the kernel maintainers, the National Cyber Security Center - Finland (NCSC-FI), CERT Coordination Center (CERT/CC), ...
Linux Kernel TCP Vulnerability

Linux Kernel TCP Vulnerability

| | Web security
On the week of July 15th researcher Juha-Matti Tilli disclosed a vulnerability he discovered in the Linux kernel to the kernel maintainers, the National Cyber Security Center - Finland (NCSC-FI), CERT Coordination ...
Loading...