The Telltale Text File: Security Researcher Proposes Standardization for Reporting Vulnerabilities
Security researcher Ed Foudil proposed adding a security.txt to every website to standardize the process of reporting vulnerabilities.
Insecure Apple Authorization API Still Used
An older MacOS API is still being used by many developers, despite risks. While a new API has been released, it isn't considered to be a good replacement.
The Limits of Linguistic Analysis for Security Attribution
Linguistic analysis can provide clues to help security analysts trace the source of a cyberattack, but the method is inconclusive on its own.
Hidden PHP Rootkits Unearthed, Putting Apache Modules at Risk
A security researcher discovered how to create malicious Apache modules, giving cyberattackers a new way to tap into and control web servers.
Silly Spammers: Email Scam Company Compromises Itself With Bad Data Backup
A bad data backup configuration recently exposed email spammers, gives security professionals an inside look at spam operations.
Collision Attack Sounds the Death Knell for SHA-1 Cryptographic Function
Google's announcement of the first-ever collision attack means the Secure Hash Algorithm 1 (SHA-1) is officially no longer secure.
New PoC Exploit Weaponizes Security Research
The authors of the Sundown exploit kit leveraged research conducted by Texas-based security firm Theori to develop a PoC exploit.
Anti-ROP: A Moving Target Defense
IBM Research — Haifa recently developed a solution that acts like a moving target, randomizing files to safeguard against ROP attacks.
Mobile is Producing Productivity Gains, But Mobile Security Remains a Challenge
The mobile transformation of the enterprise is just beginning. And according to a new IBM study, mobile security is already a must-have for organizations.
Got WordPress? PHP C99 Webshell Attacks Increasing
IBM MSS X-Force researchers found that C99 webshell attacks are increasing, particularly against content management systems such as WordPress.