September 19, 2017 The Telltale Text File: Security Researcher Proposes Standardization for Reporting Vulnerabilities 2 min read - Security researcher Ed Foudil proposed adding a security.txt to every website to standardize the process of reporting vulnerabilities.
August 28, 2017 Insecure Apple Authorization API Still Used 2 min read - An older MacOS API is still being used by many developers, despite risks. While a new API has been released, it isn't considered to be a good replacement.
Network July 14, 2017 The Limits of Linguistic Analysis for Security Attribution 2 min read - Linguistic analysis can provide clues to help security analysts trace the source of a cyberattack, but the method is inconclusive on its own.
June 20, 2017 Hidden PHP Rootkits Unearthed, Putting Apache Modules at Risk 2 min read - A security researcher discovered how to create malicious Apache modules, giving cyberattackers a new way to tap into and control web servers.
March 7, 2017 Silly Spammers: Email Scam Company Compromises Itself With Bad Data Backup 2 min read - A bad data backup configuration recently exposed email spammers, gives security professionals an inside look at spam operations.
February 27, 2017 Collision Attack Sounds the Death Knell for SHA-1 Cryptographic Function 2 min read - Google's announcement of the first-ever collision attack means the Secure Hash Algorithm 1 (SHA-1) is officially no longer secure.
January 12, 2017 New PoC Exploit Weaponizes Security Research 2 min read - The authors of the Sundown exploit kit leveraged research conducted by Texas-based security firm Theori to develop a PoC exploit.
Software Vulnerabilities September 1, 2016 Anti-ROP: A Moving Target Defense 4 min read - IBM Research — Haifa recently developed a solution that acts like a moving target, randomizing files to safeguard against ROP attacks.
Endpoint June 6, 2016 Mobile is Producing Productivity Gains, But Mobile Security Remains a Challenge 3 min read - The mobile transformation of the enterprise is just beginning. And according to a new IBM study, mobile security is already a must-have for organizations.
Threat Intelligence April 14, 2016 Got WordPress? PHP C99 Webshell Attacks Increasing 5 min read - IBM MSS X-Force researchers found that C99 webshell attacks are increasing, particularly against content management systems such as WordPress.