June 1, 2017 Circling Back: FreeRADIUS Fix Cuts Off Authenticaton Bypass 2 min read - The open source FreeRADIUS project recently patched a vulnerability that allowed malicious actors to bypass session authentication.
Software Vulnerabilities May 30, 2017 Relying on Data to Mitigate the Risk of WordPress Website Hijacking 9 min read - To protect their WordPress sites from scammers, administrators must proactively patch and monitor their installations to weed out unwanted content.
May 18, 2017 Apple Patch Update Fixes Bugs Discovered by Pwn2Own Contestants 2 min read - A recent Apple patch update addressed critical vulnerabilities discovered by contestants at this year's Pwn2Own hacking competition.
Software Vulnerabilities May 16, 2017 Apache Struts 2: A Zero-Day Quick Draw 4 min read - It took fraudsters less than 24 hours after the disclosure of a previously unknown Apache Struts 2 vulnerability to develop a Python script to exploit it.
May 15, 2017 Phony WordPress Domain Steals Cookies to Fool Web Admins 2 min read - Cybercriminals have been stealing cookies and using a fraudulent WordPress API to impersonate users and take control of victims' browsing sessions.
May 11, 2017 Microsoft Update Fixes Remote Code Execution Vulnerability 2 min read - The most recent Microsoft update addresses a flaw in the Microsoft Malware Protection Engine that could enable attackers to commit remote code execution.
Application Security May 4, 2017 Taming the Open Source Beast With an Effective Application Security Testing Program 4 min read - Application security testing is the only way to prevent open source vulnerabilities from becoming a huge problem in the enterprise.
Application Security April 25, 2017 The Apache Struts 2 Vulnerability and the Importance of Patch Management 4 min read - The disclosure of an Apache Struts 2 vulnerability made the framework a lucrative target and highlighted the importance of patch management.
April 25, 2017 Stuxnet: The Computer Worm That Keeps on Living 2 min read - Kapersky Labs explained that the life of a computer worm exploit doesn't end with the release of a security patch. Stuxnet is one example.
April 18, 2017 Punycode Enables Invisible Phishing Attacks 2 min read - Security researcher Xudong Zheng discovered a vulnerability in several popular web browsers that could enable fraudster to mask phishing attacks.