Software Vulnerabilities May 16, 2017 Apache Struts 2: A Zero-Day Quick Draw 4 min read - It took fraudsters less than 24 hours after the disclosure of a previously unknown Apache Struts 2 vulnerability to develop a Python script to exploit it.
May 15, 2017 Phony WordPress Domain Steals Cookies to Fool Web Admins 2 min read - Cybercriminals have been stealing cookies and using a fraudulent WordPress API to impersonate users and take control of victims' browsing sessions.
Application Security May 4, 2017 Taming the Open Source Beast With an Effective Application Security Testing Program 4 min read - Application security testing is the only way to prevent open source vulnerabilities from becoming a huge problem in the enterprise.
April 18, 2017 Punycode Enables Invisible Phishing Attacks 2 min read - Security researcher Xudong Zheng discovered a vulnerability in several popular web browsers that could enable fraudster to mask phishing attacks.
April 17, 2017 Magneto Vulnerability: Cybercriminals Drawn to E-commerce Exploit 2 min read - A newly released Magneto vulnerability comes with serious risk of total e-commerce compromise. Here's what businesses and shoppers need to know.
March 22, 2017 Burgenoning Bug Bounty Programs Up the Ante 2 min read - Bug bounty programs are now paying out more to white-hat hackers, but they're also tightening regulations on payments and structure.
March 14, 2017 Got SAP HANA? Your Calendar Just Filled Up With Zero-Day Critical Vulnerabilities 3 min read - SAP HANA customers should invest in an active threat monitoring and detection solution — meaning a SAP-specific threat vector detection.
March 7, 2017 Widespread Bug Bounty Program Could Help Harden Open Source Security 2 min read - As part of HackerOne's effort to improve open source security, the vulnerability disclosure firm made its bug bounty program available for free.
March 7, 2017 Wireshark Squashes Bugs With New Network Protocol Analyzer Update 2 min read - The Wireshark development team addressed dozens of vulnerabilities, segmentation flaws and bugs with the latest version of its network protocol analyzer.
March 6, 2017 DblTek GoIP GSM Gateways Have a Backdoor Password 2 min read - DblTek GSM gateways have a hidden backdoor password that allows root shell access. How can users protect themselves from this vulnerability?