Dennis Fisher talks with Gary McGraw of Cigital about the IEEE’s new Center for Secure Design program, the difficulty of defeating large classes of bugs and the collaborative effort it will take to solve the software security problem.
A new watering hole attack is targeting the aerospace, automotive and manufacturing industries with a new reconnaissance malware tool called “Scanbox.”
Dennis Fisher talks with Robert Hansen of WhiteHat Security about the company’s decision to change default search providers to Disconnect and the $250,000 guarantee for users of the Sentinel Elite product.
Mozilla is planning to add support for public-key pinning in its Firefox browser in an upcoming version. In version 32, which would be the next stable version of the browser, Firefox will have key pins for a long list of sites, including many of Mozilla’s own sites, all of the sites pinned in Google Chrome […]
The email addresses and encrypted passwords of nearly 100,000 users of Mozilla’s Bugzilla system were left on a publicly accessible server for several months earlier this year, the company said. The disclosure comes just a few weeks after Mozilla advised members of its Mozilla Developer Network to change their passwords because of a similar incident. On […]
The IEEE’s Center for Secure Design’s new guidance for software architects called “Avoiding the Top 10 Software Security Design Flaws” debuted this week.
GameOver Zeus and Sality banking malware infections are rampant in emerging countries such as Turkey where older, unpatched computers are prevalent, and security awareness is low.
Verizon announced Tuesday it will soon begin using QR codes to allow users to log in to sites and programs in its Universal Identity Services portfolio.
Popular websites TMZ and Java.com are among a handful serving malicious ads redirecting visitors to the Angler Exploit Kit.
The 2014 IBM X-Force Threat Intelligence Quarterly takes a look back at Heartbleed and how organizations were affected by it.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
