Looking to get ahead in cybersecurity? Here are four areas to keep in mind as you make a five-year career plan. The economics of supply and demand shape today’s cybersecurity job market. Each year, US employers post more than 120,000 openings for information security analysts and roughly one-third go unfilled. Hiring managers are bracing for…

An attacker can discover various details about Firefox users due to the manner in which the browser caches intermediate CA certificates, a researcher has discovered. When the server doesn’t deliver the complete certificate chain, Firefox loads the website if the intermediate CA certificate is cached, security researcher Alexander Klink discovered. By determining which websites use…

A few weeks ago, the World Economic Forum (WEF) met in Davos, Switzerland where an expert working group issued a report “Advancing Cyber Resilience: Principles and Tools for Boards.” It is touted as a first-of-its-kind resource to support board of directors and CEOs on cyber security and cyber resilience strategy. The WEF’s principles and tools…

Researchers at Ben-Gurion University of the Negev in Israel have disclosed yet another method that can be used to exfiltrate data from air-gapped computers, and this time it involves the activity LED of hard disk drives (HDDs). Many desktop and laptop computers have an HDD activity indicator, which blinks when data is being read from…

Experts point to stronger passwords, full-disk encryption, and multi-factor authentication as ways to stop data theft in the event a laptop is lost or stolen.  Anybody can have their laptop stolen. It happened to Hillary Clinton’s campaign last fall, when three laptops were stolen from campaign workers in Philadelphia. In that case, the devices were…

One obvious trend: crimeware technologies that come with simple user consoles and functionality to create unique binaries at the click of a button. To understand how the bad guys have become so adept at producing the flood of uniquely hashed malware, we need to look at what our adversaries have been doing the past few…

Cisco today announced a variety of hardware, software and services designed to increase network virtualization and bolster security for campus, branch office and cloud customers. The products, which include a Network Functions Virtualization branch office device and improved security network segmentation software, fall under Cisco’s overarching Digital Network Architecture plan. DNA offers integrated networking software—virtualization,…

The Java and Python runtimes fail to properly validate FTP URLs, which can potentially allow attackers to punch holes through firewalls to access local networks. On Saturday, security researcher Alexander Klink disclosed an interesting attack where exploiting an XXE (XML External Entity) vulnerability in a Java application can be used to send emails.

While most of this month’s security updates have been postponed to March 14, Microsoft has decided to release one bulletin to address the Flash Player vulnerabilities fixed by Adobe on Patch Tuesday. The critical bulletin, MS17-005, resolves 13 vulnerabilities in the Flash Player libraries used by Internet Explorer 10, Internet Explorer 11 and Edge.