Black Duck has always recognized the importance of prioritizing open source security tasks by providing several key data points to help customers focus on what’s most critical. After all, with over 40 new software vulnerabilities being uncovered every day, it’s easy to become overwhelmed. In addition to offering detailed descriptions, expanded severity scoring, exploit information,…

At the recent Black Hat conference, Peleg Hadar and Tumar Bar of SafeBreach Labs pointed out that the way to a network’s heart is often through its printers. In 2010, one of the vulnerabilities Stuxnet used was a remote code execution on a computer with printer sharing enabled. To reach Iran’s centrifuges, Stuxnet exploited a…

The information security industry frequently utilizes the phrase “people, processes and technology” (PPT) to describe a holistic model of securing the business. But though this phrase is repeated ad nauseum, we seem to have forgotten one of those three primary pillars: people. In an effort to secure things technically, we prioritize the protection of our…

Over the past several years, experts have recognized that perhaps the best password strategy for your application logins is to have no password at all, what has been often labeled as “passwordless.” It is a bit of a misnomer, as you’ll see as we investigate the commercial options. The passwordless concept has seen various innovations,…

Cybercriminals have been spotted using HTML/CSS and Unicode tricks to bypass tools meant to block malicious emails, marking a new twist in phishing techniques, security researchers report. Attackers are continuously testing enterprise security systems and exploring new ways to get through. Some rely on hidden text and zero-font attacks, in which they put invisible characters…