Google wants iOS Gmail users to think twice about following suspicious links
Google has announced the rollout of new anti-phishing checks for the iOS Gmail app: in less than two weeks, all users will be confronted with two warnings if they attempt to follow a suspicious link from within the app. The first one is a pop-up, warning generally about untrusted nature of the site they are…
The 5 biggest ransomware attacks of the last 5 years
While the last few years have seen a remarkable uptick in this particularly nasty genre of attack software, ransomware isn’t new. Malware that holds data for ransom has been around for years. In 1991, a biologist spread PC Cyborg, the first ever ransomware, by sending floppy disks via surface mail to other AIDS researchers, for…
Samsung Tizen Accused of Being Home to at Least 27,000 Findable Bugs
A purveyor of static code analysis wished to pitch his product to Samsung. What better way, he thought, than to run his product against the Samsung Tizen operating system, and demonstrate the results. The demonstration fell through, and the purveyor decided instead to publish his findings. The purveyor is Andrey Karpov, CTO at “Program Verification…
Healthcare industry continues to struggle with software security
67% of medical device manufacturers and 56% of healthcare delivery organizations (HDOs) believe an attack on a medical device built or in use by their organizations is likely to occur over the next 12 months. According to the results of a recent survey, roughly one third of device makers and HDOs are aware of potential…
If you downloaded HandBrake for Mac, you could be infected with Proton RAT
A mirror download server of HandBrake, a popular open source video conversion app for Mac, has been compromised, and the legitimate app .dmg file switched with a Trojanized version containing the Proton RAT. Who got infected? “Anyone who has downloaded HandBrake on Mac between [02/May/2017 14:30 UTC] and [06/May/2017 11:00 UTC] needs to verify the…
How secure are mobile banking apps?
Do banking institutions have a good handle on the things they need to remediate and new control layers they need to adopt to keep users secure? To answer those questions, Accenture and NowSecure have performed vulnerability assessments of customer-facing mobile banking apps of 15 banking institutions in the North American market.
Top 4 Software Development Methodologies
Successful projects are managed well. In order to manage a project efficiently, the manager or dev team must choose which software development method works best for the project at hand. All of the numerous software development methodologies that exist are used for different reasons. I’ve been doing some research to understand why different methodologies exist,…
Vulnerability Management and Triage in 3 Steps
Security testing tools can help organizations build better software by identifying vulnerabilities early in the SDLC. For security professionals and developers, however, the hard work begins when the testing is complete. Once you have a list of vulnerabilities across multiple applications, what’s your next step in vulnerability management and triage? And how do you ensure…
Privacy groups complain to FTC over Google’s ‘deceptive’ policy change
Privacy groups have complained to the Federal Trade Commission that Google is encroaching on user privacy through a policy change in June that allows it to combine personally-identifiable information with browsing data collected by its DoubleClick digital advertising service. The complaint by Consumer Watchdog and Privacy Rights Clearing House alleged that Google has created “super-profiles”…
Zcash mining software covertly installed on victims’ machines
Software “mining” the recently established Zcash (ZEC) cryptocurrency is being foisted upon unsuspecting users, Kaspersky Lab warns. The actual software is not illegal, and not technically malware – it is meant to be used by individuals who are willing to dedicate their machine(s) and pay for the increased electricity usage that accompanies cryptocurrency mining.