dcsimg
September 21, 2018

Simple Authentication and Security Layer (SASL) vulnerabilities

Simple Authentication and Security Layer (SASL) is an authentication layer used in Internet protocols. SASL is not a protocol, but rather a framework that provides developers of applications and shared libraries with mechanisms for authentication, data integrity–checking, and encryption. Within the framework and a few of its plugins, there are a couple of known vulnerabilities that we want to make … [Read more...]

Filed Under: authentication, brute force, cybercrime, denial of service, Exploits, mailserver, sasl, Simple Authentication and Security Layer, vulnerabilities
August 27, 2018

A week in security (August 20 – 26)

Last week on Labs, we took a look at insider threats, doubled back on the privacy of search browser extensions, profiled green card scams, revisited Defcon badgelife, and talked about what happens to a user’s accounts when they die. Other cybersecurity news There was an archiving error in Twitch HQ. Unfortunately, that left some private user messages (even those with sensitive info in them) … [Read more...]

Filed Under: a week in security, badgelife, cobalt dickens, cybersecurity, cybersecurity awareness, digital entropy of death, elections, facebook, Google, green card scam, privacy, project insecurity, ransomware, recap, ryuk, search browser extensions, Security world, superdrug, the lazarus group, twitch, vulnerabilities, Week in security, weekly blog roundup
August 9, 2018

8 everyday technologies that can make you vulnerable to cyberattacks

The technological advances of the modern world make for an exciting and convenient lifestyle. With each new development, from artificial intelligence to the Internet of Things, we make the mundane and tedious more manageable. The security vulnerabilities of the latest tech have been well documented. But what about everyday technologies that have been around for a while or are widely adopted? Those … [Read more...]

Filed Under: 101, cyberattack, cyberattacks, everyday technologies, FYI, smart phones, smart speakers, vulnerabilities, vulnerable
July 17, 2018

5 ways to find and fix open source vulnerabilities

Guest post by Limor Wainstein A recent discovery of surreptitious execution of cryptomining code by a sandboxed app, riding piggyback on the open source software (OSS) ecosystem, raises pertinent questions about the security of open source code and its dependencies. Programmers often use OSS as a jump-off for creating their software—and that includes malware authors. The rogue app, which was found … [Read more...]

Filed Under: Business, open source, open source code, Security world, vulnerabilities
May 23, 2018

Why bad coding habits die hard—and 7 ways to kill them

Developers are usually the focus of blame when software vulnerabilities cause organizational breaches. (Sometimes, quality assurance engineers are included in the flame.) Interestingly, though, hardly anyone looks at why bad coding habits form in the first place. We’re talking about the culture, the processes, the unrealistic deadlines, and—perhaps the worst of this bunch—the lack of … [Read more...]

Filed Under: 101, bad code, bad coding habits, Developers, FYI, programming, secure code, vulnerabilities
January 11, 2018

Meltdown and Spectre fallout: patching problems persist

Last week, the disclosure by multiple teams from Graz and Pennsylvania University, Rambus, Data61, Cyberus Technology, and Google Project Zero of vulnerabilities under the aliases Meltdown and Spectre rocked the security world, sending vendors scurrying to create patches, if at all possible, and laying bare a design flaw in nearly all modern processors. The fallout from these revelations continues … [Read more...]

Filed Under: Exploits, Google Project Zero, Intel, Meltdown, processor, Security world, Spectre, vulnerabilities