Davey Winder

Data exfiltration used to 'encourage' ransom payment

Data exfiltration used to 'encourage' ransom payment

BitPyLock threat actors are now exfiltrating data before the ransomware encryption begins

Google's Project Zero changes disclosure policy; Infosec community debates the need

Google's Project Zero changes disclosure policy; Infosec community debates the need

Project Zero goes public 90 days after disclosing the vulnerability to the affected organisation. Now, they have added a 14-day grace period on request

Facebook over Tor downed by TLS certificate management mess

Facebook over Tor downed by TLS certificate management mess

Why did Facebook close its encrypted Tor service when its TLS cert expired (it had good reason to), how did it let the certificate expire, & are you any better at having the visibility to maintain your TLS certs?

Are penetration testing tools infosecurity's Jekyll and Hyde?

Are penetration testing tools infosecurity's Jekyll and Hyde?

The first time you got your hands on powerful penetration testing tools, you must have thought 'just think what I could do with this'. And that's just what the criminals think too - and then they do it.

Apple users targeted by state cyber-criminals who've developed macOS Trojan

Apple users targeted by state cyber-criminals who've developed macOS Trojan

A well-resourced and successful threat actor - the Lazarus Group, widely believed to be the North Korean state - has developed fileless malware aimed at macOS for criminal purposes.

New MITRE software error list is a mixed bag, says infosec community

New MITRE software error list is a mixed bag, says infosec community

Common Weakness Enumeration list reveals the critical software errors that could impact enterprise security

Oracle E-Business Suite PAYDAY critical vulnerabilities remain a licence to print money

Oracle E-Business Suite PAYDAY critical vulnerabilities remain a licence to print money

Half of Oracle EBS customers have not patched critical payment system vulnerabilities in Oracle E-Business Suite - with a CVSS score of 9.9 out of 10, these these vulnderabilities are very high-risk indeed.

Android smartphone fuzzing reveals 'gaping hole' in trusted execution environment

Android smartphone fuzzing reveals 'gaping hole' in trusted execution environment

Security researchers find vulnerabilities in the supposedly impenetrable 'secure world' storage vault in Android phones that could allow access to payment credentials

Google looks to open source silicon to solve the root of trust conundrum

Google looks to open source silicon to solve the root of trust conundrum

A hardware vulnerability can have significant impact on software security as most software was designed around assumptions present in the hardware and subsequently compiled for a given hardware platform.

Are businesses asking the right questions when it comes to cloud security?

Are businesses asking the right questions when it comes to cloud security?

Survey says 39 percent of cybersecurity professionals identify cloud storage and file sharing apps as being the most vulnerable to insider attacks