Saturday, January 19, 2019

Bug bounty programs: Everything you thought you knew is wrong

One common criticism of bug bounty programs is that very few hackers actually make money. Not only is this untrue, but it misses the point.

5 blockchain trends to expect in 2019

Blockchain may finally be ready to move from hype to reality, with continued IoT integrations and tokenization, according to KPMG.

Microsoft launches Azure DevOps bug bounty program, $20,000 rewards on offer

The Redmond giant is keenly interested in remote code execution and privilege escalation flaws.

4 strategies for your IT wearables policy

Without a formal plan or policy, wearables may introduce your company to a security breach​.

Over 87GB of email addresses and passwords exposed in Collection 1 dump

An 87GB dump of email addresses and passwords containing almost 773 million unique addresses and just under 22 million unique passwords has been found.

How to connect to VNC using SSH

If your network doesn't allow connections into the default VNC port 5901, you can tunnel it through SSH.

​4 ways to prepare for GDPR and similar privacy regulations

Data privacy is no longer a nice-to-have security commodity, but a must-have commodity.

Malware can now evade cloud security tools, as cybercriminals target public cloud users

Refined malware payloads from Chinese threat actor Rocke Group are sidestepping security tools to install cryptocurrency miners on cloud systems.

To stay competitive, MSSPs need to grow and evolve

​Managed Security Service Providers can alleviate many of the headaches suffered by in-house security, but they need to remain nimble and focused to retain their edge.

Top 10 app vulnerabilities: Unpatched plugins and extensions dominate

Despite the existence of patches, the proliferation of unpatched installations are enticing targets for malicious actors, according to a WhiteHat report.

Smart building security flaws leave schools, hospitals at risk

Vendors of smart building hardware issued updates to products without disclosing that vulnerabilities were patched, leading security systems for schools and hospitals to be accessible via the web.

Police can’t force you to unlock your phone by iris, face or finger

Police can't force you to unlock your phone by iris, face or finger

Why vendor security practices are causing heartburn for enterprise pros

High dependencies on external vendors with unclear security policies is a concern among IT professionals, according to a Deloitte report.

Cyberattacks now cost businesses an average of $1.1M

Malware and bots, phishing, and DDoS attacks are some of the top threats companies face, according to Radware.

Good data in, good data out: How innovation in technology has evolved

Xerox's CISO Alissa Abdullah discusses how innovation in technology and security has changed throughout her career.

Websites can steal browser data via extensions APIs

Researcher finds nearly 200 Chrome, Firefox, and Opera extensions vulnerable to attacks from malicious sites.
Security Affairs

6 Reasons We Need to Boost Cybersecurity Focus in 2019

Paying attention to cybersecurity is more important than ever in 2019. But, some companies are still unwilling to devote the necessary resources to securing their infrastructures against cyberattacks, and naive individuals think they’re immune to the tactics of cybercriminals,...

Fortnite Vulnerabilities Allow Hackers To Take Over Gamers’ Accounts, Data And In-Game Currency

Cybersecurity researchers today shared details of vulnerabilities that could have affected any player of the hugely popular online battle game, Fortnite. If exploited, the vulnerability would have given an attacker full access to a user’s account and their personal information  as well...

DNC Accuses Russia, ACLU Sues ICE, and More Security News This Week

Trump dominated security headlines this week, but there's plenty of other news to catch up on.

Bulgaria Extradites Russian Hacker to US: Embassy

Bulgaria has extradited a Russian indicted by a US court for mounting a complex hacking scheme to the United States, the Russian embassy in Washington said Saturday. read more