Commerce Department Wants Companies to Publish Ingredients of their Software The Commerce Department is trolling around the RSA conference trying to get companies to publish the ingredients in their software – the so called bill of materials that I have written about before – so that users can understand what libraries are being loaded. The […]
Continue reading →
[DISPLAY_ACURAX_ICONS]
As people use their mobile devices as what one friend used to call a “pocket super computer” as opposed to something where you dial 7 digits (remember that) and talk to someone, hackers have figured out that the new attack vector is your phone. In part, this is due to the fact that finally, after […]
Continue reading →
[DISPLAY_ACURAX_ICONS]
Last Week Microsoft Announced Microsoft Azure Sentinel, a cloud based Security Information and Event Management System (SIEM) and a Threat Hunting and Analysis Service called Microsoft Threat Experts. As Ray and I discussed on a recent video, available on Youtube, the best outcome of that announcement is if Google and Amazon make a similar announcement. […]
Continue reading →
[DISPLAY_ACURAX_ICONS]
Adobe seems to have trouble catching a break sometimes, Today they released an emergency patch for a vulnerability in the Cold Fusion application that Adobe bought in 2005. The bug allows an attacker to bypass the file upload restrictions, allowing an attacker to upload a malicious executable and then get the target system to execute […]
Continue reading →
[DISPLAY_ACURAX_ICONS]
We Don’t Need Back Doors in Crypto – We Have Enough Bugs Already! Researchers have found three new bugs in the protocol design (as opposed to the implementation) in both 4G and 4G cellular networks. The design flaws can be carried out by any person with a little knowledge of cellular paging protocols. The hardware to […]
Continue reading →
[DISPLAY_ACURAX_ICONS]