2018 is right around the corner, and with the changing of the calendar people naturally gravitate to looking ahead and thinking about everything that will happen in 2018. Security is no different and we often are asked, what’s going to happen in 2018?
The security industry needs unbiased sources of information who share best practices with an active membership body who advocates for open standards. In the AppSec world, one of the best is the Open Web Application Security Project (or OWASP).
The news was just released that a massive breach hit Uber in October of 2016. The personal information of 57 million Uber users and 7 million Uber drivers were stolen, including names, email addresses and phone numbers.
Black Friday and Cyber Monday are less than a week away and the sales have already begun. As people are hunting for the best deal on that new TV, they often forget about security entirely. So what should we all be worried about when buying items this holiday season and what can we do to stay safe?
Week four of National Cyber Security Awareness Month is focused around a career in cyber security.
It’s another day which means another round of Ransomware. This time it’s a ransomware that’s being called ‘Bad Rabbit’, and if the Bad Rabbit infections look familiar, they are.
As you’ve probably read, there is a serious vulnerability in the WPA2-PSK protocol that almost all WiFi traffic uses. This vulnerability is being called ‘KRACK’, which stands for Key Reinstallation Attack.
Week three of National Cyber Security Awareness Month is focused around connected devices.
Learn best practices about how to avoid API Vulnerabilities from security experts at WhiteHat Security.
Week two of National Cyber Security Awareness Month is focused around security in the workplace. What can individuals and companies do to keep their employees and their confidential information protected? I have a few tips for everyone regarding workplace cyber security.
I’ve written about the recent Equifax, Sonic and Whole Foods breaches already, but am following up here to challenge anyone reading this: HAVE YOU TAKEN ACTION TO PROTECT YOURSELF YET?
I often get asked the same question by people: ‘with all these breaches happening, what can I do to protect myself?’. Well I’m here to share a couple tips on how to stay safe.
We have learned today that the Equifax breach that has affected hundreds of millions of people was exploited by utilizing a known issue in Apache Struts 2, specifically CVE-2017-5638.
The news broke yesterday that Equifax had a massive breach that leaked personal information including Social Security Numbers, names and Drivers License numbers. The scope of this breach is staggering: 143 million records.
The CopyCat malware exploits some known vulnerabilities in older versions of Android which allows an attacker to root the victim’s phone. It then can install applications and will hijack ads from your phone, effectively paying the attacker each time an ad pops up.
Applications are literally at the core of our digital lives, so it’s more important than ever to ensure that enterprises of all types can provide safe digital experiences. We hope this report provides valuable insights and recommendations on how to secure the apps that drive your business.
There's another 'worldwide' attack known as Petya Ransomware and it's spreading quickly - learn about it first from WhiteHat Security.
The question on a lot of peoples’ minds is, “Why was this allowed to happen, wasn’t there a fix?”. Microsoft did indeed release a fix for the SMB vulnerability that ultimately was exploited by the WannaCry attack some months ago. If this patch was available, why didn’t everyone patch? Why were that many systems vulnerable?
The WannaCry attack has gained worldwide notoriety for how quickly and far reaching it has spread. At the heart of the issue was a vulnerability in Microsoft's product that left unpatched systems vulnerable to attack.
A large scale cyber attack of hospitals across England has staff and patients reeling. The fallout has serious impacts on individuals’ healthcare, as everything from patient records and prescriptions to surgery schedules are inaccessible.
As I was reading the proposed OWASP Top 10 for 2017 and preparing to submit my input, I thought I’d provide a brief recap of the changes here, and share the two large changes that stood out for me.
The WhiteHat team has gathered some thoughts on predictions and new vulnerabilities or trends that might emerge in 2017.
It has been discovered that OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k are vulnerable to a downgrade attack. In short, an attacker could man-in-the-middle a user and web server, force the user and server to downgrade to a set of export ciphers which are weak and outdated.