Latest news
-
F-Secure advances fight against exploits
18.06.2013
Exploitation of software vulnerabilities has become one of the most popular ways to gain access to users’ machines, but F-Secure is reinforcing its exploit defenses with enhanced proactive protection.
-
Rogue employees, malware exploits and unauthorized software
07.06.2013
While IT security professionals recognize the threat posed by unwitting employees, many still admit to allowing administrative privileges to go unmanaged, making organizations increasingly vulnerable to malware exploits and unauthorized software, according to Avecto.
-
Google researcher publishes Windows 0-day exploit
06.06.2013
Less than two weeks after Google researcher Tavis Ormandy released information about a new Windows zero-day vulnerability on the Full Disclosure mailing list and asked for help in creating an exploit, he has returned with one and added that there is another one already in circulation.
-
Google defines disclosure timeline for actively exploited bugs
30.05.2013
The debate regarding responsible vulnerability disclosure and full vulnerability disclosure has been started many times in the past, and it's an issue that will continue to be debated in the future even though the likelihood of reaching a consensus is practically nil.
-
Ruby on Rails bug is being exploited in the wild, researcher warns
29.05.2013
Administrators of servers running Ruby on Rails are advised once again to upgrade to the latest versions of the framework (3.2.11, 3.1.10, 3.0.19, and 2.3.15), as a vulnerability that exists in previous versions is being actively exploited in the wild to rope servers into an IRC botnet.
Spotlight
The security of WordPress plugins
Posted on 18 June 2013. | Checkmarx’s research lab identified that more than 20% of the 50 most popular WordPress plugins are vulnerable to common Web attacks, such as SQL Injection.
Information security executives need to be strategic thinkers
Posted on 17 June 2013. | George Baker, the Director of Information Security at Exostar, talks about the challenges in working in a dynamic threat landscape, offers tips for aspiring infosec leaders, and more.
Large orgs in denial about own security breaches?
Posted on 14 June 2013. | Over two thirds (66%) of large organizations said they either had not experienced a security incident in the last 12-18 months or were unsure if they had.
Vulnerability scanning with PureCloud
Posted on 12 June 2013. | nCircle PureCloud is a cloud-based network security scanning product built upon the companies' vulnerability and risk management system IP360.
Reactions from the security community to the NSA spying scandal
Posted on 11 June 2013. | Read on for comments on this scandal that Help Net Security received from a variety of security professionals and analysts.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
