https://www.theregister.co.uk/2017/11/22/permissionless_data_slurping_google/ Somebody else than just your mobile operator gets to know where you are: According to an old Chinese proverb: “When a wise man points at the Moon, an idiot looks at his finger.” Google may have been hoping that you were examining a finger, not reading a Quartz story yesterday, which reveals how Android phones send →
https://gbhackers.com/owasp-top-10-2017-released/ Open Web Application Security Project(OWASP) released new Top 10 Most Critical Web Application Security Risks list. With the new release, they have completely refactored the methodology of categorizing risks. →
https://arstechnica.com/tech-policy/2017/11/an-alarming-number-of-sites-employ-privacy-invading-session-replay-scripts/ If you have the uncomfortable sense someone is looking over your shoulder as you surf the Web, you’re not being paranoid. A new study finds hundreds of sites—including microsoft.com, adobe.com, and godaddy.com—employ scripts that record visitors’ keystrokes, mouse movements, and scrolling behavior in real time… →
https://www.denimgroup.com/resources/blog/2017/11/getting-started-with-iot-security-with-threat-modeling/?lipi=urn%3Ali%3Apage%3Ad_flagship3_pulse_read%3BtGhVz%2BNYQRiSgJC%2Bt%2FEWQQ%3D%3D The security of IoT systems can be exceptionally complex because of the large number of components, potentially extensive attack surface, and the interactions between different parts of the system. Threat modeling is a great starting point to understand the risks associated with IoT systems. The challenge with this trend is that IoT devices are just computers →
http://www.productive-cpp.com/hardening-cpp-programs-executable-space-protection-address-space-layout-randomization-aslr/ Interesting information on C/C++ code security issues. →
http://www.theserverside.com/feature/Containers-and-microservices-complicate-cloud-native-security?utm_campaign=Black%20Duck%20Press&utm_content=60709505&utm_medium=social&utm_source=facebook Developing applications with microservices and containers may be a modern approach to software design, but traditional software flaws still remain a problem when addressing cloud-native security. When you think about microservices-architected, there’s a wide range of, I guess you could say opinions, about what that means. In this age of DevOps and cloud-native development, the software →
https://dzone.com/articles/5-things-to-know-about-iot-security?utm_content=buffereb678&utm_medium=social&utm_source=facebook.com&utm_campaign=buffer This article focuses on 5 IoT Security insights gathered from market research. →
What is technology inside gas station where you just put in credit card and fill the tank yourself. I has already taken a look at one Verifone payment terminal on what software it runs (it runs Linux). Today I got a view of what is technology used on similar device made by Dresser Wayne AB. →
https://securityintelligence.com/man-with-machine-harnessing-the-potential-of-artificial-intelligence/?cm_mmc=PSocial_Facebook-_-Security_Detect%20threats%20-%20QRadar-_-WW_WW-_-23012462_Tracking%20Pixel&cm_mmca1=000017NK&cm_mmca2=10004134&cm_mmca4=23012462&cm_mmca5=48989195&cm_mmca6=bdfe5818-7fea-4ba1-a728-fef91b396b4d&cvosrc=social%20network%20paid.facebook.WW%20Newsfeed%20Job%20Title%20CISO%20Discover%20SI%20Blog%20Engagement%20SI%20Watson%20Man%20With%20Machine%20AI%20Watson1%20_SD%20Behav_DesktopMobile%20Tablet_1x1&cvo_campaign=000017NK&cvo_pid=23012462 When we think of artificial intelligence (AI), we think of robots — machines that mimic human behavior or thought. This is partly the influence of comics, novels, movies and other pop culture tidbits, but the boundaries of AI have progressed far beyond this basic personification. At its most basic level, machine learning, a subset of →
https://www.csoonline.com/article/3236721/security/homeland-security-team-remotely-hacked-a-boeing-757.amp.html First cars were remotely hacked, now aeroplanes seem to be the next target with weak security. →