Netflix and Dropbox have both noted recently that they won’t sue security researchers who find and disclose vulnerabilities in their products. The only caveat is: the researchers must conduct the research in line with their vulnerability disclosure policy and bug bounty program guidelines. Dropbox Dropbox Head of Security Chris Evans announced on Wednesday that they’ve updated their vulnerability disclosure policy to clearly say that the company will “not initiate legal action for security research conducted … More
The post Netflix, Dropbox promise not to sue security researchers, with caveats appeared first on Help Net Security.
With RSA Conference 2018 USA less than a month away, we asked Britta Glade, Director, Content and Curation for RSA Conference, to tell us more about this year’s event. Read on to find out what’s in store for the world’s largest gathering of information security professionals. What have been the major security developments in the past year, and how have these informed the conference agenda for 2018? Where to begin? 2017 showed us just how … More
The post RSA Conference 2018 USA: What you can expect at this year’s event appeared first on Help Net Security.
Gemalto unveils enhanced security features for ID documents These security features are available as additional options in the Gemalto Color Laser Shield secure identity solutions range. The new enhancements are simple to adopt by the government agents in the field. They are designed to counter forgery while remaining easy for officials to verify their authenticity, thereby providing convenience for legitimate holders. QuintessenceLabs qStream 100P PCIe card integrates high-entropy, quantum-based true random numbers to servers QuintessenceLabs … More
SS8 released its 2018 Threat Rewind Report, which reveals the top cybersecurity evasion and exfiltration techniques used by attackers and malicious insiders. During the past year, SS8 sensors and analytics deployed globally within live production networks have detected a variety of techniques used to compromise and steal data (intellectual property) from organizations in key industries spanning critical infrastructure, enterprises and telecommunications. The networks SS8 assesses exhibit the presence of the following evasion and exfiltration activity: … More
The post Top cybersecurity evasion and exfiltration techniques used by attackers appeared first on Help Net Security.
Researchers have discovered multiple severe vulnerabilities in ManageEngine’s line of tools for internal IT support teams, which are used by over half of Fortune 500 companies. About the vulnerabilities The first flaw affects EventLog Analyzer 11.8 and Log360 5.3, and could be exploited to achieve remote code execution with the same privileges as the user that started the application, by uploading a web shell to be written to the web root. The rest of the … More
The post Flaws in ManageEngine apps opens enterprise systems to compromise appeared first on Help Net Security.
A new study, conducted by 360Velocity and Dr. Chenxi Wang, found that excessive alerts, outdated metrics, and limited integration lead to over-taxed security operations centers (SOCs). SOCs are overwhelmed The study was conducted over the span of three months, interviewing security practitioners from enterprise companies in a cross-section of industries: Software-as-a-Service (SaaS), retail, financial services, healthcare, consumer services, and high tech. As the threat landscape changes and enterprises move to adopt additional layers of defensive … More
The post Excessive alerts, outdated metrics, lead to over-taxed security operations centers appeared first on Help Net Security.