Kategorie

The training and job-matching effort is a public-private partnership to address a growing workforce gap.

A file delete vulnerability in WordPress can be elevated into a remote code execution vulnerability for plugins like WooCommerce.

A sophisticated proxy code has infected hundreds of thousands of devices already.

The manual turns good advice on its head, telling officials to use, reuse and recycle weak passwords.

Online-note-sharing company Evernote has patched a hole that allowed attackers to infect notes shared via its service.

Představte si, že budete sedět ve své kanceláři v Los Angeles a do prohlížeče naťukáte webovou adresu své pobočky ve Washingtonu. Za běžných okolností by měly pakety cestovat v podstatě přímou cestou na východní pobřeží, u některých operátorů, třeba Verizonu, tomu tak ale v minulosti ...

A WhatsApp chain letter is warning of a malware-packing video called "martinelli", and selling its lie with a grain of truth.

If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new vulnerability that could compromise your online store. Simon Scannell, a researcher at RIPS Technologies GmbH, discovered an arbitrary file deletion vulnerability in the popular WooCommerce plugin that could allow a malicious or compromised privileged user to gain full control over the

LinuxSecurity.com: Tuesday morning, as millions of Americans lined up at their polling places to participate in the often quite literally broken democratic process, a new Twitter account tweeted a link to a short manifesto: "today's voting machines are often insecure, not particularly easy-to-use, and so expensive that they're often used much longer than they were designed for and election officials are forced to hunt for replacement parts on eBay. The market has failed us."

LinuxSecurity.com: The Apache Software Foundation released an advisory addressing a vulnerability in Apache Struts which could allow a remote attacker to take control of an affected system.

The data breach includes names, addresses, transaction histories, account information and more.

Android's November security bulletin is here and there’s more to patch, and more urgency about applying them.

Posted by Matt Ruhstaller, TPM and Oliver Chang, Software Engineer, Google Security Team

Open Source Software (OSS) is extremely important to Google, and we rely on OSS in a variety of customer-facing and internal projects. We also understand the difficulty and importance of securing the open source ecosystem, and are continuously looking for ways to simplify it.

For the OSS community, we currently provide OSS-Fuzz, a free continuous fuzzing infrastructure hosted on the Google Cloud Platform. OSS-Fuzz uncovers security vulnerabilities and stability issues, and reports them directly to developers. Since launching in December 2016, OSS-Fuzz has reported over 9,000 bugs directly to open source developers.

In addition to OSS-Fuzz, Google's security team maintains several internal tools for identifying bugs in both Google internal and Open Source code. Until recently, these issues were manually reported to various public bug trackers by our security team and then monitored until they were resolved. Unresolved bugs were eligible for the Patch Rewards Program. While this reporting process had some success, it was overly complex. Now, by unifying and automating our fuzzing tools, we have been able to consolidate our processes into a single workflow, based on OSS-Fuzz. Projects integrated with OSS-Fuzz will benefit from being reviewed by both our internal and external fuzzing tools, thereby increasing code coverage and discovering bugs faster.

We are committed to helping open source projects benefit from integrating with our OSS-Fuzz fuzzing infrastructure. In the coming weeks, we will reach out via email to critical projects that we believe would be a good fit and support the community at large. Projects that integrate are eligible for rewards ranging from $1,000 (initial integration) up to $20,000 (ideal integration); more details are available here. These rewards are intended to help offset the cost and effort required to properly configure fuzzing for OSS projects. If you would like to integrate your project with OSS-Fuzz, please submit your project for review. Our goal is to admit as many OSS projects as possible and ensure that they are continuously fuzzed.

Once contacted, we might provide a sample fuzz target to you for easy integration. Many of these fuzz targets are generated with new technology that understands how library APIs are used appropriately. Watch this space for more details on how Google plans to further automate fuzz target creation, so that even more open source projects can benefit from continuous fuzzing.

Thank you for your continued contributions to the Open Source community. Let’s work together on a more secure and stable future for Open Source Software.

One-third of respondents in a new poll said that have been a victim of fraud or identity theft in the past.

The Pirate Bay torrent search engine is one of the world's most famous and best torrent sites. But it has been caught second time mining digital currencies using visitors' computers. Like many popular torrent sites, the pirate bay also uses mining to make money without informing its users. But this time a tiny message on its homepage clarifies some terms of service but gives no option to

Firmware updates won't address the problem, so admins need to take other action.

Facebook continues to address the challenges faced during the 2016 election.

Users must update their vulnerable libraries manually.

Facebook's had a patent approved for a new way to sniff out potential friends, based on your phone and patterns of movement.