<iframe src="//www.googletagmanager.com/ns.html?id=GTM-WQV6DT" height="0" width="0" style="display:none;visibility:hidden">

SECURITY INFLUENCERS BLOG

Security influencers provide real-world insight and “in-the-trenches” experiences on topics ranging from application security to DevOps and risk management

Google Docs May Still be Vulnerable to Phishing Attacks

On Tuesday, users of Google Docs were targeted with an email phishing attack. The email content was a ruse to trick folks into granting access to their contact data. Google quickly put measures into place to stop the attack. Please visit this..

Continue Reading >>

The WikiLeaks CIA Dump Dominates AppSec News Coverage

WikiLeaks has been dominating recent news when it released "Vault 7", a new series of leaks it claims came from the United States Central Intelligence Agency (CIA). WikiLeaks delared that Vault 7  "is the largest ever publication of confidential..

Continue Reading >>

CVE-2017-5638 – Struts 2 S2-045 Exploit Released – Protection Offered

On March 6, a new remote code execution vulnerability was disclosed1 against Struts 2 (2.3.5-2.3.31 and 2.5-2.5.10.) Most likely, if you're using Struts 2, you are vulnerable to a one-shot attack which can run arbitrary system commands.

Continue Reading >>

The Impact of Fake Retail Apps Hitting the Apple App Store this Year

Last week, App Developer Magazine, in an article titled "The Impact of Fake Retail Apps Hitting the Apple App Store this Year" prominently features Contrast Security Co-founder and CTO Jeff Williams. The article discusses how counterfeiters have..

Continue Reading >>

DOM XSS in wix.com

Wix.com, a hosting provider which claims to host millions of websites, contains an XSS that leads to administrator account takeover and could be used to create a Wix website worm.

Target

From the company’s literature:

“Wix.com is a leading..

Continue Reading >>

60 Minutes & the "Signaling System Seven (SS7) Vulnerability"

Over the weekend, 60 Minutes featured a segment on how cellphones and mobile phone networks are vulnerable to hacking, exploiting a security flaw discovered in Signaling System Seven – or SS7. According to security researcher Karsten Nohl, “the..

Continue Reading >>

Why We Should Score Data Breaches

Contrast's CTO and Co-Founder, Jeff Williams, was interviewed by Forbes Magazine at Black Hat USA 2016 earlier this month. The interview focused on recent healthcare breaches and why we (the industry) should score data breaches. Jeff is quoted..

Continue Reading >>

Peiter Zatko's (Mudge) Cyber Independent Testing Lab methods.... just another flash in the pan?

Last week, The Intercept published an article (A Famed Hacker is Grading Thousands of Programs – and May Revolutionize Software in the Process) discussing a new method for testing and scoring the security of software. This new method – called the..

Continue Reading >>

"The DCCC Hacked:  SQL Injection?  Come on."

Jeff's comments here are a follow-up to his blog post "International hacks, politics and knee-jerk cybersecurity... never a good mix - Russia & the DNC Hack." You may want to read that post too!

Some software is more important than other..

Continue Reading >>

International hacks, politics and knee-jerk cybersecurity - never a good mix

The FBI is now leading an investigation into a hack into the Democratic National Committee. This is the first acknowledgment from the agency that they are probing the incident, which US officials suspect came from a Russian cyberattack. The FBI said..

Continue Reading >>

SUBSCRIBE TO THE BLOG

Learn how to unify security strategy across & development operations. See how to set up a CAS program with only eight activities!

Download the Handbook