IoT security is getting worse, not better: researchers

Credit: Illustration 149861933 © Aliaksandra Sitkouslaya – Manufacturers of network equipment may be claiming better security in their Internet of Things (IoT) devices, but those claims have been refuted during new testing of 13 small-office home office (SOHO) routers and networked-storage devices that identified 125 new vulnerabilities. The work, conducted by security-testing firm Independent […]


Study: Bug bounties ‘often inefficient and expensive’

A study by code analysis firm Veracode has found most security researchers are driven by bug fixes and not payment, bringing into question the bug bounty model.  While it’s true that a handful of researchers who report security issues through bounty programs like HackerOne have earned $1 million over a few years, the bug bounty […]


Windows Defender anti-malware glitch breaks file scanning on Windows 10, Windows 7

Credit: ID 89979293 © Svetlana Vitman | A recent update to Windows Defender and Microsoft Security Essentials is causing widespread problems for Windows users trying to scan systems for malicious files.  The glitch in Microsoft’s anti-malware is being reported by Windows 7, Windows 8.1, and Windows 10 users.  As per German tech blog Borncity, […]


GitHub acquires Semmle to speed up bug hunting in open source projects

Credit: ID 127625451 © Gagarych | Microsoft-owned code-sharing site GitHub has acquired Semmle, a firm behind the code analysis query engine, QL, and LGTM, its QL-powered continuous code analysis platform. Both help developers find security flaws in products.  Semmle has a number of high profile customers including Google, Mozilla, Microsoft, NASA, NASDAQ, and Uber.  […]


Misconfigured WS-Discovery in devices enable massive DDoS amplification

Hundreds of thousands of devices can be abused to amplify distributed denial-of-sevice (DDoS) attacks because they are misconfigured to listen and respond to WS-Discovery protocol requests over the internet. Web Services Dynamic Discovery (WS-Discovery or WSD) is an UDP-based communications protocol used to automatically discover web-based services inside networks. It’s been used by printers, cameras […]

Recent Posts