The Open Web Application Security Project (OWASP) is a popular non-profit community that provides guidance and tools to help organizations build and maintain secure web applications. Every three to four years, OWASP releases a document titled the OWASP Top 10, in which they detail the ten most critical risks associated with web application security. This […] Read More – OWASP Top 10 Web Application Security Update Read more “OWASP Top 10 Web Application Security Update”

On December 1, an update to Rule 41 of the Federal Rules of Criminal Procedure took effect. This rule allows one judge to give authorities, like the FBI, a warrant to hack not only a computer in their district, but remote computers in other states, and perhaps around the world. The rule is supposed to […] Read More – Rule 41 Update – Daily Security Byte Read more “Rule 41 Update – Daily Security Byte”

Tavis Ormanday, a well-known security engineer for Google, disclosed a number of critical vulnerabilities in some of Symantec’s endpoint security products. If you use Symantec or Norton’s antivirus (AV), watch the video below to learn how bad these flaws are, and where to find the updates. Read more “Critical Symantec AV Flaws – Daily Security Byte EP. 282”

This document describes the security content of?AirPort Base Station Firmware Update 7.6.7 and 7.7.7. Read more “About the security content of AirPort Base Station Firmware Update 7.6.7 and 7.7.7”

Glibc is the standard C library that ships with most version of Linux. It includes many functions that handle the common tasks programs might need, such as looking up IP addresses associated with domain names. This week, Google and Red Hat researchers disclosed a serious vulnerability in this common library, which could allow remote attackers to execute code on your Linux machines Read more “Glibc Helps Hackers Pop Linux – Daily Security Byte EP. 217”

Last week, the OpenSSL team fixed a vulnerability that could?allow attackers to get the key used to encrypt your HTTPS or SSL connections. Watch today’s video to learn a bit more about this vulnerability, the update, and how WatchGuard products are affected. Read more “OpenSSL DSA Vulnerability – Daily Security Byte EP. 209”

Oracle follows a quarterly patch cycle, and today they released their big Critical Patch Update (CPU) for October 2015. Since they only update four times a year, they tend to release tons of patches at once. Read more “Oracle CPU for Oct. 2015 – Daily Security Byte EP. 162”

A new malvertising campaign went undetected for three weeks due?to advertisers adopting HTTPS. Learn how secure web communications might introduce unexpected new?risks in today’s daily video. (Episode Runtime: 2:57 ) Direct YouTube Link:? https://www.youtube.com/watch?v=u3DURxAy7Lw EPISODE REFERENCES: Malvertising hiding in HTTPS ?–? Motherboard Malvertising campaign goes undetected ?–? MalwareBytes Malvertising campaigns triple ?–? Riskiq —? Corey Nachreiner, CISSP ?( @SecAdept ) Read more “HTTPS Masks Malvertising – Daily Security Byte EP.145”