PCI Security Standards Council Releases Guidance on Pen Testing

credit-cards
The PCI Security Standards Council has published new guidance to help organizations develop methodology for testing the security controls and processes protecting cardholder data. The report, available here, was developed by a PCI Special Interest Group of industry experts and is aimed at organizations of all sizes, budgets...
Continue reading »

Schneider Electric Fixes Vulnerabilities in HMI Products

schneider-logo-680x400
Schneider Electric has released software updates to address several vulnerabilities affecting the Wonderware InTouch Machine Edition 2014 and InduSoft Web Studio product lines. Wonderware InTouch Machine Edition is designed for the development of secure, intuitive and highly maintainable human-machine interface (HMI) applications for embedded devices, intelligent machines, and...
Continue reading »

Thousands of Hijacked WordPress Sites Redirect Users to Exploit Kits

niche-sites1
Cybercriminals have been leveraging a vulnerability in a popular WordPress plugin to redirect the visitors of thousands of websites to exploit kits, a researcher has warned. Data gathered by security researcher Yonathan Klijnsma and Germany’s Computer Emergency Response Team (CERT-Bund) shows that roughly 3,000 websites have been compromised....
Continue reading »

Multiple Vulnerabilities Patched in pfSense

pfSense_1
Researchers at High-Tech Bridge have uncovered multiple vulnerabilities in the Web interface of pfSense that can be exploited to perform cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. PfSense is an open source firewall/router software distribution based on the FreeBSD operating system. “Successful exploitation of the vulnerabilities...
Continue reading »

PhishMe Raises $13 Million

npzEkCR9
PhishMe, a company that helps organizations teach security awareness by educating employees on how to identify Phishing attacks, today announced it has raised $13 million in Series B funding. Led by existing investor Paladin Capital Group and new investor Aldrich Capital Partners, the funding round brings PhishMe’s total...
Continue reading »

Tech Firms, Activists Renew Surveillance Reform Push

2015_obamasecurtiy_Reuters
Big US technology firms joined a coalition of activists Wednesday urging Congress to pass a law scaling back government surveillance ahead of key deadline. A letter endorsed by more than 40 groups including an alliance that includes Google, Facebook, Twitter, and Apple pressed for surveillance reforms ahead of...
Continue reading »