Security

SJ Technologies partnered with Sonatype for the DevSecOps Community 2018 Survey. The survey was wildly popular, receiving answers from more than 2,000 respondents representing a wide range of industries, development practices, and responsibilities. One-third of respondents (33%) came from the technology industry, and banking and financial services was the second most represented group (15%). 70% of all respondents were using a container registry. With so many respondents utilizing containers, a deeper dive into container security is in order.

German researchers reckon they have devised a method to thwart the security mechanisms AMD's Epyc server chips use to automatically encrypt virtual machines in memory.

So much so, they said they can exfiltrate plaintext data from an encrypted guest via a hijacked hypervisor and simple HTTP requests to a web server running in a second guest on the same machine.

Oracle plans to drop support for data serialization/deserialization from the main body of the Java language, according to Mark Reinhold, chief architect of the Java platform group at Oracle.

Serialization is the process of taking a data object and converting it into a stream of bytes (binary format), so it can be transported across a network or saved inside a database, only to be deserialized later and used in its original form.

I don’t have an voice-activated assistant in my home.

Call me paranoid if you like, but I just don’t like the idea of some internet-enabled gadget always “listening” to what’s being said, waiting to hear if it’s being given a voice command. By my reckoning I’ve survived just fine for forty-cough years without a voice-activated assistant, so I’ll probably be just fine without one.

In 2000, I leapt out of journalism and in to security communications. I was relocating to the San Francisco Bay Area and, despite the downturn, tech was king. I also wanted to lend my unique albeit non-technical skill set to a technology that protected people or, at the very least, attempted to reduce harm caused by malicious behavior.

The FBI is advising users of consumer-grade routers and network-attached storage devices to reboot them as soon as possible to counter Russian-engineered malware that has infected hundreds of thousands devices.

For the second time this week, a company has been found to have accidentally exposed customer data to virtually anyone. Following TeenSafe's incident, it seems that it's now T-Mobile who has left information unprotected due to a bug. The flaw was discovered in April by security researcher Ryan Stevenson.

While hackers have taken advantage of numerous vulnerabilities in Adobe's products to deliver payloads to Windows users via PDF files, a malicious PDF file can also wreak havoc on a Mac that's using the default Preview app. So think twice before double-clicking a PDF open on your MacBook — it might just be a Trojan with a rootkit inside.

L33tdawg: Sounds a bit like this talk that's up for voting at HITBGSEC in Singapore

A new attack that uses processors' speculative-execution capabilities to leak data, named Speculative Store Bypass (SSB), has been published after being independently discovered by Microsoft's Security Response Center and Google Project Zero. Processors from Intel and AMD, along with some of those using ARM's designs, are all affected.

A little-known service has been leaking the real-time locations of US cell phone users to anyone who takes the time to exploit an easily spotted bug in a free trial feature, security news site KrebsOnSecurity reported Thursday.