Security News

Major security audit of critical FreeBSD components now available
2024-11-18 15:19

The FreeBSD Foundation, in partnership with the Alpha-Omega Project, has released the results of an extensive security audit of two critical FreeBSD components: the bhyve hypervisor and the...

Google Play adds security audit badges for Android VPN apps
2023-11-03 16:48

Google Play, Android's official app store, is now tagging VPN apps with an 'independent security reviews' badge if they conducted an independent security audit of their software and platform. Starting with VPN apps, which Google considers critical for user privacy and security due to handling sensitive data, the Play Store will display the "Independent security review" badge in the Data Safety Section.

New MOVEit Transfer critical flaws found after security audit, patch now
2023-06-09 18:49

Progress Software warned customers today of newly found critical SQL injection vulnerabilities in its MOVEit Transfer managed file transfer solution that can let attackers steal information from customers' databases. "An attacker could submit a crafted payload to a MOVEit Transfer application endpoint which could result in modification and disclosure of MOVEit database content," Progress says in an advisory published today.

Level Finance crypto exchange hacked after two security audits
2023-05-02 22:32

Hackers exploited a Level Finance smart contract vulnerability to drain 214,000 LVL tokens from the decentralized exchange and swapped them for 3,345 BNB, worth approximately $1,100,000. While Level Finance said the attack did not affect its liquidity pool and the DAO treasury, and the exploit was isolated from all other contracts, the LVL token lost roughly 50% of its value immediately after the attack was made known.

Independent security audits are essential for cloud service providers. Here’s why
2022-04-13 05:30

If you're a cloud service vendor, you should be prepared to answer this question from your customers: How can you prove your security and privacy practices are truly secure? An external review validates your existing security practices.

How to run a security audit on AlmaLinux with Lynis
2022-03-21 16:07

Lynis is more than just a rootkit detector, as it makes it possible to run detailed auditing of your Linux servers for numerous security issues as well as misconfigurations. I want to walk you through the process of installing Lynis and running a scan on AlmaLinux.

CISA releases new ransomware self-assessment security audit tool
2021-06-30 20:26

The US Cybersecurity and Infrastructure Security Agency has released the Ransomware Readiness Assessment, a new module for its Cyber Security Evaluation Tool. RRA is a security audit self-assessment tool for organizations that want to understand better how well they are equipped to defend against and recover from ransomware attacks targeting their information technology, operational technology, or industrial control system assets.

Feeling bad about your last security audit? Check out what just happened to the US Department of Interior
2020-09-17 23:47

The US Department of the Interior spectacularly failed its latest computer security assessment, mostly for a lack of Wi-Fi defenses. The infosec experts also noted other security shortfalls, such as a lack of network segmentation that would allow intruders to casually move between systems, incomplete inventory records of wireless networks, and a reliance on pre-shared keys that could be exploited by miscreants to eavesdrop on network traffic.

CISOs struggling to prep for security audits
2020-09-16 03:30

CISOs are tasked with preparing for more than three audits on average in the next 6-12 months, but struggle with inadequate tools, limited budgets and personnel, and inefficient manual processes. "This survey clearly shows that CISOs at major companies are caught between a rock and hard place when it comes to security and compliance audits over the second half of 2020 and want automated tools to help dig them out. Unfortunately, they're simply not able to find them," said Scott Schwan, Shujinko CEO. "Teams are cobbling together scripts, shared spreadsheets, ticketing systems and a hodgepodge of other applications to try to manage, resulting in inefficiency, lengthy preparation and limited visibility. More than two-thirds of CISOs are looking for something better."

D-Link must suffer indignity of security audits to settle with the Federal Trade Commission
2019-07-03 16:30

No admission of guilt, but plenty of new rules to follow Taiwanese networking equipment vendor D-Link will have to submit to a decade of product security audits after agreeing to settle a lawsuit...