Jeff Williams

671 Flips | 1 Magazine | 29 Likes | 20 Following | 179 Followers | @planetlevel | Founder and CTO of Contrast Security. Aging basketball enthusiast and experienced boomerang designer.

Introduction to DevSecOps

With DevSecOps, you can reach higher security standards while following DevOps principles. This Refcard will show you how to get started with …

Chinese Wind Turbine Manufacturer Gets Max. Fine for Source Code Theft

Sinovel Wind Group has been sentenced for stealing trade secrets from the company formerly known as American Superconductor Inc.

Information Security

WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour

Although web application firewall (WAF) solutions are very useful to prevent common or automated attacks, most of them are based on blacklist approaches and are still far from perfect. This talk illustrates a number of creative techniques to smuggle and reshape HTTP requests using the strange …

Information Security

The biggest cybersecurity risk to US businesses is employee negligence, study says

Hackers are no match for human error.<p>Employee negligence is the main cause of data breaches, according to a state of the industry report by Shred-it, …

Remote Working

Obama Cybersecurity Czar: Election Systems in Every State 'Likely' Hacked by Russians

Michael Daniel, a former special assistant to former president Barack Obama and cybersecurity coordinator, on Wednesday said he thought it “highly …

'Hidden Tunnels' Help Hackers Launch Financial Services Attacks

Hackers are using the infrastructure, meant to transmit data between applications, for command and control.

Cybersecurity

Google Developer Discovers a Critical Bug in Modern Web Browsers

Google researcher has discovered a severe vulnerability in modern web browsers that could have allowed websites you visit to steal the sensitive …

Decades-old PGP bug allowed hackers to spoof just about anyone’s signature

SigSpoof flaw fixed in GnuPG, Enigmail, GPGTools, and python-gnupg.<p>For their entire existence, some of the world's most widely used email encryption …

Pen Tester find several ways to hijack, track, steal and even sink shipping vessels

The shipping industry's cybersecurity is still in its infancy and prone to attacks which could allow a threat actor to track, hijack, or even sink a …

Security Flaw Impacts Electron-Based Apps Such as Skype, GitHub, Discord, Others

Security researchers have found a security flaw in Electron, a software framework that has been used in the past half-decade for building a wealth of …

CONTRAST LABS: March 2018 AppSec Intelligence Report

Contrast Labs' analysis of real world application security data from March 2018. We're going to change it up a bit this month by expanding our …

Russia Accidentally Sabotages Its Internet

It’s the latest Kremlin attempt to clamp down on Russians’ online activity. And it blocked almost 16 million IP addresses belonging to Amazon and …

Security warning: Your suppliers are now your weakest link

Cybersecurity agency warns of 796 attacks against business, says that hackers will attempt to reach their targets through their suppliers.<p>Special …

Cybersecurity

7 Deadly Security Sins of Web Applications

The top ways organizations open themselves up to damaging Web app attacks.

Information Security

How Contrast Security protects applications from the inside out

Proper cybersecurity these days requires a defense in depth. Like in military planning, relying on a single defensive line is a recipe for failure, …

Contrast Security Recognized as the Only Visionary in Gartner 2018 Magic Quadrant for Application Security Testing

<b>Los Altos, Calif. – March 20, 2018</b> – Contrast Security, the pioneer in enabling “self-protecting” software with security safeguards built directly …

GitHub Survived the Biggest DDoS Attack Ever Recorded

On Wednesday, at about 12:15 pm EST, 1.35 terabits per second of traffic hit the developer platform GitHub all at once. It was the most powerful …

Cybersecurity

Adobe Acrobat Reader Affected with Remote Code Execution Vulnerability

A Critical Remote Code Execution vulnerability discovered in Adobe Acrobat Reader DC that will perform a stack-based buffer overflow and execute the …

The Use of Counterfeit Code Signing Certificates Is on the Rise

<i>Click here to download the complete analysis as a PDF.</i>Key Judgements• We observed the earliest use of stolen code certificates in 2011, but it was not …

Government websites have quietly been running cryptocoin mining scripts

A security researcher has discovered thousands of legitimate websites — many belonging to local governments and government agencies — running scripts that secretly force visitors’ computers to mine cryptocoins.<p>In the UK, both the websites of the Information Commissioner’s Office and the Student …

Winter Olympics organizers say the 'Olympic Destroyer' cyberattack took down their computer servers during opening ceremonies

Winter Olympics organizers say their computer servers experienced a cyberattack during opening ceremonies, Yonhap reported on Saturday.<p>Organizers said that internet-connected televisions crashed at the press center, according to officials cited by the report. The targeted servers were shut down, …

Cisco: Severe bug in our security appliances is now under attack

A proof-of-concept exploit for Cisco's 10-out-of-10 severity bug surfaces days after researcher details his attack.<p><i>Video: Top 10 malware threats in</i> …

Apple’s iOS source code leak – what you need to know

<b>What’s happened?</b><p>Earlier this week someone anonymously published a key piece of Apple’s iOS source code onto GitHub.<p><b>Which bit of iOS was it?</b><p>It was an …

Wish you could log into someone's Netgear box without a password? Summon a &genie=1

Get patching – there's this auth bypass and loads of other bugsIf you're using a Netgear router at home, it's time to get patching. The networking …

App sec as a service: Ready for the fast lane?

Traditional security testing is making less and less sense for many development teams.<p>Testing applications is a complex process: Static testing …

securityservices

Mitigations landing for new class of timing attack

Several recently-published research articles have demonstrated a new class of timing attacks (Meltdown and Spectre) that work on modern CPUs. Our …

After Equifax breach, anger but no action in Congress

The aftermath of the data breach played out like a familiar script: White-hot bipartisan outrage, then hearings and proposals that went nowhere.<p>The massive Equifax data breach, which compromised the identities of more than 145 million Americans, prompted a telling response from Congress: It did …

Security firm Keeper sues news reporter over vulnerability story

The vulnerability was fixed, but Keeper now demands that the allegedly defamatory article is pulled offline.<p>Keeper, a password manager software …

"Can DevSecOps Prevent the Impending Software Apocalypse?" - Jeff Williams

Researchers Made a Clever Tool to Detect Hacks Companies Haven't Told Users About

It feels only natural that 2017 would be the year we experienced one of the worst security breaches of all time. The Equifax hack affected 145.5 …

Security