Author Archives: Matthew Pascucci

Recently, security researcher Juho Nurminen attempted to contact Adobe via their Product Security Incident Response Team (PSIRT) regarding a security bug he wanted to report. Instead, he stumbled across something much more vulnerable.
It turns out that… Continue reading PGP keys: Can accidental exposures be mitigated?→

VMware recently added a new service called AppDefense to their cybersecurity portfolio that aims to lower false positives and utilize least privilege in order to secure endpoints living on the host. VMware also has NSX to create microsegmentation on th… Continue reading VMware AppDefense: How will it address endpoint security?→

Recently, security researchers from Positive Technologies discovered a way to disable the Intel Management Engine that referenced a National Security Agency (NSA) program.

Over the years, the Intel ME has caused controversy while being touted as a bac… Continue reading Killer discovery: What does a new Intel kill switch mean for users?→

WireX was recently taken down by a supergroup of collaborating researchers from Akamai Technologies, Cloudflare, Flashpoint, Google, Oracle, RiskIQ and Team Cymru. This group worked together to eliminate the threat of WireX and, in doing so, brought to… Continue reading WireX botnet: How did it use infected Android apps?→

A list of 711 million records stolen by the Onliner spambot was recently discovered, and it’s utterly staggering to think of the sheer size of this data set. To put things into perspective: the United States only has 323 million people. Even if everyon… Continue reading How should security teams handle the Onliner spambot leak?→

According to the European Court of Human Rights, employers must inform their users if their business-related communications are being monitored while working for the organization. The court informed individuals that there must be a clear distinction of… Continue reading Monitoring employee communications: What do EU privacy laws say?→

As security researchers and vendors improve the security within their products, malicious actors are continually looking for ways to bypass them and continue their efforts. This cat and mouse game continues to play out, and is best seen in how malware … Continue reading How does the Ursnif Trojan variant exploit mouse movements?→

Whether you’re a fan of Adobe Flash or not, it has been a building block for interactive content on the web, and we must acknowledge what it has accomplished before talking about its eventual removal from the internet. These plug-ins helped usher in a … Continue reading Flash’s end of life: How should security teams prepare?→

It really depends on what you’re looking to offer and receive out of your bug bounty program. There are differences between a public and private bug bounty; normally, we see programs start as private, and then work their way into public. This isn’t alw… Continue reading How does a private bug bounty program compare to a public program?→

The certificate authority WoSign and its subsidiary StartCom will no longer be trusted by Google with their Chrome 61 release. Over the past year, Google has slowly been phasing out trust for StartCom and WoSign certificates, and as of September 2017, … Continue reading WoSign certificates: What happens when Google Chrome removes trust?→