Category Archives: TrustWave

Payments Giant Verifone Investigating Breach

Posted on by

Credit and debit card payments giant Verifone [NYSE: PAY] is investigating a breach of its corporate computer networks that could impact companies running its point-of-sale solutions, according to multiple sources. Verifone says the extent of the breach was “limited” and that its payment services network was not impacted.

San Jose, Calif.-based Verifone is the largest maker of credit card terminals used in the United States. It sells point-of-sale terminals and services to support the swiping and processing of credit and debit card payments at a variety of businesses, including retailers, taxis, and fuel stations.

On Jan. 23, 2017, Verifone sent an “urgent” email to all company staff and contractors, telling them that they had 24 hours to change all company passwords. Continue reading Payments Giant Verifone Investigating Breach

How Netgear and Trustwave built a virtuous cycle of vulnerability disclosure

Posted on by

Good news is rare in cybersecurity, but here’s some: Coordinated, responsible disclosure of software security gaps is increasingly the norm — and manufacturers are more and more willing to work with white-hat hackers who find bugs or flaws in their products. It’s a virtuous cycle — researchers and manufacturers working together to make products more secure — that government wonks […]

The post How Netgear and Trustwave built a virtuous cycle of vulnerability disclosure appeared first on Cyberscoop.

Continue reading How Netgear and Trustwave built a virtuous cycle of vulnerability disclosure

Hundreds of Thousands of Netgear Routers Vulnerable to Password Bypass

Posted on by

Hundreds of thousands–potentially more than one million–Netgear routers are susceptible to a pair of vulnerabilities that can lead to password disclosure. Continue reading Hundreds of Thousands of Netgear Routers Vulnerable to Password Bypass

Top trends in security testing and vulnerability management

Posted on by

Many businesses fail to conduct frequent security testing despite believing that it’s critically important to securing their systems and data. One in five of businesses surveyed admitted they don’t do any security testing, despite the fact that 95 percent of survey respondents reported encountering one of the dozen common security issues associated with security vulnerabilities. The findings are based on an Osterman Research survey of 126 security professionals who have knowledge about or responsibility for … More Continue reading Top trends in security testing and vulnerability management

Threatpost News Wrap, June 13, 2016

Posted on by

Mike Mimoso and Chris Brook discuss the news of the week, including the back and forth around whether or not TeamViewer was hacked, the fallout around the years-old MySpace and Tumblr breaches, and a 90K Windows zero day.
Continue reading Threatpost News Wrap, June 13, 2016

Got $90,000? A Windows 0-Day Could Be Yours

Posted on by

How much would a cybercriminal, nation state or organized crime group pay for blueprints on how to exploit a serious, currently undocumented, unpatched vulnerability in all versions of Microsoft Windows? That price probably depends on the power of the exploit and what the market will bear at the time, but here’s a look at one convincing recent exploit sales thread from the cybercrime underworld where the current asking price for a Windows-wide bug that allegedly defeats all of Microsoft’s current security defenses is USD $90,000. Continue reading Got $90,000? A Windows 0-Day Could Be Yours