Tavis Ormandy | Breaking Cybersecurity News | The Hacker News

A severe security vulnerability has been discovered in the CloudFlare content delivery network that has caused big-name websites to expose private session keys and other sensitive data. CloudFlare, a content delivery network (CDN) and web security provider that helps optimize safety and performance of over 5.5 Million websites on the Internet, is warning its customers of the critical bug that could have exposed a range of sensitive information, including passwords, and cookies and tokens used to authenticate users. Dubbed Cloudbleed , the nasty flaw is named after the Heartbleed bug that was discovered in 2014, but believed to be worse than Heartbleed. The vulnerability is so severe that it not only affects websites on the CloudFlare network but affects mobile apps as well. What exactly is "Cloudbleed," how it works, how are you affected by this bug, and how you can protect yourself? Let's figure it out. What is Cloudbleed? Discovered by Google Project Ze

Today Google has publicly revealed its new initiative called " Project Zero, " a team of Star Hackers and Bug Hunters with the sole mission to improve security and protect the Internet. A team of superheroes in sci-fi movies protect the world from Alien attack or bad actors, likewise  Project Zero is a dedicated team of top security researchers, who have been hired by Google to finding the most severe security flaws in software around the world and fixing them. PROTECT ZERO vs ZERO-DAY Project Zero gets its name from the term " zero-day ," and team will make sure that zero-day vulnerabilities don't let fall into the wrong hands of Criminals, State-sponsored hackers and Intelligence Agencies. " Yet in sophisticated attacks, we see the use of "zero-day" vulnerabilities to target, for example, human rights activists or to conduct industrial espionage. " Chris Evans said , who was leading Google's Chrome security team and now will lead Pro

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.

Google and Microsoft are at each other's throats again. In a recent statement, Microsoft says hackers have been actively exploiting a vulnerability that was publicly disclosed by a Google researcher,  Tavis Ormandy . Microsoft addressed the vulnerability in its monthly " Patch Tuesday " package of fixes for July. Tavis Ormandy revealed the vulnerability in Windows 7 and 8 allows local users to obtain escalated privileges , making it easier for a hacker to compromise a system. Ormandy has been criticized by Microsoft and some in the security community who subscribe to the practice that a vulnerability shouldn't be made public until a software maker has an opportunity to fix it. Ormandy said that Microsoft " treat vulnerability researchers with great hostility " and are " often very difficult to work with ". He also advised researchers to use pseudonyms when dealing with the software giants. In 2012, Tavis accused Sophos of " poor development practices