Attackers are exploiting a vulnerability patched last month in the Apache Struts web development framework to install ransomware on servers. The SANS Internet Storm Center issued an alert Thursday, saying an attack campaign is compromising Windows servers through a vulnerability tracked as CVE-2017-5638. The flaw is located in the Jakarta Multipart parser in Apache Struts…
More than a year after introducing a virtual assistant in its Messenger app, Facebook is launching M to the masses. While it was originally conceived as a bot that users would chat with, M now only offers a set of suggestions that are supposed to help with the conversation being carried out. For example, when…
In a very unusual move, Apple this week renounced its usual secrecy about future products to counter questions about its commitment to the Mac, analysts said today. At an invite-only meeting with a handful of Apple bloggers and reporters, two of Apple’s top executives — marketing head Philip Schiller and Craig Federighi, who leads software…
The U.S. government is taking action that will likely increase the visa denial rates of H-1B programmers, a move that could help U.S. nationals, both in terms of wages and jobs. The U.S. Citizenship and Immigration Service (USCIS) wants programmers who offer skills that are specialized or unique. That means firms seeking to hire programmers…
If you plan to buy a new PC or mobile device this year, you’ll likely be shelling out more cash than in previous years. Prices are going up, and expensive devices are in demand. On average, the price of PCs and phones will go up by 2 percent this year, Gartner said in a research report…
MIAMI — Google is one company that lives and dies in the web, so for many reasons, they need to care — a lot — about browser security. That was the focus of engineering lead for Chrome Security at Google, Justin Schuh’s keynote speech at this year’s Infiltrate 2017 conference. There are three main reasons why…
Nginx has begun certifying third-party modules for use with its commercially supported, enterprise-level web server and load balancer. The modules add capabilities like security, device detection, and application serving. Nginx Plus Certified Modules are assured by the company to work with its Nginx Plus server. DeviceAtlas, Forgerock, Phusion, Ping Identity, Stealth Security, and Wallarm have…
In the wake of the Food and Drug Administration (FDA) issuing both “premarket” (2014) and “postmarket” (2016) guidance for improving security in the development and manufacture of connected medical devices, the Open Web Application Security Project (OWASP) has released a set of best practices for the secure deployment of those devices. As the report’s author…
Western Digital today introduced its first portable SSD, the My Passport SSD. The new palm-sized SSD claims read/write speeds that rival those of internal SATA-attached SSDs — up to 515MBps. The new drive uses a USB Type-C (reversible) connector and the USB 3.1 Gen 2 (10Gb/s) standard; it also comes with an adapter to use…
Pebble owners are a devoted bunch, having crowdfunded the first big cross-platform smartwatch into existence and seeing it become the template that rival smartwatch makers would follow. But now that Pebble has been acquired by Fitbit and is presumably nearing the end of its life, Pebble users fretted that their watches would cease to work…