There has been a growing shift in the way software is developed and one the security industry has unfortunately been slow to adapt to and adopt. I’m talking, of course, about agile. Agile exists in order to help developers write and release software early and often. This has the benefit of allowing companies to quickly react to changes in the market, however when a security review is a requirement of going live, how can a development team be truly agile? Is it possible to be both secure and have the flexibility to go live when needed?

Despite initial thoughts, pulling robots apart and killing zombies does eventually get boring so I decided to see what else could be done in Virtual Reality. When looking for other interesting VR applications, one kept coming up as recommended on sites such as reddit; SinVR. Honestly, it was a little underwhelming so instead my night was spent pulling it apart. Who knew that decompiling an application would be more interesting than virtual women?

Jahmel Harris at Digital Interruption submitted two bugs to ToyTalk and was awarded $1750. As the issues have been resolved, he wanted to write about the vulnerabilities so other developers will take this type of attack into account when writing mobile applications.

WordPress is one of the most popular Content Management Systems and is a favourite choice for SMEs. It allows websites to be built that look good, perform well and are cheap to develop. Because of its success, it also a popular target for malicious attackers. A question we hear a lot at Digital Interruption is “Why did I get attacked? My site isn’t interesting”. What we often see is that an attacker rarely will choose a target based on the content of the site. Often the Internet is scanned for easy to hack WordPress installations. If you are part of that list, expect to be hit.

No one knows who wrote the WannaCry ransomware. What we do know is it was weaponized using a leaked exploit from the National Security Agency (NSA). An exploit is a piece of software that can be used by an attacker to take advantage of a flaw or vulnerability to gain access to computer systems. Attacks such as these cost billions of dollars a year, not just in loss of business due to down time and the cost of fixing the vulnerabilities, but also in ransoms to attackers.