Security Experts:

More Security Headlines

FBI chief James Comey renewed a call for broader authority to tap into emerging technologies, saying the Edward Snowden revelations have led to unwarranted mistrust of law enforcement.
Researchers have found that the components of the FDT/DTM specification, designed to ease the management of industrial control systems (ICS) contains serious vulnerabilities.
Trustwave researcher Ben Hayak presented an attack method, which he calls Same Origin Method Execution (SOME), at the Back Hat Europe security conference in Amsterdam, the Netherlands.
Akamai's Prolexic Security Engineering & Response Team found 4.1 million Internet-facing Universal Plug and Play devices are potentially vulnerable to being employed in this type of reflection DDoS attack.
Cybercrime costs are escalating for US companies and attacks are becoming more complicated to resolve, a study showed Wednesday.
The Drupal Security Team advises users to upgrade to version 7.32 as soon as possible.
A vulnerability in SSL 3.0 lets attackers extract session cookies and other secrets from encrypted online communications, but experts believe the seriousness is tempered by the overall difficulty in exploiting the vulnerability.
The combined efforts of a number of security companies helped disrupt malware linked to Chinese cyber-espionage group.
Risk I/O has raised an additional $4 million as part of its Series A financing round, and has named Karim Toubba as chief executive officer.
Oracle joined Microsoft today in issuing a bevy of patches for a number of its products.

SecurityWeek Experts

rss icon

Travis Greene's picture
Though there are unique risks associated with identity and access from mobile devices, there are also opportunities that mobile devices bring to address identity concerns.
Joshua Goldfarb's picture
Proper visibility doesn’t have to mean a deluge of uncoordinated data sources. To security operations and incident response teams, the buzz and hype should be about “big value”, not “big data”.
Fahmida Y. Rashid's picture
Opinions vary wildly among experts as to the potential impact of the Shellshock vulnerability. What is known—and agreed upon—at this point, is that Shellshock is a very serious vulnerability because it allows remote code execution and gives the attacker full access to the system.
Adam Firestone's picture
The misconception that Internet privacy equals anonymity must be dispelled if cyberspace is to be a secure and safe place. At the same time, mechanisms must be incorporated to ensure that communications remain confidential and resistant to unauthorized alteration by third parties.
James McFarlin's picture
Does a dangerous threat lie with ISIS’s possible use of cyber weapons against American critical infrastructure, financial system or other targets? Will such attacks be attempted and do the capabilities exist within ISIS to do so?
Wade Williamson's picture
As we build more accessible, scalable, and efficient computing models, we likewise open ourselves up to attacks that are likewise more accessible, scalable and efficient.
Marcus Ranum's picture
A few years ago, there was a bit of discussion about improving security. A number of researchers' systems and faculty systems had been compromised, and “something must be done” - but what?
Marc Solomon's picture
Thanks to significant technological advances what we can do is use knowledge of the past and the present to drive a desired future outcome. That capability is extremely important for better security given today’s threat landscape and the vicious cycle defenders face.
Adam Ely's picture
At the end of the day, the kill switch will not only decrease the amount of people mugged for their phones because there is little net value in the device itself, but it will also provide individuals with the means to wipe the device of personal information.
Joshua Goldfarb's picture
Although it may be tempting to envision a world where the analyst has been fully automated, this does not seem particularly reasonable.