Security Experts:

More Security Headlines

Facebook’s new Security Checkup tool for desktop is now available globally. Mobile version coming soon.
The poor signal-to-noise ratio of public bug bounty programs is making invite-only programs more attractive, says Bugcrowd.
Sharing details of the breach would help other organizations identify if they have also been targeted by this group, security experts said.
Industrial cybersecurity startup CyberX has launched its Industrial Threat Intelligence Platform, which the company says can help utilities identify cyber security threats in operational networks.
Researchers discovered an Android vulnerability that can be exploited via specially crafted MKV files to crash phones.
Almost 2 years after the launch of its bug bounty program, Yahoo says it has paid out more than $1 million so far.
Commercial code is more compliant with OWASP Top 10 and CWE 25 standards compared to open source code.
Shellshock is still actively exploited in multiple campaigns by various threat actors, according to Solutionary’s latest threat report.
Most Americans want their government to take action against nation states that launch cyberattacks against US government organizations
BIND has been updates to patch a critical DoS vulnerability that exposes almost all BIND servers.

SecurityWeek Experts

rss icon

David Holmes's picture
As new SSL vulnerabilities surface, we can use our enterprise-specific categorization to decide if it’s going to be a Godzilla day or a Hello Kitty day.
Scott Gainey's picture
Organizations are asking the question – how much do I really need to spend on security in order to tip the scales in my favor? In order to answer that question you must first quantify the impact and risk of a cyber attack.
Jason Polancich's picture
In today’s cyber defense world as in other business domains, actions should speak louder than words. Yet, too often, being “actionable” is just that - a word with no meaning.
Joshua Goldfarb's picture
When rock stars use their platforms to harp on populist issues or bring attention to themselves or their agendas, it comes at the expense of all of these challenges. In my view, this does not help advance the state of security.
Fahmida Y. Rashid's picture
A CISO's job is on the line after a data breach, even if he or she had no authority to make changes or implement necessary plans.
Travis Greene's picture
Does it really matter if someone steals your healthcare records? What would a hacker do with that information? Sell it? To whom and for what purpose?
Alan Cohen's picture
Like other forms of technical debt, security debt must be paid down, which ultimately leads to a more agile and secure enterprise.
Danelle Au's picture
If your organization is not equipped to deal with the security of Emergent IT, it is probably not equipped to deal with the security of mainstream applications sanctioned by IT.
Marc Solomon's picture
Given the continuous innovation by attackers, it’s likely that your malware analysis needs have exceeded the capabilities of traditional sandboxing technologies.
Torsten George's picture
In response to the uptick in cyber-attacks, legislators and industry governing bodies alike have started to revise their guidelines to emphasize the implementation of a pro-active, risk-based approach to security over the traditional check-box mentality.