Security Experts:

long dotted


ZDI is prepared to offer over $1 million for VM escapes, web browser hacks, privilege escalations, Office flaws and server exploits at Pwn2Own 2017 [Read More]
US-CERT issues a warning after the Shadow Brokers group has offered to sell what it claims to be an SMB zero-day exploit [Read More]
Oracle on Tuesday released its first Critical Patch Update (CPU) for 2017, to address 270 security issues across its products, 121 of which were found in Oracle E-Business Suite. [Read More]
A researcher earned $40,000 from Facebook for finding a remote code execution vulnerability that could be exploited via ImageTragick [Read More]
A security vulnerability that allowed a privileged attacker to arbitrary write values within kernel space lurked in Nexus 9’s kernel for two years before being patched, IBM security researchers reveal. [Read More]
Many critical infrastructure organizations have had their IT networks breached. Does that mean their control systems are also vulnerable to attacks? [Read More]
Microsoft's Windows 10 can block exploitation of zero-day vulnerabilities before they are even patched, Microsoft says. [Read More]
Cure53 audited the Dovecot email server via the Mozilla SOS program and found only three minor security issues [Read More]
Unpatched vulnerabilities in the McDonald’s website expose user passwords to phishing attacks [Read More]
Carlo Gavazzi releases firmware updates for its VMU-C energy monitoring products to address critical vulnerabilities [Read More]

FEATURES, INSIGHTS // Vulnerabilities

rss icon

Adam Meyer's picture
Cyber threat intelligence is showing us is that most threats simply exploit a series of well-documented vulnerabilities and other weak points to move along the path of least resistance – and the most profit.
Josh Lefkowitz's picture
Not adhering to responsible disclosure has the potential to amplify the threats posed by certain vulnerabilities and incidents.
Jim Ivers's picture
Many of you understand that addressing the vulnerabilities in your software is something you can no longer ignore, and are ready to get serious about software security.
Jim Ivers's picture
If your target is a connected toy, there is a new angle to consider: how secure is that toy? Is the connectivity of the toy potentially exposing personal data about your child?
David Holmes's picture
Many can figure out how to hack Smart-city services using simple techniques like replay to get free services or, in some cases, make a little bit of money.
Torsten George's picture
Faced with hundreds, thousands, and even hundreds of thousands of vulnerabilities across their IT infrastructures leaves security practitioners at a virtually insurmountable disadvantage.
Jim Ivers's picture
As with any business relationship, you should use software or open source components from your allies with your eyes open to the potential risks.
Erin O’Malley's picture
What’s worse than having to cook a Thanksgiving turkey? How about being forced to relegate the poor bird to a crock pot after discovering that your net-connected oven and wireless meat thermometer have both been hacked?
Alastair Paterson's picture
Understanding what makes a good exploit kit is the first step in protecting against such attacks. But what else can you do to prevent adversaries from using exploit kits against your organization?
Jennifer Blatnik's picture
The interests of the researchers should be to make the world more secure, not profit from a corporation’s vulnerabilities.