Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Three vulnerabilities, including two password issues, patched in the PostgreSQL open source database management system [Read More]
Symantec released an update for its Messaging Gateway product to address remote code execution and CSRF vulnerabilities [Read More]
Fuji Electric updated its Monitouch V-SFT HMI software to address several vulnerabilities, including remote code execution flaws [Read More]
Version control systems Git, Subversion, Mercurial and CVS affected by command execution vulnerability [Read More]
A Uruguayan high school student has been awarded a $10,000 reward after discovering a vulnerability in Google’s App Engine server. [Read More]
An unnamed company is offering up to $250,000 for virtual machine (VM) hacks as part of a secret bug bounty program [Read More]
U.S. Department of Defense’s “Hack the Air Force” bug bounty program has earned researchers $130,000 for 207 valid submissions [Read More]
A CSRF vulnerability in the PACER court system could have been exploited by hackers to access legal documents via the accounts of legitimate users [Read More]
Fuzzing tests conducted by Synopsys customers show industrial protocols are the least mature and the most risky [Read More]
SAP this week released another set of security patches for its products to address a total of 19 vulnerabilities, most of which are rated Medium severity. [Read More]

FEATURES, INSIGHTS // Vulnerabilities

rss icon

Jennifer Blatnik's picture
One of the crucial benefits of blockchain is its distributed capabilities, which mean there isn’t one centralized target to hack.
Jim Ivers's picture
Given the observation that consumers still seem oblivious to the risks and the lack of awareness about basic security hygiene, the education push will fall short.
David Holmes's picture
Security researchers found 26 vulnerabilities within ISP network devices that would have given them remote admin access to the majority of home networks in the United States.
David Holmes's picture
A manufacturer of a meter may have a different threat model involving the physical aspects of the device itself: device memory, firmware interface, ecosystem communications.
Jim Ivers's picture
These recommendations will help your organization reduce risk and save real money on the cost of resolving defects. It is not often you get such a clear win-win scenario.
Dan Cornell's picture
Being able to properly defend applications requires organizations to first identify their attack surfaces before meaningful risk management can take place.
Marie Hattar's picture
When done successfully, continuous testing and training prevents bugs and performance issues from going out the door, while enabling developers to better spot problems in the future.
Travis Greene's picture
To reduce exposure to malware, security teams need to learn the DevOps techniques that are being adopted across the rest of the IT organization.
Jim Ivers's picture
Medical devices are indeed vulnerable to attack, but the industry is waking up to the breadth of the problems, and several organizations are forming a vanguard to show the way forward.
Jennifer Blatnik's picture
If the WannaCry incident taught us anything, it’s that global, widespread ransomware can and will impact organizations without any notice. The time to prepare is now.