Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Microsoft patched 189 critical vulnerabilities last year and a majority of them could have been mitigated by removing administrator rights [Read More]
Microsoft postponed security updates to March 14, but decided to release one after all to address Flash Player vulnerabilities in IE and Edge [Read More]
Researchers warn about the threat posed by logic bombs to industrial control systems (ICS), particularly programmable logic controllers (PLCs) [Read More]
Unpatched vulnerabilities in Java and Python allow attackers to use FTP injections to bypass firewalls, including from Cisco and Palo Alto Networks [Read More]
A remote command execution (RCE) vulnerability has been found by a researcher in Siklu EtherHaul radios [Read More]
An unpatched vulnerability affecting the Windows Graphics Device Interface (Windows GDI) was publicly disclosed last week after Microsoft failed to address it within 90 days after being notified. [Read More]
Kaspersky analyzed Android apps for several connected cars and found that most of them lack crucial security features [Read More]
Update released by Apple for GarageBand patches a code execution vulnerability discovered by Cisco Talos researchers [Read More]
High severity denial-of-service (DoS) vulnerability patched in OpenSSL 1.1.0 with the release of version 1.1.0e [Read More]
Microsoft informed customers that the February patches will only be released on March 14 as part of the next planned Update Tuesday [Read More]

FEATURES, INSIGHTS // Vulnerabilities

rss icon

Jim Ivers's picture
Enabling developers through the right mix of tools and education just makes too much sense and generates too much value for all concerned.
Adam Meyer's picture
Cyber threat intelligence is showing us is that most threats simply exploit a series of well-documented vulnerabilities and other weak points to move along the path of least resistance – and the most profit.
Josh Lefkowitz's picture
Not adhering to responsible disclosure has the potential to amplify the threats posed by certain vulnerabilities and incidents.
Jim Ivers's picture
Many of you understand that addressing the vulnerabilities in your software is something you can no longer ignore, and are ready to get serious about software security.
Jim Ivers's picture
If your target is a connected toy, there is a new angle to consider: how secure is that toy? Is the connectivity of the toy potentially exposing personal data about your child?
David Holmes's picture
Many can figure out how to hack Smart-city services using simple techniques like replay to get free services or, in some cases, make a little bit of money.
Torsten George's picture
Faced with hundreds, thousands, and even hundreds of thousands of vulnerabilities across their IT infrastructures leaves security practitioners at a virtually insurmountable disadvantage.
Jim Ivers's picture
As with any business relationship, you should use software or open source components from your allies with your eyes open to the potential risks.
Erin O’Malley's picture
What’s worse than having to cook a Thanksgiving turkey? How about being forced to relegate the poor bird to a crock pot after discovering that your net-connected oven and wireless meat thermometer have both been hacked?
Alastair Paterson's picture
Understanding what makes a good exploit kit is the first step in protecting against such attacks. But what else can you do to prevent adversaries from using exploit kits against your organization?