Security Experts:

long dotted


The US homeland security chief said authorities have confidence in the integrity of electoral systems despite growing cybersecurity threats. [Read More]
Vulnerabilities found by researchers in the Android version of the secure messaging app Signal allow hackers to remotely crash the app and modify attachments [Read More]
Attackers have been attempting to exploit a critical vulnerability in the RESTWS Drupal module. The issue was patched in July [Read More]
Microsoft releases 13 security bulletins to patch 50 vulnerabilities, including a browser flaw exploited in the wild [Read More]
Adobe releases security updates to patch 29 vulnerabilities in Flash Player, 7 flaws in Digital Editions, and one issue in Adobe Air SDK & Compiler [Read More]
Researcher discloses MySQL zero-day vulnerability (CVE-2016-6662) that can be exploited by hackers for root code execution [Read More]
WordPress 4.6.1 patches a couple of vulnerabilities, including a flaw that allows XSS attacks via filenames [Read More]
Google has released Android security patches meant to resolve numerous Critical bugs in the mobile platform, including the recently revealed QuadRooter flaws. [Read More]
A newly observed Linux Trojan backdoor is actively targeting Internet of Things (IoT) devices and enjoying very low detection rate, even on systems using the x86 architecture, researchers say. [Read More]
Yelp launched a new public bug bounty program with payouts of up to $15,000. [Read More]

FEATURES, INSIGHTS // Vulnerabilities

rss icon

Jim Ivers's picture
When will automakers speak up about the measures they have taken to test the software embedded in their vehicles?
Dan Cornell's picture
Security teams and DevOps teams aren’t always on the same page and the lack of communication often results in misaligned priorities that significantly inhibit productivity.
Jim Ivers's picture
Organizations should understand the risks and returns of open source and either start putting policies in place or getting serious about enforcing existing policies.
Torsten George's picture
Relying solely on existing intelligence provided by vulnerability scanners should only be a first step in a cyber risk management process.
Wade Williamson's picture
It turned out to be a tricky month for security admins to take that long-awaited summer vacation because July was one of the busiest months in recent memory in terms of vulnerabilities.
Jim Ivers's picture
If a car’s systems can be hacked to disable critical systems, then attacks can also be used to extract information. Similar to IoT, if data is being collected, data can be exfiltrated.
Torsten George's picture
Vulnerability assessments are often confused with penetration tests. In fact, the two terms are often used interchangeably, but they are worlds apart.
Jim Ivers's picture
IoT promises a lot of convenience, but there is a price to be paid if you don’t involve the best connected device ever created—your brain.
Torsten George's picture
Google Dorking can be used to identify vulnerable systems and trace them to a specific place on the Internet.
Emily Ratliff's picture
Wendy Nather coined the term “security poverty line” to describe how organizations operate when they have insufficient investment in IT security.