Security Experts:

long dotted


Yahoo! has released a large scale web security scanning platform called Gryffin that is aimed at improving the safety of the Web.
The Internet of Things Security Foundation (IoTSF), a collaborative initiative aimed at addressing concerns regarding the security of IoT, on Wednesday launched publicly in London this week.
Google researcher Tavis Ormandy says security software increases exposure to targeted attacks. Kaspersky antivirus vulnerabilities provided as example.
Cisco has released patches for IOS and IOS XE software to address a serious authentication bypass and several DoS vulnerabilities.
Imgur has patched a vulnerability exploited to upload malicious image files that were used to attack 8chan.
Firefox 41 is available for download. The latest version of Mozilla’s web browser patches 30 vulnerabilities.
Apple releases WatchOS 2. The latest version of the Apple Watch operating system patches nearly 40 vulnerabilities.
Exploit acquisition company Zerodium is offering a total of $3 million for zero-day vulnerabilities in iOS 9.
Adobe has released Flash Player 19. The latest version patches 23 vulnerabilities, including many that can be exploited for arbitrary code execution.
Chrome is plagued by a flaw that can be used to cause a DoS condition simply by getting users to hover the mouse over a specially crafted URL.

FEATURES, INSIGHTS // Vulnerabilities

rss icon

Torsten George's picture
IoT opens up companies all over the world to more security threats, and only time will tell if the IoT vendor community can come together to create a common security framework that helps shrink the security risk iceberg and minimize the risk of cyber-attacks.
Nate Kube's picture
Critical services we rely on are increasingly dependent upon cyberphysical interactivity. The scope of these critical services continues to broaden and deepen across industries, especially as the functionality and speed of devices is more widely understood.
David Holmes's picture
As new SSL vulnerabilities surface, we can use our enterprise-specific categorization to decide if it’s going to be a Godzilla day or a Hello Kitty day.
Mark Hatton's picture
Unfortunately, when it comes to security, what you’ve accomplished means very little. It’s all about where the vulnerabilities still exist.
David Holmes's picture
Is it possible to apply this maxim to global SSL patch rates? Let’s take a look at the most recent SSL vulnerability: POODLE.
David Holmes's picture
The media was so taken with the idea that Kate Upton nude photos had caused a DDoS attack that they just took the story and ran with it. But what really caused disrupted service across New Zealand’s major ISPs?
Mark Hatton's picture
Without the ability to prioritize in certain situations, you may end up waiting weeks to apply the most important patch. Think of your corporate network like your home. There are probably lots of items on your honey do list, but they can’t all be completed today.
Torsten George's picture
It appears that 2014 will be remembered in the IT industry for several severe and wide-reaching server-side vulnerabilities. So what lessons can we learn from these vulnerabilities?
Torsten George's picture
To limit the risk of having drive-by malware attacks planted on their websites, organizations should monitor the payload of their different Internet properties, which for larger organizations can easily become a huge undertaking.
Fahmida Y. Rashid's picture
Opinions vary wildly among experts as to the potential impact of the Shellshock vulnerability. What is known—and agreed upon—at this point, is that Shellshock is a very serious vulnerability because it allows remote code execution and gives the attacker full access to the system.