Security Experts:

long dotted


Italian security researchers have discovered a vulnerability that can be easily exploited to break into messaging applications such as Telegram, WhatsApp, and Signal. [Read More]
A high severity DoS vulnerability that was fixed in ISC BIND releases in May 2013 affects some Linux distributions [Read More]
Researcher earns $9,000 for finding serious access control bypass vulnerabilities in Slack, including one that could have been used for account hijacking [Read More]
U.S. Department of Defense awards $7 million to HackerOne and Synack to help it launch more bug bounty programs similar to Hack the Pentagon [Read More]
Exploit found in the wild for local privilege escalation vulnerability in the Linux kernel, sarcastically dubbed “Dirty COW” and tracked as CVE-2016-5195 [Read More]
Lexmark patches critical vulnerability in Markvision Enterprise printer management software [Read More]
Oracle's Critical Patch Update (CPU) for October 2016 brings a total of 253 new security fixes across multiple product families, nearly half of which can be exploited remotely without authentication. [Read More]
Researchers have found a new ASLR bypass method by exploiting a hardware vulnerability [Read More]
A recently conducted security assessment of VeraCrypt has revealed over 25 security vulnerabilities in the popular encryption platform, including a critical cryptography flaw. [Read More]
Many home Internet routers are known to include vulnerabilities, while home users are not known for their ability to behave securely. [Read More]

FEATURES, INSIGHTS // Vulnerabilities

rss icon

Jim Ivers's picture
Mature organizations should adopt a blended approach that employs testing tools at various stages in the development life cycle.
Scott Simkin's picture
While exploit kits are certainly contributing to the steady rise in the number of cyberattacks, in the end, the methods they use to infect endpoints and networks can be stopped provided the proper steps are taken.
David Holmes's picture
SWEET32 is probably not something that an enterprise administrator needs to lose sleep over. Very likely, we will never see a SWEET32 attack in the wild, just as we never have for POODLE or BEAST.
Jim Ivers's picture
When will automakers speak up about the measures they have taken to test the software embedded in their vehicles?
Dan Cornell's picture
Security teams and DevOps teams aren’t always on the same page and the lack of communication often results in misaligned priorities that significantly inhibit productivity.
Jim Ivers's picture
Organizations should understand the risks and returns of open source and either start putting policies in place or getting serious about enforcing existing policies.
Torsten George's picture
Relying solely on existing intelligence provided by vulnerability scanners should only be a first step in a cyber risk management process.
Wade Williamson's picture
It turned out to be a tricky month for security admins to take that long-awaited summer vacation because July was one of the busiest months in recent memory in terms of vulnerabilities.
Jim Ivers's picture
If a car’s systems can be hacked to disable critical systems, then attacks can also be used to extract information. Similar to IoT, if data is being collected, data can be exfiltrated.
Torsten George's picture
Vulnerability assessments are often confused with penetration tests. In fact, the two terms are often used interchangeably, but they are worlds apart.