Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Suits and Spooks DC will be held at the Ritz-Carlton, Pentagon City on February 4-5. Take a look at the agenda to see why this will be one of the hottest events of the year!
A serious vulnerability in the privacy-focused Blackphone could have been exploited by a remote attacker to execute arbitrary code on a targeted device, a researcher revealed on Tuesday.
Adobe has updated Flash Player to version 16.0.0.296 to address a zero-day vulnerability exploited in the wild and a critical security hole that can be leveraged for remote code execution.
Security updates were released by Apple on Tuesday for OS X, iOS, Safari and Apple TV. A large number of vulnerabilities identified by the company’s internal security team and external researchers have been fixed.
Core Security Technologies issued an an advisory about multiple vulnerabilities impacting the FreeBSD operating system.
A critical vulnerability impacts Linux systems and can be used to remotely take control of a system, according to Qualys.
Both the size and frequency of distributed denial of service attacks jumped during the past year, according to Arbor Networks.
Researchers from Core Security have identified a vulnerability that can be remotely exploited for denial-of-service (DoS) attacks against certain Android devices.
The official NFL Mobile application exposes users' personal details, Wandera researchers warn just a few days before Super Bowl.
Google says it's no longer practical to fix vulnerabilities in older version of Android WebView and some experts believe it's a wise decision.

FEATURES, INSIGHTS // Vulnerabilities

rss icon

David Holmes's picture
The media was so taken with the idea that Kate Upton nude photos had caused a DDoS attack that they just took the story and ran with it. But what really caused disrupted service across New Zealand’s major ISPs?
Mark Hatton's picture
Without the ability to prioritize in certain situations, you may end up waiting weeks to apply the most important patch. Think of your corporate network like your home. There are probably lots of items on your honey do list, but they can’t all be completed today.
Torsten George's picture
It appears that 2014 will be remembered in the IT industry for several severe and wide-reaching server-side vulnerabilities. So what lessons can we learn from these vulnerabilities?
Torsten George's picture
To limit the risk of having drive-by malware attacks planted on their websites, organizations should monitor the payload of their different Internet properties, which for larger organizations can easily become a huge undertaking.
Fahmida Y. Rashid's picture
Opinions vary wildly among experts as to the potential impact of the Shellshock vulnerability. What is known—and agreed upon—at this point, is that Shellshock is a very serious vulnerability because it allows remote code execution and gives the attacker full access to the system.
Jason Polancich's picture
Businesses have more data on hand than they think. They key is crafting a plan to track it and combine it with data from outside their own walls against which the internal data can be analyzed.
Torsten George's picture
When an organization is solely focused on strengthening its compliance posture to pass an audit, they primarily look at control failures and gaps and try to mitigate them.
Mark Hatton's picture
You need to identify your security shortcomings before someone else does. Simulate attacks and tests to associate known vulnerabilities, previous attack patterns, and security/network data to identify potential attack paths to your company’s most important data.
Scott Simkin's picture
While SSL decryption is necessary for maintaining network security, security admins need to establish strict rules about how they handle decrypted data.
Ryan Naraine's picture
John Hultquist, Manager of Cyber Espionage Threat Intelligence at ISIGHT Partners, joins the podcast to talk about "NEWSCASTER," a cyber espionage operation that uses fictitious social media accounts to launch attacks.