Security Experts:

long dotted


The complete source code for the Android remote access Trojan (RAT) called Dendroid has been leaked online and, after analyzing it, researchers determined that the malware is plagued by several vulnerabilities.
At the upcoming USENIX Security Symposium, two researchers from U.C. Berkeley will present techniques for defeating defenses against return oriented-programming.
Facebook has fixed a vulnerability that could have been leveraged to amplify distributed denial-of-service (DDoS) attacks by using the company's own datacenters.
A recent security bulletin released by Microsoft as part of the August 2014 Patch Tuesday can lead to a crash on some systems, the company said in a knowledge base article.
Safari 6.1.6 and Safari 7.0.6, the latest versions of Apple's Web browser, come with fixes for several security vulnerabilities, some of which could be exploited to remotely execute arbitrary code.
A researcher has identified several vulnerabilities in the WordPress plugin for Disqus, the popular comment hosting service for websites and online communities.
BlackBerry patched an authentication bypass vulnerability affecting its smartphones as well as an information disclosure issue impacting BlackBerry Enterprise Server this week.
Adobe released security updates for Adobe Flash Player, Adobe Reader and Adobe Acrobat to address several critical vulnerabilities, including one (CVE-2014-0546) that has been exploited in the wild.
Microsoft patched 37 vulnerabilities today as part of its Patch Tuesday release.
Microsoft has announced its intention to stop supporting older versions of the Internet Explorer Web browser starting with January 12, 2016.

FEATURES, INSIGHTS // Vulnerabilities

rss icon

Jason Polancich's picture
Businesses have more data on hand than they think. They key is crafting a plan to track it and combine it with data from outside their own walls against which the internal data can be analyzed.
Torsten George's picture
When an organization is solely focused on strengthening its compliance posture to pass an audit, they primarily look at control failures and gaps and try to mitigate them.
Mark Hatton's picture
You need to identify your security shortcomings before someone else does. Simulate attacks and tests to associate known vulnerabilities, previous attack patterns, and security/network data to identify potential attack paths to your company’s most important data.
Scott Simkin's picture
While SSL decryption is necessary for maintaining network security, security admins need to establish strict rules about how they handle decrypted data.
Ryan Naraine's picture
John Hultquist, Manager of Cyber Espionage Threat Intelligence at ISIGHT Partners, joins the podcast to talk about "NEWSCASTER," a cyber espionage operation that uses fictitious social media accounts to launch attacks.
Danelle Au's picture
The protection of connected ( Internet of Things) devices is likely better performed at a network level rather than an endpoint level due to the variety of devices that may exist and the limited endpoint security functions that can be supported.
Mark Hatton's picture
The fact that you aren’t seeing or hearing about potential threats to the organization, or alarms aren’t being raised by the security team, shouldn’t make you feel better as an executive.
Torsten George's picture
A threat is the agent that takes advantage of a vulnerability. This relationship must be a key factor in the risk assessment process and can no longer be treated as risk’s neglected step child.
Mark Hatton's picture
Here are five things I recommend security pros keep in mind when navigating the line between tight security and keeping the organization running at peak proficiency.
Chris Hinkley's picture
Whether you’re buying a smart refrigerator for your home or a printer for your company, your first step is deciding the risk involved and how to deploy the device in a secure manner while preserving the functionality you require.