Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Products from F5, Cisco, Citrix and others vulnerable to new version of old crypto attack. Facebook, PayPal and other top websites impacted [Read More]
Microsoft patches 19 critical browser vulnerabilities with December 2017 Patch Tuesday updates - none exploited in the wild or publicly disclosed [Read More]
SAP’s Security Patch Day for December 2017 marks a change in the history of SAP patches: it also includes CVE numbers in the titles of the security notes. [Read More]
Adobe fixes only one moderate severity “business logic error” in Flash Player this Patch Tuesday [Read More]
Google’s Ian Beer releases iOS 11 exploit that can be used for jailbreaks to help security researchers analyze Apple devices [Read More]
Synopsys has completed its acquisition of Black Duck Software, a privately held company that offers automated solutions for securing and managing open source software. [Read More]
A vulnerability in the Android (CVE-2017-13156) mobile OS could result in tampering with applications’ code without altering their signature. [Read More]
Microsoft used the same certificate for all instances of its Dynamics 365 ERP product and it took more than 100 days to take action, but the company claims the issue posed little risk [Read More]
Synaptics touchpad driver present on hundreds of HP laptops includes keylogging functionality. Patches available for a majority of affected devices [Read More]
Rockwell Automation patches high severity DoS vulnerability in FactoryTalk Alarms and Events (FTAE) product [Read More]

FEATURES, INSIGHTS // Vulnerabilities

rss icon

David Holmes's picture
The "Reaper" IoT botnet is holding itself up as a blinky light in front of our faces, reminding the InfoSec community that we really need to get ahead of IoT madness.
Torsten George's picture
We need to consider whether traditional approaches to vulnerability management are still viable and if just upgrading existing methods or tools is sufficient.
Jalal Bouhdada's picture
Vendors, practitioners and security experts must all work closely together to combat the well-funded actors who pose a threat to medical devices.
Jim Ivers's picture
Why are even the most security-conscious organizations being compromised, and what does it mean for everyone else?
David Holmes's picture
DUHK and ROCA are both implementation-specific vulnerabilities concerning one of my favorite topics, random number generators.
Torsten George's picture
The end user community is at the mercy of security researchers to act responsibly in order to limit the potential for their findings to be used for malicious purposes.
Alastair Paterson's picture
With greater awareness about POS system attacks, operations against third-party suppliers, and the vulnerabilities of public or semi-public Wi-Fi networks, companies can do a lot to mitigate risk and ensure safer journeys for travelers.
Jennifer Blatnik's picture
One of the crucial benefits of blockchain is its distributed capabilities, which mean there isn’t one centralized target to hack.
Jim Ivers's picture
Given the observation that consumers still seem oblivious to the risks and the lack of awareness about basic security hygiene, the education push will fall short.
David Holmes's picture
Security researchers found 26 vulnerabilities within ISP network devices that would have given them remote admin access to the majority of home networks in the United States.