Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Unfixed RCE bug exposes 127 ipTIME router models to hack attacks. The flaw has not been reported to the vendor due to its poor vulnerability-handling practices.
Firefox 39 patches two dozen vulnerabilities, including 13 critical issues and the Logjam crypto bug.
Cisco Unified Communications Domain Manager platform software is plagued by a vulnerability that allows a remote attacker to gain root privileges on the system.
A vulnerability in the 802.11n wireless networking standard can be exploited by a remote attacker to target wireless networks.
Amazon has launched s2n, a new open source implementation of TLS. s2n is designed to be small, fast, simple and secure.
Malicious actors have managed to launch a DDoS attack that peaked at 12Gbps by abusing routers running the old RIPv1 protocol.
Apple has patched a large number of vulnerabilities in its products, including the recently disclosed Mac EFI bugs.
Schneider Electric has patched a Wonderware System Platform vulnerability that can be exploited for arbitrary code execution.
Yahoo has patched an SSRF/XSPA vulnerability related to image processing nearly one year after it learned of its existence.
130 people who acquired plane tickets using stolen credit card data have been detained and questioned as part of an international law enforcement operation.

FEATURES, INSIGHTS // Vulnerabilities

rss icon

Mark Hatton's picture
Unfortunately, when it comes to security, what you’ve accomplished means very little. It’s all about where the vulnerabilities still exist.
David Holmes's picture
Is it possible to apply this maxim to global SSL patch rates? Let’s take a look at the most recent SSL vulnerability: POODLE.
David Holmes's picture
The media was so taken with the idea that Kate Upton nude photos had caused a DDoS attack that they just took the story and ran with it. But what really caused disrupted service across New Zealand’s major ISPs?
Mark Hatton's picture
Without the ability to prioritize in certain situations, you may end up waiting weeks to apply the most important patch. Think of your corporate network like your home. There are probably lots of items on your honey do list, but they can’t all be completed today.
Torsten George's picture
It appears that 2014 will be remembered in the IT industry for several severe and wide-reaching server-side vulnerabilities. So what lessons can we learn from these vulnerabilities?
Torsten George's picture
To limit the risk of having drive-by malware attacks planted on their websites, organizations should monitor the payload of their different Internet properties, which for larger organizations can easily become a huge undertaking.
Fahmida Y. Rashid's picture
Opinions vary wildly among experts as to the potential impact of the Shellshock vulnerability. What is known—and agreed upon—at this point, is that Shellshock is a very serious vulnerability because it allows remote code execution and gives the attacker full access to the system.
Jason Polancich's picture
Businesses have more data on hand than they think. They key is crafting a plan to track it and combine it with data from outside their own walls against which the internal data can be analyzed.
Torsten George's picture
When an organization is solely focused on strengthening its compliance posture to pass an audit, they primarily look at control failures and gaps and try to mitigate them.
Mark Hatton's picture
You need to identify your security shortcomings before someone else does. Simulate attacks and tests to associate known vulnerabilities, previous attack patterns, and security/network data to identify potential attack paths to your company’s most important data.