Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Developers of the popular e-commerce WordPress plugin WooCommerce patch persistent XSS flaw [Read More]
Google released Chrome 52 in the stable channel and revealed that no less than 48 security vulnerabilities were resolved in the popular web browser. [Read More]
Starting next month, the Firefox Web browser will block certain Flash content to improve the security of its users and to ensure faster page loads. [Read More]
Vulnerabilities in OS X and iOS allow remote code execution via specially crafted image files [Read More]
Oracle's Critical Patch Update (CPU) for July 2016 fixes a total of 276 vulnerabilities across multiple products, including 19 critical security flaws. [Read More]
Most attacks that are targeting vulnerabilities in Microsoft Office to compromise victims’ systems are currently leveraging two security issues that were discovered last year. [Read More]
Updates released by ISC for the BIND DNS software address a medium severity DoS vulnerability [Read More]
A 15-year-old CGI application flaw dubbed “HTTPoxy” has been found to affect Go, PHP, Python and others [Read More]
Apple releases security updates for OS X, iOS, watchOS, tvOS, Safari, iTunes for Windows and iCloud for Windows [Read More]
Security weaknesses on many popular fitness trackers may allow hackers to access or potentially manipulate user data. [Read More]

FEATURES, INSIGHTS // Vulnerabilities

rss icon

Wade Williamson's picture
It turned out to be a tricky month for security admins to take that long-awaited summer vacation because July was one of the busiest months in recent memory in terms of vulnerabilities.
Jim Ivers's picture
If a car’s systems can be hacked to disable critical systems, then attacks can also be used to extract information. Similar to IoT, if data is being collected, data can be exfiltrated.
Torsten George's picture
Vulnerability assessments are often confused with penetration tests. In fact, the two terms are often used interchangeably, but they are worlds apart.
Jim Ivers's picture
IoT promises a lot of convenience, but there is a price to be paid if you don’t involve the best connected device ever created—your brain.
Torsten George's picture
Google Dorking can be used to identify vulnerable systems and trace them to a specific place on the Internet.
Emily Ratliff's picture
Wendy Nather coined the term “security poverty line” to describe how organizations operate when they have insufficient investment in IT security.
Jim Ivers's picture
Software that protects the crown jewels of the organization and reduces risk translates to “valuable.”
Jim Ivers's picture
Developers are not trained in security and security is not yet an adequately integrated component of the development process. We are not applying good, or even minimal, security practices.
Emily Ratliff's picture
Writing yet another “security” paper isn’t going to do the trick. Security practitioners need to do a better job of getting our messages integrated into core developer documentation.
Jim Ivers's picture
The Internet of Things (IoT) will result in billions of connected devices coming on line in the next ten years, and the associated software will be built by industries that traditionally have not emphasized software security.