Security Experts:

long dotted


During the more frequent feature updates in Windows 10, pressing SHIFT+F10 gives the user admin privileges while BitLocker is disabled. [Read More]
Cisco has decided to give vendors 90 days to patch the vulnerabilities discovered by its Talos researchers before disclosing their details [Read More]
While packed with a load of new security features, Window 10 doesn’t offer some of the additional protections that Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) brings, CERT vulnerability analyst Will Dormann warns. [Read More]
Researcher discovers several enumeration vulnerabilities in Uber’s recently launched UberCENTRAL service [Read More]
VMware has patched information disclosure vulnerabilities in its vCenter Server, vSphere Client, vRealize Automation and Identity Manager products [Read More]
Cisco Talos researchers find several high severity code execution vulnerabilities in the HDF5 library. The issues have been patched [Read More]
Serious vulnerabilities found by a Google researcher in Palo Alto Networks’ PAN-OS allow remote code execution with root privileges [Read More]
The DHS has published its Strategic Principles for Securing the Internet of Things (IoT), which comprises six non-binding principles designed to provide security across the design, manufacturing and deployment of connected devices. [Read More]
Information disclosure, incorrect caching, redirection and denial-of-service vulnerabilities have been patched in Drupal [Read More]
Mozilla this week released Firefox 50 in the stable channel to patch 27 vulnerabilities and to provide users with improved Download Protection. [Read More]

FEATURES, INSIGHTS // Vulnerabilities

rss icon

Torsten George's picture
Faced with hundreds, thousands, and even hundreds of thousands of vulnerabilities across their IT infrastructures leaves security practitioners at a virtually insurmountable disadvantage.
Jim Ivers's picture
As with any business relationship, you should use software or open source components from your allies with your eyes open to the potential risks.
Erin O’Malley's picture
What’s worse than having to cook a Thanksgiving turkey? How about being forced to relegate the poor bird to a crock pot after discovering that your net-connected oven and wireless meat thermometer have both been hacked?
Alastair Paterson's picture
Understanding what makes a good exploit kit is the first step in protecting against such attacks. But what else can you do to prevent adversaries from using exploit kits against your organization?
Jennifer Blatnik's picture
The interests of the researchers should be to make the world more secure, not profit from a corporation’s vulnerabilities.
Jim Ivers's picture
I know I no longer have much trust in the connected devices in my home, and wonder what they do with their spare time.
Travis Greene's picture
A reliance on Internet voting with current technology will lead to the disenfranchisement of voters and manipulation by foreign or domestic attackers.
Jim Ivers's picture
Mature organizations should adopt a blended approach that employs testing tools at various stages in the development life cycle.
Scott Simkin's picture
While exploit kits are certainly contributing to the steady rise in the number of cyberattacks, in the end, the methods they use to infect endpoints and networks can be stopped provided the proper steps are taken.
David Holmes's picture
SWEET32 is probably not something that an enterprise administrator needs to lose sleep over. Very likely, we will never see a SWEET32 attack in the wild, just as we never have for POODLE or BEAST.