Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

EternalRocks is the first known malware incorporating seven NSA hacking tools to compromise systems and install a secret backdoor. [Read More]
Verizon Messages was affected by a flaw that could have been exploited to launch XSS attacks over SMS [Read More]
Most of the computers affected by the WannaCry ransomware outbreak were running Windows 7, security researchers have revealed. [Read More]
VMware releases updates for Windows and Linux versions of Workstation to address privilege escalation and DoS vulnerabilities [Read More]
WikiLeaks detailed Athena, a malware developed by the CIA with a U.S. offensive-driven cybersecurity firm. The tool works on all versions of Windows [Read More]
A newly discovered ransomware family was found to be using the NSA-linked EternalBlue exploit for distribution and is capable of fileless infection, researchers have discovered. [Read More]
WordPress 4.7.5 patches six vulnerabilities, including SSRF, XSS and CSRF flaws [Read More]
Medical devices also infected with WannaCry ransomware. Several manufacturers release security advisories [Read More]
Microsoft held back from distributing a free security update that could have protected computers from the WannaCry global cyber attack, the Financial Times reported. [Read More]
Researcher earns $5,000 for information disclosure vulnerability found in Google’s intranet login page [Read More]

FEATURES, INSIGHTS // Vulnerabilities

rss icon

Torsten George's picture
Hackers are exploiting known vulnerabilities and are betting on the fact that organizations don’t know how to fix what really matters.
Jim Ivers's picture
With the advent of connected devices, privacy and security have become tightly linked because theft of private data is often the goal of malicious attacks.
Jim Ivers's picture
If we agree that quality and security problems are both a form of defect, then we must sufficiently address both to produce software of the highest integrity.
Adam Meyer's picture
As with anything new, you need to prepare and plan for IoT devices being in your environment to maximize the value they provide, while minimizing the inherent risk of these network-enabled devices.
Dan Cornell's picture
Gaining an understanding of the tools that development teams use provides security teams with valuable insight into how developers work, how they make decisions, and the incentives that drive them.
Jim Ivers's picture
Enlightened toy manufacturers likely begin to embrace the basic concepts of IoT security and build connected toys that can be trusted by parents.
Jim Ivers's picture
Enabling developers through the right mix of tools and education just makes too much sense and generates too much value for all concerned.
Adam Meyer's picture
Cyber threat intelligence is showing us is that most threats simply exploit a series of well-documented vulnerabilities and other weak points to move along the path of least resistance – and the most profit.
Josh Lefkowitz's picture
Not adhering to responsible disclosure has the potential to amplify the threats posed by certain vulnerabilities and incidents.
Jim Ivers's picture
Many of you understand that addressing the vulnerabilities in your software is something you can no longer ignore, and are ready to get serious about software security.