Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Adobe patches a total of 80 vulnerabilities in Flash Player, Photoshop, Connect, Acrobat and Reader, DNG Converter, InDesign, Digital Editions, Shockwave Player and Experience Manager [Read More]
Authentication bypass and remote code execution flaws found in Siemens SICAM RTU. No patches available as product has been discontinued [Read More]
Microsoft uses deep neural networks to improve fuzzing techniques. Tests conducted via AFL fuzzer [Read More]
Analysis of 278 million lines of code from 1,388 applications revealed that Financial services, Telecom and IT Consulting had the highest mean CWE densities of all industries. Energy and Utilities had the lowest CWE densities. [Read More]
VMware patches moderate severity DoS and information disclosure vulnerabilities in vCenter Server [Read More]
Pentagon addresses thousands of vulnerabilities reported by researchers through its bug bounty and vulnerability disclosure initiatives [Read More]
AVGater vulnerability in some antiviruses allows hackers to escalate privileges on a system by abusing the ‘restore from quarantine’ feature [Read More]
Security researchers have found a dubious script kiddie hacking script that contains an obfuscated backdoor inserted by the developer. [Read More]
Schneider Electric patches critical remote code execution vulnerability in InduSoft Web Studio and InTouch Machine Edition products [Read More]
Microsoft releases security advisory on how users can protect themselves against attacks leveraging DDE [Read More]

FEATURES, INSIGHTS // Vulnerabilities

rss icon

Marie Hattar's picture
When done successfully, continuous testing and training prevents bugs and performance issues from going out the door, while enabling developers to better spot problems in the future.
Travis Greene's picture
To reduce exposure to malware, security teams need to learn the DevOps techniques that are being adopted across the rest of the IT organization.
Jim Ivers's picture
Medical devices are indeed vulnerable to attack, but the industry is waking up to the breadth of the problems, and several organizations are forming a vanguard to show the way forward.
Jennifer Blatnik's picture
If the WannaCry incident taught us anything, it’s that global, widespread ransomware can and will impact organizations without any notice. The time to prepare is now.
Torsten George's picture
Hackers are exploiting known vulnerabilities and are betting on the fact that organizations don’t know how to fix what really matters.
Jim Ivers's picture
With the advent of connected devices, privacy and security have become tightly linked because theft of private data is often the goal of malicious attacks.
Jim Ivers's picture
If we agree that quality and security problems are both a form of defect, then we must sufficiently address both to produce software of the highest integrity.
Adam Meyer's picture
As with anything new, you need to prepare and plan for IoT devices being in your environment to maximize the value they provide, while minimizing the inherent risk of these network-enabled devices.
Dan Cornell's picture
Gaining an understanding of the tools that development teams use provides security teams with valuable insight into how developers work, how they make decisions, and the incentives that drive them.
Jim Ivers's picture
Enlightened toy manufacturers likely begin to embrace the basic concepts of IoT security and build connected toys that can be trusted by parents.