Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

A vulnerability in the Android (CVE-2017-13156) mobile OS could result in tampering with applications’ code without altering their signature. [Read More]
Microsoft used the same certificate for all instances of its Dynamics 365 ERP product and it took more than 100 days to take action, but the company claims the issue posed little risk [Read More]
Synaptics touchpad driver present on hundreds of HP laptops includes keylogging functionality. Patches available for a majority of affected devices [Read More]
Rockwell Automation patches high severity DoS vulnerability in FactoryTalk Alarms and Events (FTAE) product [Read More]
OpenSSL 1.0.2n patches two vulnerabilities discovered by a Google researcher using the OSS-Fuzz fuzzing service [Read More]
Iranian cyber espionage group tracked as OilRig and APT34 has been exploiting the recently patched Equation Editor vulnerability in Office to deliver malware [Read More]
Researchers devise new method, dubbed Process Doppelgänging, that can be leveraged by malware to evade security solutions [Read More]
Apple this week released security updates for macOS, watchOS, and tvOS, as well as updated versions of the Safari browser and the iTunes for Windows application. [Read More]
Many industrial products from Siemens are vulnerable to remote DoS attacks. Hundreds of potentially affected devices connected to the Internet [Read More]
Researchers show how hackers can stealthily exfiltrate data from air-gapped industrial networks by manipulating the RF signals emitted by a PLC [Read More]

FEATURES, INSIGHTS // Vulnerabilities

rss icon

David Holmes's picture
Security researchers found 26 vulnerabilities within ISP network devices that would have given them remote admin access to the majority of home networks in the United States.
David Holmes's picture
A manufacturer of a meter may have a different threat model involving the physical aspects of the device itself: device memory, firmware interface, ecosystem communications.
Jim Ivers's picture
These recommendations will help your organization reduce risk and save real money on the cost of resolving defects. It is not often you get such a clear win-win scenario.
Dan Cornell's picture
Being able to properly defend applications requires organizations to first identify their attack surfaces before meaningful risk management can take place.
Marie Hattar's picture
When done successfully, continuous testing and training prevents bugs and performance issues from going out the door, while enabling developers to better spot problems in the future.
Travis Greene's picture
To reduce exposure to malware, security teams need to learn the DevOps techniques that are being adopted across the rest of the IT organization.
Jim Ivers's picture
Medical devices are indeed vulnerable to attack, but the industry is waking up to the breadth of the problems, and several organizations are forming a vanguard to show the way forward.
Jennifer Blatnik's picture
If the WannaCry incident taught us anything, it’s that global, widespread ransomware can and will impact organizations without any notice. The time to prepare is now.
Torsten George's picture
Hackers are exploiting known vulnerabilities and are betting on the fact that organizations don’t know how to fix what really matters.
Jim Ivers's picture
With the advent of connected devices, privacy and security have become tightly linked because theft of private data is often the goal of malicious attacks.