Security Experts:

long dotted


LibreSSL, the open-source implementation of the SSL/TLS protocol forked from OpenSSL, is unsafe on Linux due to a flaw in the pseudorandom number generator (PRNG), a researcher said. But some say the issue has been overblown.
Oracle has addressed a total of 113 security vulnerabilities across its product base with the release of the Critical Patch Update (CPU) for July 2014.
A vulnerability in WPtouch, a popular plugin that's used to create simple themes for the mobile visitors of WordPress websites, can be leveraged by an attacker to upload PHP files to impacted servers.
A vulnerability in Microsoft's Active Directory service can be exploited by an attacker to change a targeted user's password.
Google said it would create a new, “well-staffed” security team called Project Zero with the objective to significantly reduce the number of people harmed by targeted attacks.
Oracle said future security patches for Java 7 will work on Windows XP, but pointed out that it can no longer provide "complete guarantees" for the software because the operating systems is no longer supported by Microsoft.
According to the survey, 64 percent of the respondents said they anticipated one or more serious attacks in the coming year.
Oracle's update will include critical fixes for Java SE and Oracle Fusion Middleware.
The developers of the popular password manager LastPass informed users on Friday of security vulnerabilities reported to the company last year.
Researchers at Lacoon Mobile Security discuss an issue impacting the Gmail application for iOS they believe could help an attacker launching man-in-the-middle attacks.

FEATURES, INSIGHTS // Vulnerabilities

rss icon

Mark Hatton's picture
You need to identify your security shortcomings before someone else does. Simulate attacks and tests to associate known vulnerabilities, previous attack patterns, and security/network data to identify potential attack paths to your company’s most important data.
Scott Simkin's picture
While SSL decryption is necessary for maintaining network security, security admins need to establish strict rules about how they handle decrypted data.
Ryan Naraine's picture
John Hultquist, Manager of Cyber Espionage Threat Intelligence at ISIGHT Partners, joins the podcast to talk about "NEWSCASTER," a cyber espionage operation that uses fictitious social media accounts to launch attacks.
Danelle Au's picture
The protection of connected ( Internet of Things) devices is likely better performed at a network level rather than an endpoint level due to the variety of devices that may exist and the limited endpoint security functions that can be supported.
Mark Hatton's picture
The fact that you aren’t seeing or hearing about potential threats to the organization, or alarms aren’t being raised by the security team, shouldn’t make you feel better as an executive.
Torsten George's picture
A threat is the agent that takes advantage of a vulnerability. This relationship must be a key factor in the risk assessment process and can no longer be treated as risk’s neglected step child.
Mark Hatton's picture
Here are five things I recommend security pros keep in mind when navigating the line between tight security and keeping the organization running at peak proficiency.
Chris Hinkley's picture
Whether you’re buying a smart refrigerator for your home or a printer for your company, your first step is deciding the risk involved and how to deploy the device in a secure manner while preserving the functionality you require.
Mark Hatton's picture
Predictive security narrows the scope considerably and helps IT and security pros zero-in on the most likely vulnerabilities and areas most-at-risk due to the sensitive nature of the data they hold.
Chris Hinkley's picture
Vulnerabilities are a fact of life. Independent testing may be illegal without express permission, but that doesn’t stop code pillagers from sniffing out vulnerabilities and weaknesses in your web applications.