Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Banking Trojan TrickBot is no longer hitting only banks and financial institutions, but also added payment processing and Customer Relationship Management (CRM) providers to its list of targets, F5 warns. [Read More]
Newly discovered vulnerabilities affecting DVR systems could open the door to new, more potent Internet of Things (IoT) botnets. [Read More]
Qualys researchers demonstrate Stack Clash, a type of flaw that can be exploited for root privilege escalation on Unix operating systems [Read More]
Honeypots deployed by Kaspersky show that DVR and IP camera systems are the top source of IoT attacks [Read More]
Several vulnerabilities found in HPE SiteScope. No patches available, but users can apply workarounds [Read More]
Updates released for DNS software BIND address a critical vulnerability in the installer delivered with BIND for Windows, and which could have been exploited for privilege escalation, the Internet Systems Consortium (ISC) announced. [Read More]
Update released by Trihedral for its VTScada SCADA software suite patches several vulnerabilities, including ones rated high severity [Read More]
One of the flaws addressed by Microsoft this week is a potentially serious SharePoint XSS believed to affect most installations [Read More]
IAM solutions provider Centrify launches bug bounty program via Bugcrowd with rewards of up to $3,000 per vulnerability [Read More]
OSIsoft patches multiple vulnerabilities in its PI Web API and PI Server products, including improper authentication and CSRF issues [Read More]

FEATURES, INSIGHTS // Vulnerabilities

rss icon

Marie Hattar's picture
When done successfully, continuous testing and training prevents bugs and performance issues from going out the door, while enabling developers to better spot problems in the future.
Travis Greene's picture
To reduce exposure to malware, security teams need to learn the DevOps techniques that are being adopted across the rest of the IT organization.
Jim Ivers's picture
Medical devices are indeed vulnerable to attack, but the industry is waking up to the breadth of the problems, and several organizations are forming a vanguard to show the way forward.
Jennifer Blatnik's picture
If the WannaCry incident taught us anything, it’s that global, widespread ransomware can and will impact organizations without any notice. The time to prepare is now.
Torsten George's picture
Hackers are exploiting known vulnerabilities and are betting on the fact that organizations don’t know how to fix what really matters.
Jim Ivers's picture
With the advent of connected devices, privacy and security have become tightly linked because theft of private data is often the goal of malicious attacks.
Jim Ivers's picture
If we agree that quality and security problems are both a form of defect, then we must sufficiently address both to produce software of the highest integrity.
Adam Meyer's picture
As with anything new, you need to prepare and plan for IoT devices being in your environment to maximize the value they provide, while minimizing the inherent risk of these network-enabled devices.
Dan Cornell's picture
Gaining an understanding of the tools that development teams use provides security teams with valuable insight into how developers work, how they make decisions, and the incentives that drive them.
Jim Ivers's picture
Enlightened toy manufacturers likely begin to embrace the basic concepts of IoT security and build connected toys that can be trusted by parents.