Security Experts:

long dotted


Researchers have found a new ASLR bypass method by exploiting a hardware vulnerability [Read More]
A recently conducted security assessment of VeraCrypt has revealed over 25 security vulnerabilities in the popular encryption platform, including a critical cryptography flaw. [Read More]
Many home Internet routers are known to include vulnerabilities, while home users are not known for their ability to behave securely. [Read More]
Internet of Things (IoT) devices with hardcoded default login credentials are being targeted by a newly discovered Linux malware called NyaDrop. [Read More]
Five years after the launch of its bug bounty program, Facebook says it has paid out a total of $5 million to over 900 researchers [Read More]
SAP has released its monthly patches for October 2016 to resolve 48 vulnerabilities in its products, including 25 implementation flaws and 12 Missing Authorization checks. [Read More]
Microsoft’s latest security bulletins patch 36 unique CVEs, including four zero-days exploited in the wild [Read More]
Microsoft has started its new patch process for Windows 7 and 8.1 and moving all supported non Windows 10 PCs steadily towards the Windows 10 update model. [Read More]
Vulnerabilities found in MatrixSSL could be exploited to take complete control of IoT devices [Read More]
Adobe patches tens of vulnerabilities in Acrobat, Reader, Flash Player and Creative Cloud Desktop Application. No exploits in the wild [Read More]

FEATURES, INSIGHTS // Vulnerabilities

rss icon

Jim Ivers's picture
Mature organizations should adopt a blended approach that employs testing tools at various stages in the development life cycle.
Scott Simkin's picture
While exploit kits are certainly contributing to the steady rise in the number of cyberattacks, in the end, the methods they use to infect endpoints and networks can be stopped provided the proper steps are taken.
David Holmes's picture
SWEET32 is probably not something that an enterprise administrator needs to lose sleep over. Very likely, we will never see a SWEET32 attack in the wild, just as we never have for POODLE or BEAST.
Jim Ivers's picture
When will automakers speak up about the measures they have taken to test the software embedded in their vehicles?
Dan Cornell's picture
Security teams and DevOps teams aren’t always on the same page and the lack of communication often results in misaligned priorities that significantly inhibit productivity.
Jim Ivers's picture
Organizations should understand the risks and returns of open source and either start putting policies in place or getting serious about enforcing existing policies.
Torsten George's picture
Relying solely on existing intelligence provided by vulnerability scanners should only be a first step in a cyber risk management process.
Wade Williamson's picture
It turned out to be a tricky month for security admins to take that long-awaited summer vacation because July was one of the busiest months in recent memory in terms of vulnerabilities.
Jim Ivers's picture
If a car’s systems can be hacked to disable critical systems, then attacks can also be used to extract information. Similar to IoT, if data is being collected, data can be exfiltrated.
Torsten George's picture
Vulnerability assessments are often confused with penetration tests. In fact, the two terms are often used interchangeably, but they are worlds apart.