Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Oracle's Critical Patch Update (CPU) for July 2016 fixes a total of 276 vulnerabilities across multiple products, including 19 critical security flaws. [Read More]
Most attacks that are targeting vulnerabilities in Microsoft Office to compromise victims’ systems are currently leveraging two security issues that were discovered last year. [Read More]
Updates released by ISC for the BIND DNS software address a medium severity DoS vulnerability [Read More]
A 15-year-old CGI application flaw dubbed “HTTPoxy” has been found to affect Go, PHP, Python and others [Read More]
Apple releases security updates for OS X, iOS, watchOS, tvOS, Safari, iTunes for Windows and iCloud for Windows [Read More]
Security weaknesses on many popular fitness trackers may allow hackers to access or potentially manipulate user data. [Read More]
A privilege escalation vulnerability in the Mac OS X firewall Little Snitch can be exploited to execute arbitrary code in the kernel [Read More]
Neutrino EK creators add Internet Explorer exploit after researchers publish a PoC [Read More]
Vulnerabilities affecting the Windows Print Spooler Components allow an attacker to compromise systems via the printer itself. [Read More]
Drupal released security updates for three modules to patch Highly Critical and Critical remote code execution (RCE) vulnerabilities in them. [Read More]

FEATURES, INSIGHTS // Vulnerabilities

rss icon

Jim Ivers's picture
If a car’s systems can be hacked to disable critical systems, then attacks can also be used to extract information. Similar to IoT, if data is being collected, data can be exfiltrated.
Torsten George's picture
Vulnerability assessments are often confused with penetration tests. In fact, the two terms are often used interchangeably, but they are worlds apart.
Jim Ivers's picture
IoT promises a lot of convenience, but there is a price to be paid if you don’t involve the best connected device ever created—your brain.
Torsten George's picture
Google Dorking can be used to identify vulnerable systems and trace them to a specific place on the Internet.
Emily Ratliff's picture
Wendy Nather coined the term “security poverty line” to describe how organizations operate when they have insufficient investment in IT security.
Jim Ivers's picture
Software that protects the crown jewels of the organization and reduces risk translates to “valuable.”
Jim Ivers's picture
Developers are not trained in security and security is not yet an adequately integrated component of the development process. We are not applying good, or even minimal, security practices.
Emily Ratliff's picture
Writing yet another “security” paper isn’t going to do the trick. Security practitioners need to do a better job of getting our messages integrated into core developer documentation.
Jim Ivers's picture
The Internet of Things (IoT) will result in billions of connected devices coming on line in the next ten years, and the associated software will be built by industries that traditionally have not emphasized software security.
Emily Ratliff's picture
When you run an application, how can you verify that what you are running was actually built from the code that a trusted developer wrote?