Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

In this podcast, Chief Technology Officer at Bluebox Security Jeff Forristal, discusses a significant Android vulnerability that lets hackers create a malicious application by copying the ID of a legitimate application to gain the same special privileges of the legitimate app.
Secure embedded L4 (seL4), said to be the world's most highly-assured operating system, has been released as open source.
Siemens released version 7.3 of the SIMATIC WinCC SCADA system to address several vulnerabilities, most of which can be exploited remotely.
Many organizations still haven't patched their installations of VMware to address the Heartbleed vulnerability, CloudPhysics reported.
Bugcrowd, the crowdsourced security company that specializes in bug bounty programs, has released a guide to help organizations set up responsible disclosure programs.
Comodo SecureBox is designed to help organizations protect the important applications running on their endpoints.
Many software development firms still fail to ensure that the components they use don't contain security vulnerabilities, according to a report published by software supply chain management company Sonatype.
A presentation on cracking the anonymity of the TOR network scheduled to be held at the upcoming Black Hat USA conference in Las Vegas has been cancelled.
IBM is advising the owners of certain KVM switches to update the firmware on their devices to address a total of three security holes that can be exploited remotely.
Four recently-patched OpenSSL vulnerabilities have been found to affect several industrial products from Siemens.

FEATURES, INSIGHTS // Vulnerabilities

rss icon

Torsten George's picture
When an organization is solely focused on strengthening its compliance posture to pass an audit, they primarily look at control failures and gaps and try to mitigate them.
Mark Hatton's picture
You need to identify your security shortcomings before someone else does. Simulate attacks and tests to associate known vulnerabilities, previous attack patterns, and security/network data to identify potential attack paths to your company’s most important data.
Scott Simkin's picture
While SSL decryption is necessary for maintaining network security, security admins need to establish strict rules about how they handle decrypted data.
Ryan Naraine's picture
John Hultquist, Manager of Cyber Espionage Threat Intelligence at ISIGHT Partners, joins the podcast to talk about "NEWSCASTER," a cyber espionage operation that uses fictitious social media accounts to launch attacks.
Danelle Au's picture
The protection of connected ( Internet of Things) devices is likely better performed at a network level rather than an endpoint level due to the variety of devices that may exist and the limited endpoint security functions that can be supported.
Mark Hatton's picture
The fact that you aren’t seeing or hearing about potential threats to the organization, or alarms aren’t being raised by the security team, shouldn’t make you feel better as an executive.
Torsten George's picture
A threat is the agent that takes advantage of a vulnerability. This relationship must be a key factor in the risk assessment process and can no longer be treated as risk’s neglected step child.
Mark Hatton's picture
Here are five things I recommend security pros keep in mind when navigating the line between tight security and keeping the organization running at peak proficiency.
Chris Hinkley's picture
Whether you’re buying a smart refrigerator for your home or a printer for your company, your first step is deciding the risk involved and how to deploy the device in a secure manner while preserving the functionality you require.
Mark Hatton's picture
Predictive security narrows the scope considerably and helps IT and security pros zero-in on the most likely vulnerabilities and areas most-at-risk due to the sensitive nature of the data they hold.