Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Facebook announces winner of 2016 Internet Defense Prize – $100,000 awarded for research on post-quantum security for TLS [Read More]
Researcher gets $4,000 after finding a serious vulnerability in Rights Manager, Facebook’s anti-freebooting tool [Read More]
A TCP flaw affecting Linux systems allows attackers to terminate connections and inject malicious data [Read More]
Researchers looking to cash in on working exploits for 0-day and N-day vulnerabilities can now turn to a new bounty program from Exodus Intelligence, which is offering up to $500,000 for certain exploits. [Read More]
Microsoft patches 27 vulnerabilities in Windows, Office, Edge and Internet Explorer [Read More]
QuadRooter is a set of four vulnerabilities that gives attackers complete control of Android devices. [Read More]
Network video recorders from Netgear and NUUO are plagued by several unpatched vulnerabilities [Read More]
To date, SAP has issued over 3,660 Security Notes and Support Package Implementation Notes to address thousands of vulnerabilities in its business critical applications, a new report from ERPScan reveals. [Read More]
VMware patches two vulnerabilities, including a DLL hijacking issue that could have been exploited to execute arbitrary code [Read More]
Adobe’s Flash Player might be the most targeted product when criminal exploit kits are involved, Microsoft Office, Windows and Internet Explorer take center stage when Russian advanced persistent threat (APT) groups are involved. [Read More]

FEATURES, INSIGHTS // Vulnerabilities

rss icon

Torsten George's picture
Relying solely on existing intelligence provided by vulnerability scanners should only be a first step in a cyber risk management process.
Wade Williamson's picture
It turned out to be a tricky month for security admins to take that long-awaited summer vacation because July was one of the busiest months in recent memory in terms of vulnerabilities.
Jim Ivers's picture
If a car’s systems can be hacked to disable critical systems, then attacks can also be used to extract information. Similar to IoT, if data is being collected, data can be exfiltrated.
Torsten George's picture
Vulnerability assessments are often confused with penetration tests. In fact, the two terms are often used interchangeably, but they are worlds apart.
Jim Ivers's picture
IoT promises a lot of convenience, but there is a price to be paid if you don’t involve the best connected device ever created—your brain.
Torsten George's picture
Google Dorking can be used to identify vulnerable systems and trace them to a specific place on the Internet.
Emily Ratliff's picture
Wendy Nather coined the term “security poverty line” to describe how organizations operate when they have insufficient investment in IT security.
Jim Ivers's picture
Software that protects the crown jewels of the organization and reduces risk translates to “valuable.”
Jim Ivers's picture
Developers are not trained in security and security is not yet an adequately integrated component of the development process. We are not applying good, or even minimal, security practices.
Emily Ratliff's picture
Writing yet another “security” paper isn’t going to do the trick. Security practitioners need to do a better job of getting our messages integrated into core developer documentation.