Security Experts:

Virus & Threats
long dotted

NEWS & INDUSTRY UPDATES

Amazon Echo and Google Home devices are vulnerable to attacks exploiting the recently disclosed BlueBorne vulnerabilities [Read More]
Oracle patches several vulnerabilities, including two rated critical, in the Jolt server component of the company’s Tuxedo product [Read More]
SAP's November 2017 security updates address 22 vulnerabilities across product portfolio, including three issues rated Very High priority (Hot News). [Read More]
Microsoft patches over 50 vulnerabilities with November Patch Tuesday updates, including 20 critical browser flaws that allow arbitrary code execution [Read More]
Adobe patches a total of 80 vulnerabilities in Flash Player, Photoshop, Connect, Acrobat and Reader, DNG Converter, InDesign, Digital Editions, Shockwave Player and Experience Manager [Read More]
Authentication bypass and remote code execution flaws found in Siemens SICAM RTU. No patches available as product has been discontinued [Read More]
A recently disclosed vulnerability that allows an attacker to abuse the quarantine feature of anti-virus products to escalate privileges doesn’t affect Windows Defender, Microsoft says. [Read More]
Microsoft uses deep neural networks to improve fuzzing techniques. Tests conducted via AFL fuzzer [Read More]
Analysis of 278 million lines of code from 1,388 applications revealed that Financial services, Telecom and IT Consulting had the highest mean CWE densities of all industries. Energy and Utilities had the lowest CWE densities. [Read More]
VMware patches moderate severity DoS and information disclosure vulnerabilities in vCenter Server [Read More]

FEATURES, INSIGHTS // Virus & Threats

rss icon

David Holmes's picture
Security researchers found 26 vulnerabilities within ISP network devices that would have given them remote admin access to the majority of home networks in the United States.
David Holmes's picture
A manufacturer of a meter may have a different threat model involving the physical aspects of the device itself: device memory, firmware interface, ecosystem communications.
Markus Jakobsson's picture
Endpoint protection will never be able to catch up with “known wolves,” but machine learning and artificial perception can change the rules of engagement with models of “known good.”
Jim Ivers's picture
These recommendations will help your organization reduce risk and save real money on the cost of resolving defects. It is not often you get such a clear win-win scenario.
Dan Cornell's picture
Being able to properly defend applications requires organizations to first identify their attack surfaces before meaningful risk management can take place.
Marie Hattar's picture
When done successfully, continuous testing and training prevents bugs and performance issues from going out the door, while enabling developers to better spot problems in the future.
Jack Danahy's picture
It seems as though competing vendors spend more of their marketing dollars describing the insufficiency of existing solutions than they do explaining the added value that their new advancements bring.
Travis Greene's picture
To reduce exposure to malware, security teams need to learn the DevOps techniques that are being adopted across the rest of the IT organization.
Jim Ivers's picture
Medical devices are indeed vulnerable to attack, but the industry is waking up to the breadth of the problems, and several organizations are forming a vanguard to show the way forward.
Jennifer Blatnik's picture
If the WannaCry incident taught us anything, it’s that global, widespread ransomware can and will impact organizations without any notice. The time to prepare is now.