Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
SAP issued five new Security Notes as part of its December 2019 Security Patch Day, to which it also added 2 updates for previously released Security Notes. [Read More]
A newly disclosed attack against Intel processors utilizes voltage modifications to expose data stored using Intel's Secure Guard Extensions (SGX). [Read More]
Security updates released by Apple this week address numerous vulnerabilities in macOS Catalina, iOS and iPadOS, Safari, and other software products. [Read More]
Google releases Chrome 79 with a total of 51 security fixes, including 37 reported by external researchers, two of which are considered critical. [Read More]
Adobe’s Patch Tuesday updates for December 2019 fix vulnerabilities in the company’s Acrobat and Reader, Brackets, Photoshop, and ColdFusion products. [Read More]
Microsoft’s December 2019 Patch Tuesday updates fix 36 vulnerabilities, including a Windows zero-day that has been exploited in Korea-linked attacks alongside a Chrome zero-day. [Read More]
Microsoft announces a new feature in Office 365 Advanced Threat Protection meant to provide more visibility into cyber-attacks targeting organizations via email. [Read More]
A security researcher has analyzed three hardware password vaults and discovered that credentials are stored in plaintext and survive hardware resets. [Read More]
VPN provider NordVPN launches bug bounty program covering its websites, browser extensions and applications. [Read More]
Google releases source code of PathAuditor, a tool designed to help developers identify vulnerabilities related to file access. [Read More]
- 1 of 588
- ››
FEATURES, INSIGHTS // Virus & Threats
With years of bug bounty programs now behind us, it is interesting to see how the information security sector transformed – or didn’t.
There are good and bad ways to make vulnerabilities known. A premature “full disclosure” of a previously unknown issue can unleash the forces of evil, and the “black hats” often move faster than vendors or enterprise IT teams.
Any bug hunter, security analyst, software vendor, or device manufacturer should not rely on CVSS as the pointy end of the stick for prioritizing remediation.
In a world of over-hyped bugs, stunt hacking, and branded vulnerability disclosures, my advice to CISOs is to make security lemonade by finding practical next steps to take.
Architects and IT security teams are looking for technology evolutions to help them manage real problems in endpoint storage and messaging.
Regardless of which framework you use, it’s crucial to operationalize it in the context of your organization’s unique environment and risk factors.
Devon Kerr explains what happened when a municipality inadvertently deployed a brand-new endpoint protection technology across a small part of their production network.
Organizations may not be able to mitigate BEC scams entirely; however, tightening up processes will ensure data exposure is kept to a minimum.
By learning from the past there are many steps we can take to strength our approach to security as attackers continue to turn to email to help accomplish their mission.
“Evasive phishing" is not a term much heard, but we all will—and need to—start talking a lot more about it than we have in the past.
- 1 of 26
- ››
SecurityWeek Daily Briefing
- Large Hospital System Hit by Ransomware Attack
- Cyberattack, Ransomware Hobbles New Orleans City Government
- Suspected Cyberattack Hobbles New Orleans City Government
- Microsoft Releases Integrated Threat Protection in Public Preview
- Fortinet Acquires SOAR Platform Provider CyberSponse
- Credential Harvesting Campaign Targets Government Procurement Services
- OPSWAT Acquires Network Access Control Provider Impulse
- FireEye Launches New OT Threat Intelligence Service
- WhatsApp Will Take Legal Action Against Automated or Bulk Messaging
- Twitter Funding New Blockchain-Based Social Media Platform
Copyright © 2019 Wired Business Media. All Rights Reserved. Privacy Policy