SAP issued five new Security Notes as part of its December 2019 Security Patch Day, to which it also added 2 updates for previously released Security Notes. [Read More]
A newly disclosed attack against Intel processors utilizes voltage modifications to expose data stored using Intel's Secure Guard Extensions (SGX). [Read More]
Security updates released by Apple this week address numerous vulnerabilities in macOS Catalina, iOS and iPadOS, Safari, and other software products. [Read More]
Google releases Chrome 79 with a total of 51 security fixes, including 37 reported by external researchers, two of which are considered critical. [Read More]
Adobe’s Patch Tuesday updates for December 2019 fix vulnerabilities in the company’s Acrobat and Reader, Brackets, Photoshop, and ColdFusion products. [Read More]
Microsoft’s December 2019 Patch Tuesday updates fix 36 vulnerabilities, including a Windows zero-day that has been exploited in Korea-linked attacks alongside a Chrome zero-day. [Read More]
Microsoft announces a new feature in Office 365 Advanced Threat Protection meant to provide more visibility into cyber-attacks targeting organizations via email. [Read More]
A security researcher has analyzed three hardware password vaults and discovered that credentials are stored in plaintext and survive hardware resets. [Read More]
There are good and bad ways to make vulnerabilities known. A premature “full disclosure” of a previously unknown issue can unleash the forces of evil, and the “black hats” often move faster than vendors or enterprise IT teams.
Any bug hunter, security analyst, software vendor, or device manufacturer should not rely on CVSS as the pointy end of the stick for prioritizing remediation.
In a world of over-hyped bugs, stunt hacking, and branded vulnerability disclosures, my advice to CISOs is to make security lemonade by finding practical next steps to take.
Devon Kerr explains what happened when a municipality inadvertently deployed a brand-new endpoint protection technology across a small part of their production network.
By learning from the past there are many steps we can take to strength our approach to security as attackers continue to turn to email to help accomplish their mission.