Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

A researcher discovered multiple vulnerabilities in HP Support Assistant, a utility pre-installed on all HP computers sold after October 2012. [Read More]
Trend Micro’s security researchers discovered 8,000 unsecured Redis instances that were exposed to anyone with an Internet connection. [Read More]
The popular digital wallet application Key Ring recently exposed information belonging to millions of its users. [Read More]
Mozilla has released updates for Firefox to patch two critical use-after-free vulnerabilities that have been exploited in the wild. [Read More]
A white hat hacker says he has earned $75,000 from Apple for reporting several Safari vulnerabilities that can be used to hijack the camera of devices running iOS or macOS. [Read More]
Thousands of mobile applications for Android contain hidden behavior such as backdoors and blacklists, a group of researchers has discovered. [Read More]
A stored XSS vulnerability in the Contact Form 7 Datepicker WordPress plugin will not receive a patch, leaving websites exposed to attacks. [Read More]
Twitter has informed users that some of their personal information may have been exposed due to the way Firefox stores cached data. [Read More]
A security researcher has discovered over 25 different potential vulnerabilities in Windows, including some that could lead to elevation of privileges. [Read More]
Vulnerabilities patched earlier this year in Firefox and Internet Explorer have been exploited by an APT in attacks aimed at China and Japan. [Read More]

FEATURES, INSIGHTS // Vulnerabilities

rss icon

Joshua Goldfarb's picture
Performing gap analysis well and remediating findings appropriately can help reduce both the number of weak points within your enterprise and your susceptibility to attack at each of them.
John Maddison's picture
Organizations must adopt a holistic approach to securing their distributed networked environment that enables them to see and manage their entire distributed network, including all attack vectors, through a single pane of glass.
Gunter Ollmann's picture
With years of bug bounty programs now behind us, it is interesting to see how the information security sector transformed – or didn’t.
Marie Hattar's picture
There are good and bad ways to make vulnerabilities known. A premature “full disclosure” of a previously unknown issue can unleash the forces of evil, and the “black hats” often move faster than vendors or enterprise IT teams.
Gunter Ollmann's picture
Any bug hunter, security analyst, software vendor, or device manufacturer should not rely on CVSS as the pointy end of the stick for prioritizing remediation.
Gunter Ollmann's picture
In a world of over-hyped bugs, stunt hacking, and branded vulnerability disclosures, my advice to CISOs is to make security lemonade by finding practical next steps to take.
Josh Lefkowitz's picture
Regardless of which framework you use, it’s crucial to operationalize it in the context of your organization’s unique environment and risk factors.
Marc Solomon's picture
Recalculating and reevaluating priorities based on a continuous flow of new data, learnings and your risk profile, helps to ensure you’re staying focused on what matters in a highly dynamic environment.
Josh Lefkowitz's picture
Proper evaluation of business risk requires insight into the likelihood that a vulnerability will be exploited, and if exploited, how that vulnerability could impact the company on a macro level.
Torsten George's picture
Application Programming Interfaces (APIs) provide hackers with multiple venues to access an organization’s data and can even be used to cause massive business disruptions.