Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
A researcher discovered multiple vulnerabilities in HP Support Assistant, a utility pre-installed on all HP computers sold after October 2012. [Read More]
Trend Micro’s security researchers discovered 8,000 unsecured Redis instances that were exposed to anyone with an Internet connection. [Read More]
The popular digital wallet application Key Ring recently exposed information belonging to millions of its users. [Read More]
Mozilla has released updates for Firefox to patch two critical use-after-free vulnerabilities that have been exploited in the wild. [Read More]
A white hat hacker says he has earned $75,000 from Apple for reporting several Safari vulnerabilities that can be used to hijack the camera of devices running iOS or macOS. [Read More]
Thousands of mobile applications for Android contain hidden behavior such as backdoors and blacklists, a group of researchers has discovered. [Read More]
A stored XSS vulnerability in the Contact Form 7 Datepicker WordPress plugin will not receive a patch, leaving websites exposed to attacks. [Read More]
Twitter has informed users that some of their personal information may have been exposed due to the way Firefox stores cached data. [Read More]
A security researcher has discovered over 25 different potential vulnerabilities in Windows, including some that could lead to elevation of privileges. [Read More]
Vulnerabilities patched earlier this year in Firefox and Internet Explorer have been exploited by an APT in attacks aimed at China and Japan. [Read More]
- 1 of 415
- ››
FEATURES, INSIGHTS // Vulnerabilities
Performing gap analysis well and remediating findings appropriately can help reduce both the number of weak points within your enterprise and your susceptibility to attack at each of them.
Organizations must adopt a holistic approach to securing their distributed networked environment that enables them to see and manage their entire distributed network, including all attack vectors, through a single pane of glass.
With years of bug bounty programs now behind us, it is interesting to see how the information security sector transformed – or didn’t.
There are good and bad ways to make vulnerabilities known. A premature “full disclosure” of a previously unknown issue can unleash the forces of evil, and the “black hats” often move faster than vendors or enterprise IT teams.
Any bug hunter, security analyst, software vendor, or device manufacturer should not rely on CVSS as the pointy end of the stick for prioritizing remediation.
In a world of over-hyped bugs, stunt hacking, and branded vulnerability disclosures, my advice to CISOs is to make security lemonade by finding practical next steps to take.
Regardless of which framework you use, it’s crucial to operationalize it in the context of your organization’s unique environment and risk factors.
Recalculating and reevaluating priorities based on a continuous flow of new data, learnings and your risk profile, helps to ensure you’re staying focused on what matters in a highly dynamic environment.
Proper evaluation of business risk requires insight into the likelihood that a vulnerability will be exploited, and if exploited, how that vulnerability could impact the company on a macro level.
Application Programming Interfaces (APIs) provide hackers with multiple venues to access an organization’s data and can even be used to cause massive business disruptions.
- 1 of 18
- ››
Subscribe to the Daily Briefing
- Accenture Acquires Critical Infrastructure Protection Firm Revolutionary Security
- Vulnerabilities in B&R Automation Software Facilitate Attacks on ICS Networks
- Attacking the Organism: Telecom Service Providers
- Cisco Research Shows High Success Rate in Bypassing Fingerprint Authentication
- Hackers' New Target During Pandemic: Video Conference Calls
- NASA Sees Increase in Cyberattacks During Coronavirus Outbreak
- Internet Overseers Seek Crackdown on Coronavirus Website Scams
- Security, Privacy Issues Found in Government COVID-19 Mobile Apps
- Increase in Exploited Zero-Days Shows Broader Access to Vulnerabilities
- Free Security Tools, Resources Offered During Coronavirus Outbreak
Copyright © 2020 Wired Business Media. All Rights Reserved. Privacy Policy