Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Over a dozen vulnerabilities, including remote code execution and DoS flaws, have been found in FreeRTOS. The microcontroller OS is used for consumer products, B2B solutions and industrial automation [Read More]
Several vulnerabilities patched in Drupal 7 and 8, including two ‘critical’ remote code execution vulnerabilities [Read More]
Several vulnerabilities, including ones rated high severity, have been patched in Splunk Enterprise and Splunk Light [Read More]
Celia/VGo telepresence robots from Vecna are affected by several vulnerabilities [Read More]
NFCdrip attack shows that NFC can be used for long-range exfiltration. Passwords and other data can be quickly stolen over tens of meters [Read More]
Tumblr has patched a vulnerability that could have been exploited to obtain user account information, including email addresses and protected passwords [Read More]
Many servers may be exposed to attacks due to an authentication bypass vulnerability affecting the libssh SSH library [Read More]
Google released Chrome 70 on Tuesday and the latest version brings updated sign-in options and patches for 23 vulnerabilities [Read More]
Researchers find critical vulnerabilities that can be exploited to take full control of D-Link routers. Serious flaws also discovered in Linksys routers [Read More]
Oracle’s October 2018 Critical Patch Update (CPU) includes 301 security fixes, bringing the total number of patches released this year to 1,119 [Read More]

FEATURES, INSIGHTS // Vulnerabilities

rss icon

Marc Solomon's picture
Recalculating and reevaluating priorities based on a continuous flow of new data, learnings and your risk profile, helps to ensure you’re staying focused on what matters in a highly dynamic environment.
Josh Lefkowitz's picture
Proper evaluation of business risk requires insight into the likelihood that a vulnerability will be exploited, and if exploited, how that vulnerability could impact the company on a macro level.
Torsten George's picture
Application Programming Interfaces (APIs) provide hackers with multiple venues to access an organization’s data and can even be used to cause massive business disruptions.
Torsten George's picture
Microservices and containers enable faster application delivery and improved IT efficiency. However, the adoption of these technologies has outpaced security.
Oliver Rochford's picture
We can’t rely on our own governments to practice responsible full disclosure. Full Disclosure is compromised. We can’t really blame them. Either everyone discloses, or no-one does.
Ashley Arbuckle's picture
By understanding and easing the cultural shift this entails, you can save time and money and sleep better at night with security occupying a seat at the DevOps table.
Travis Greene's picture
As DevOps and agile development methodologies take greater root in the enterprise, the traditional tools and approaches for eliminating vulnerabilities in code will no longer be able to keep pace.
Dan Cornell's picture
When planning a testing strategy for an application, it is important to evaluate the applicability and likely effectiveness of the various testing approach options.
David Holmes's picture
Several tech vendors have been added to the list of vendors vulnerable to a variation on the Bleichenbacher attack called the ROBOT attack.
Lance Cottrell's picture
Laws to support swift and automatic updates for all devices, and consequence to organizations that fail to ensure their IoT devices are secure, would be a big step forward for IoT security.