Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Security vulnerabilities in many satellite telecommunications systems leave them open to hackers, raising potential risks for aviation, shipping, military and other sectors.
The update includes fixes for critical vulnerabilities in Java SE and other products.
A new survey of nearly 600 IT pros found that it takes on average 140 days to find breaches due to SQL injection attacks and 68 days to remediate them.
Web browsers may be overloaded by the overhaul of security certificates, leading to error messages and impacting Web performance.
British parenting website Mumsnet is the latest organization to have been hacked due to the "Heartbleed" bug, founder Justine Roberts revealed.
Akamai Technologies admitted some custom code it thought protected users against the Heartbleed vulnerability is flawed.
Personal data for as many as 900 Canadian taxpayers was stolen after being made vulnerable by the "Heartbleed" bug, officials in Ottawa said on Monday.
CloudFlare was able to confirm that an attacker can retrieve a server's private SSL key by exploiting the "Heartbleed" Vulnerability.
The NSA denied a report claiming it was aware of and even exploited the "Heartbleed" online security flaw to gather critical intelligence.
An appeals court in the United States overturned the conviction of a self-described "security research" hacker for breaking into the AT&T online network to reveal a security flaw.

FEATURES, INSIGHTS // Vulnerabilities

rss icon

Torsten George's picture
A threat is the agent that takes advantage of a vulnerability. This relationship must be a key factor in the risk assessment process and can no longer be treated as risk’s neglected step child.
Mark Hatton's picture
Here are five things I recommend security pros keep in mind when navigating the line between tight security and keeping the organization running at peak proficiency.
Chris Hinkley's picture
Whether you’re buying a smart refrigerator for your home or a printer for your company, your first step is deciding the risk involved and how to deploy the device in a secure manner while preserving the functionality you require.
Mark Hatton's picture
Predictive security narrows the scope considerably and helps IT and security pros zero-in on the most likely vulnerabilities and areas most-at-risk due to the sensitive nature of the data they hold.
Chris Hinkley's picture
Vulnerabilities are a fact of life. Independent testing may be illegal without express permission, but that doesn’t stop code pillagers from sniffing out vulnerabilities and weaknesses in your web applications.
Torsten George's picture
Without putting vulnerabilities into the context of the risk associated with them, organizations often misalign their remediation resources.
Mark Hatton's picture
Complacency is never a good thing, but in security it can have devastating effects. While it’s good to acknowledge progress, that should never stand in the way of staying ahead of the next potential threat.
Mark Hatton's picture
The best way to anticipate a move by an adversary is to put yourself in their position and ask, what would I do in the same situation? Studying the ways in which you would attack a given situation provides a strategic advantage when planning your defense.
Ryan Naraine's picture
In this podcast, Richard Boscovich, assistant general counsel in the Microsoft Digital Crimes Unit, talks about the new Microsoft Cybercrime Center and the ongoing battle to stop the proliferation of botnets around the world.
Michael Callahan's picture
There’s more than functionality and availability issues ailing Healthcare.gov. There’s significant potential for compromise.