Security Experts:

long dotted


As a result of massive backlash from the industry, CTS Labs has provided some clarifications about the AMD processor vulnerabilities and its disclosure method [Read More]
Researchers analyzed several text editors and found that many of them can be exploited for privilege escalation. Affected vendors not planning on releasing patches [Read More]
White hats managed to hack Microsoft Edge, Oracle VirtualBox and Apple Safari on the first day of the Pwn2Own 2018 hacking contest, earning a total of $162,000 [Read More]
A vulnerability patched by Microsoft with its March 2018 security patches can be exploited by an attacker to relay user credentials to execute code on a target system. [Read More]
Microsoft has released additional microcode updates and software patches to address the CPU vulnerabilities known as Spectre and Meltdown [Read More]
AMD is investigating claims of critical flaws in its processors, while the company that found the vulnerabilities faces backlash over its disclosure method [Read More]
SAP this week released its March 2018 set of security patches to address High and Medium priority vulnerabilities in its products. [Read More]
Adobe patches critical arbitrary code execution vulnerabilities in Dreamweaver and Flash Player [Read More]
Microsoft patches 75 vulnerabilities with March 2018 Patch Tuesday updates, including over a dozen critical flaws affecting its web browsers [Read More]
CTS said the newly discovered flaws could compromise AMD's new chips that handle applications in the enterprise, industrial and aerospace sectors, as well as consumer products. [Read More]

FEATURES, INSIGHTS // Vulnerabilities

rss icon

David Holmes's picture
DUHK and ROCA are both implementation-specific vulnerabilities concerning one of my favorite topics, random number generators.
Torsten George's picture
The end user community is at the mercy of security researchers to act responsibly in order to limit the potential for their findings to be used for malicious purposes.
Alastair Paterson's picture
With greater awareness about POS system attacks, operations against third-party suppliers, and the vulnerabilities of public or semi-public Wi-Fi networks, companies can do a lot to mitigate risk and ensure safer journeys for travelers.
Jennifer Blatnik's picture
One of the crucial benefits of blockchain is its distributed capabilities, which mean there isn’t one centralized target to hack.
Jim Ivers's picture
Given the observation that consumers still seem oblivious to the risks and the lack of awareness about basic security hygiene, the education push will fall short.
David Holmes's picture
Security researchers found 26 vulnerabilities within ISP network devices that would have given them remote admin access to the majority of home networks in the United States.
David Holmes's picture
A manufacturer of a meter may have a different threat model involving the physical aspects of the device itself: device memory, firmware interface, ecosystem communications.
Jim Ivers's picture
These recommendations will help your organization reduce risk and save real money on the cost of resolving defects. It is not often you get such a clear win-win scenario.
Dan Cornell's picture
Being able to properly defend applications requires organizations to first identify their attack surfaces before meaningful risk management can take place.
Marie Hattar's picture
When done successfully, continuous testing and training prevents bugs and performance issues from going out the door, while enabling developers to better spot problems in the future.