Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
DNSpooq is the name given to 7 Dnsmasq vulnerabilities that could expose millions of devices to DNS cache poisoning, remote code execution and DoS attacks. [Read More]
In one attack, the cybercriminals found an employee via the company’s chatroom and then convinced them to log into a fake VPN page to reveal their credentials. [Read More]
An expired domain allowed a researcher to hijack the country code top-level domain (TLD) of Congo. [Read More]
Going after high profile victims appears to have allowed Ryuk ransomware operators to build a highly lucrative malware enterprise. [Read More]
A couple of researchers have earned $50,000 from Apple for finding some serious vulnerabilities on the tech giant’s servers. [Read More]
Some of Siemens’ product development solutions are affected by tens of vulnerabilities that can be exploited for arbitrary code execution using malicious files. [Read More]
To patch the Netlogon protocol, a February 9 security update will enable a Domain Controller enforcement mode. [Read More]
A researcher has launched Malvuln, a project that catalogues vulnerabilities in malware and shows how they can be exploited. [Read More]
A high-severity vulnerability affecting F5 Networks’ BIG-IP Access Policy Manager (APM) solution can be exploited for remote DoS attacks. [Read More]
According to a Wall Street Journal report, TikTok used a banned tactic to bypass the privacy safeguard in Android to harvest unique identifiers from millions of mobile devices. [Read More]
FEATURES, INSIGHTS // Vulnerabilities
Application Programming Interfaces (APIs) provide hackers with multiple venues to access an organization’s data and can even be used to cause massive business disruptions.
Microservices and containers enable faster application delivery and improved IT efficiency. However, the adoption of these technologies has outpaced security.
We can’t rely on our own governments to practice responsible full disclosure. Full Disclosure is compromised. We can’t really blame them. Either everyone discloses, or no-one does.
By understanding and easing the cultural shift this entails, you can save time and money and sleep better at night with security occupying a seat at the DevOps table.
As DevOps and agile development methodologies take greater root in the enterprise, the traditional tools and approaches for eliminating vulnerabilities in code will no longer be able to keep pace.
When planning a testing strategy for an application, it is important to evaluate the applicability and likely effectiveness of the various testing approach options.
Several tech vendors have been added to the list of vendors vulnerable to a variation on the Bleichenbacher attack called the ROBOT attack.
Laws to support swift and automatic updates for all devices, and consequence to organizations that fail to ensure their IoT devices are secure, would be a big step forward for IoT security.
With a software composition analysis (SCA) tool in place, security teams can quickly scan an information repository and know where vulnerable software is being used.
The "Reaper" IoT botnet is holding itself up as a blinky light in front of our faces, reminding the InfoSec community that we really need to get ahead of IoT madness.
Get the Daily Briefing
- Google Warning: North Korean Gov Hackers Targeting Security Researchers
- South Carolina County Suffers Weekend Cyberattack
- Phishers Target C-Suite with Fake Office 365 Password Expiration Reports
- Passwordless Authentication Provider Axiad Raises $20 Million
- Clothing Brand Bonobos Notifies Users of Data Breach
- Packaging Giant WestRock Says Ransomware Attack Impacted OT Systems
- CrowdStrike Discloses Details of Recently Patched Windows NTLM Vulnerability
- Russian Hack of US Agencies Exposed Supply Chain Weaknesses
- Industrial Firms Informed About Serious Vulnerabilities in Matrikon OPC Product
- Illinois Court Exposes More Than 323,000 Sensitive Records
Copyright © 2020 Wired Business Media. All Rights Reserved. Privacy Policy