Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
Cisco Talos researchers have discovered nearly a dozen vulnerabilities, including potentially serious flaws, in Schneider Electric Modicon programmable logic controllers. [Read More]
SAP this week released seven new Security Notes as part of the October 2019 Security Patch Day, with two of these notes rated Hot News. [Read More]
A security audit funded by Mozilla has led to the discovery of a critical remote command execution vulnerability in the iTerm2 macOS terminal emulator. [Read More]
NSA warns that multiple state-sponsored threat groups have been exploiting recently disclosed vulnerabilities affecting enterprise VPN products from Pulse Secure, Fortinet and Palo Alto Networks. [Read More]
Apple’s macOS Catalina 10.15 desktop operating system patches 16 vulnerabilities. [Read More]
A critical remote code execution vulnerability in several D-Link routers that reached their end of life remains unpatched. [Read More]
A couple of vulnerabilities affecting the TwinCAT PLC runtime from Beckhoff can be exploited for DoS attacks, which may be triggered by malicious actors or by accident. [Read More]
Microsoft’s Patch Tuesday updates for October 2019 fix 60 vulnerabilities, but none of them have been exploited in the wild and only 9 are considered critical. [Read More]
Google’s October 2019 security patches for Android address a total of 26 vulnerabilities, including a couple of remote code execution bugs impacting Android 10. [Read More]
Versions through 9.0.4 of the Ghidra software reverse engineering (SRE) framework are impacted by a code-execution vulnerability. [Read More]
FEATURES, INSIGHTS // Vulnerabilities
When planning a testing strategy for an application, it is important to evaluate the applicability and likely effectiveness of the various testing approach options.
Several tech vendors have been added to the list of vendors vulnerable to a variation on the Bleichenbacher attack called the ROBOT attack.
Laws to support swift and automatic updates for all devices, and consequence to organizations that fail to ensure their IoT devices are secure, would be a big step forward for IoT security.
With a software composition analysis (SCA) tool in place, security teams can quickly scan an information repository and know where vulnerable software is being used.
The "Reaper" IoT botnet is holding itself up as a blinky light in front of our faces, reminding the InfoSec community that we really need to get ahead of IoT madness.
We need to consider whether traditional approaches to vulnerability management are still viable and if just upgrading existing methods or tools is sufficient.
Vendors, practitioners and security experts must all work closely together to combat the well-funded actors who pose a threat to medical devices.
Why are even the most security-conscious organizations being compromised, and what does it mean for everyone else?
DUHK and ROCA are both implementation-specific vulnerabilities concerning one of my favorite topics, random number generators.
The end user community is at the mercy of security researchers to act responsibly in order to limit the potential for their findings to be used for malicious purposes.
SecurityWeek Daily Briefing
- Ingredients Giant Ingredion Hit by Malware
- Hackers Could Have Hijacked Trump Campaign Email Server: Researchers
- Threat Intelligence Firm Flashpoint Raises $34 Million
- Chinese Hackers Targeted International Aerospace Firms for Years
- Massachusetts Governor Announces New Cybersecurity Program
- Researcher Publishes PoC Exploit for Recent Android Zero-Day
- Under New Ownership, DigiCert Expands into Verified Mark Certificates
- Pitney Bowes Says Disruptions Caused by Ryuk Ransomware
- Indiana Hospital System Notifying Patients After Data Breach
- Russia's Security Service Says Rebuilding Ties With U.S.
Copyright © 2019 Wired Business Media. All Rights Reserved. Privacy Policy