Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
Microsoft’s December 2018 Patch Tuesday updates fix tens of vulnerabilities, including a zero-day privilege escalation flaw in the Windows kernel. [Read More]
Adobe patches 87 vulnerabilities in its Acrobat and Reader software, but none of the flaws have been exploited in the wild. [Read More]
The Novidade exploit kit is targeting home and small office routers in an attempt to compromise the mobile devices or desktop computers connected to the routers. [Read More]
Google will close the consumer version of its online social network sooner than originally planned due to the discovery of a new software bug. [Read More]
Remotely exploitable DoS vulnerability found in some of Rockwell Automation’s MicroLogix controllers and ControlLogix communications modules. [Read More]
A new class action lawsuit filed against Marriott following the massive data breach alleges that the hotel giant still exposes customer information. [Read More]
Google this week announced the release of a new set of security patches for the Android operating system, to address over 50 vulnerabilities in the platform. [Read More]
Apple this week released several security updates to address tens of vulnerabilities impacting the iOS and macOS platforms, the Safari browser, and various Windows applications. [Read More]
Siemens conducted a pilot test for releasing security advisories on the second Tuesday of each month (Patch Tuesday), just like Microsoft, Adobe and SAP. [Read More]
The UK government has shared details on its vulnerability equities process (VEP), which is used to decide whether a government agency should disclose a discovered vulnerability or keep it secret for its own purposes. [Read More]
FEATURES, INSIGHTS // Vulnerabilities
With a software composition analysis (SCA) tool in place, security teams can quickly scan an information repository and know where vulnerable software is being used.
The "Reaper" IoT botnet is holding itself up as a blinky light in front of our faces, reminding the InfoSec community that we really need to get ahead of IoT madness.
We need to consider whether traditional approaches to vulnerability management are still viable and if just upgrading existing methods or tools is sufficient.
Vendors, practitioners and security experts must all work closely together to combat the well-funded actors who pose a threat to medical devices.
Why are even the most security-conscious organizations being compromised, and what does it mean for everyone else?
DUHK and ROCA are both implementation-specific vulnerabilities concerning one of my favorite topics, random number generators.
The end user community is at the mercy of security researchers to act responsibly in order to limit the potential for their findings to be used for malicious purposes.
With greater awareness about POS system attacks, operations against third-party suppliers, and the vulnerabilities of public or semi-public Wi-Fi networks, companies can do a lot to mitigate risk and ensure safer journeys for travelers.
One of the crucial benefits of blockchain is its distributed capabilities, which mean there isn’t one centralized target to hack.
Given the observation that consumers still seem oblivious to the risks and the lack of awareness about basic security hygiene, the education push will fall short.
SecurityWeek Daily Briefing
- Backdoor Targeting Malaysian Government a "Mash-up" of Malware
- Serious Flaws Found in ABB Safety PLC Gateways
- Untangle Partners With Malwarebytes to Bring Layered Security to SMBs
- Oath Paid Out $5 Million in Bug Bounties in 2018
- Data Protection Firm Egress Raises $40 Million
- WordPress Patches Privilege Escalation Vulnerabilities
- OT Incident Response: Is it Mission Impossible?
- Testing Security Products: Third-Party Standards vs. In-House Testing
- Czech Warning Over Huawei, ZTE Security 'Threat'
- Twitter Warns of Possible State-Sponsored Attack
Copyright © 2018 Wired Business Media. All Rights Reserved. Privacy Policy