Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Microsoft’s December 2018 Patch Tuesday updates fix tens of vulnerabilities, including a zero-day privilege escalation flaw in the Windows kernel. [Read More]
Adobe patches 87 vulnerabilities in its Acrobat and Reader software, but none of the flaws have been exploited in the wild. [Read More]
The Novidade exploit kit is targeting home and small office routers in an attempt to compromise the mobile devices or desktop computers connected to the routers. [Read More]
Google will close the consumer version of its online social network sooner than originally planned due to the discovery of a new software bug. [Read More]
Remotely exploitable DoS vulnerability found in some of Rockwell Automation’s MicroLogix controllers and ControlLogix communications modules. [Read More]
A new class action lawsuit filed against Marriott following the massive data breach alleges that the hotel giant still exposes customer information. [Read More]
Google this week announced the release of a new set of security patches for the Android operating system, to address over 50 vulnerabilities in the platform. [Read More]
Apple this week released several security updates to address tens of vulnerabilities impacting the iOS and macOS platforms, the Safari browser, and various Windows applications. [Read More]
Siemens conducted a pilot test for releasing security advisories on the second Tuesday of each month (Patch Tuesday), just like Microsoft, Adobe and SAP. [Read More]
The UK government has shared details on its vulnerability equities process (VEP), which is used to decide whether a government agency should disclose a discovered vulnerability or keep it secret for its own purposes. [Read More]

FEATURES, INSIGHTS // Vulnerabilities

rss icon

Jim Ivers's picture
With a software composition analysis (SCA) tool in place, security teams can quickly scan an information repository and know where vulnerable software is being used.
David Holmes's picture
The "Reaper" IoT botnet is holding itself up as a blinky light in front of our faces, reminding the InfoSec community that we really need to get ahead of IoT madness.
Torsten George's picture
We need to consider whether traditional approaches to vulnerability management are still viable and if just upgrading existing methods or tools is sufficient.
Jalal Bouhdada's picture
Vendors, practitioners and security experts must all work closely together to combat the well-funded actors who pose a threat to medical devices.
Jim Ivers's picture
Why are even the most security-conscious organizations being compromised, and what does it mean for everyone else?
David Holmes's picture
DUHK and ROCA are both implementation-specific vulnerabilities concerning one of my favorite topics, random number generators.
Torsten George's picture
The end user community is at the mercy of security researchers to act responsibly in order to limit the potential for their findings to be used for malicious purposes.
Alastair Paterson's picture
With greater awareness about POS system attacks, operations against third-party suppliers, and the vulnerabilities of public or semi-public Wi-Fi networks, companies can do a lot to mitigate risk and ensure safer journeys for travelers.
Jennifer Blatnik's picture
One of the crucial benefits of blockchain is its distributed capabilities, which mean there isn’t one centralized target to hack.
Jim Ivers's picture
Given the observation that consumers still seem oblivious to the risks and the lack of awareness about basic security hygiene, the education push will fall short.