Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Brand new Mac computers used in enterprise environments can be hacked on the first boot via Apple’s mobile device management (MDM) protocol, researchers show [Read More]
Researchers disclosed the details of two serious vulnerabilities affecting ATM dispenser controllers from NCR. The flaws could have been exploited to install vulnerable firmware and get ATMs to dispense cash [Read More]
A GitHub API token leaked from Homebrew’s Jenkins provided a security researcher with access to core Homebrew software repositories (repos). [Read More]
High severity vulnerabilities affecting Siemens’ TIA Portal automation tool can be exploited by threat actors to move laterally in ICS environments [Read More]
Critical vulnerabilities discovered in smart city systems can be exploited by hackers to cause panic, researchers warn [Read More]
High severity vulnerability affecting a security feature in the BIND DNS software can be exploited for DoS attacks. Patches and workarounds available [Read More]
Researchers discovered 23 vulnerabilities in OpenEMR, including critical flaws that can be exploited to gain access to medical records [Read More]
Researchers at CheckPoint found a flaw in WhatsApp that could allow hackers to modify and send fake messages in the popular social messaging app. [Read More]
IBM’s X-Force Red, a team of veteran hackers focused on finding security vulnerabilities in devices and systems, now has four new labs to work in. [Read More]
SegmentSmack is a Linux kernel vulnerability that allows remote DoS attacks. Tens of major vendors may be impacted [Read More]

FEATURES, INSIGHTS // Vulnerabilities

rss icon

David Holmes's picture
The "Reaper" IoT botnet is holding itself up as a blinky light in front of our faces, reminding the InfoSec community that we really need to get ahead of IoT madness.
Torsten George's picture
We need to consider whether traditional approaches to vulnerability management are still viable and if just upgrading existing methods or tools is sufficient.
Jalal Bouhdada's picture
Vendors, practitioners and security experts must all work closely together to combat the well-funded actors who pose a threat to medical devices.
Jim Ivers's picture
Why are even the most security-conscious organizations being compromised, and what does it mean for everyone else?
David Holmes's picture
DUHK and ROCA are both implementation-specific vulnerabilities concerning one of my favorite topics, random number generators.
Torsten George's picture
The end user community is at the mercy of security researchers to act responsibly in order to limit the potential for their findings to be used for malicious purposes.
Alastair Paterson's picture
With greater awareness about POS system attacks, operations against third-party suppliers, and the vulnerabilities of public or semi-public Wi-Fi networks, companies can do a lot to mitigate risk and ensure safer journeys for travelers.
Jennifer Blatnik's picture
One of the crucial benefits of blockchain is its distributed capabilities, which mean there isn’t one centralized target to hack.
Jim Ivers's picture
Given the observation that consumers still seem oblivious to the risks and the lack of awareness about basic security hygiene, the education push will fall short.
David Holmes's picture
Security researchers found 26 vulnerabilities within ISP network devices that would have given them remote admin access to the majority of home networks in the United States.