Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Apache Struts users urged to update the Commons FileUpload library to the latest version due to a couple of DoS and code execution vulnerabilities [Read More]
U.S. Air Force announces Hack the Air Force 3.0 bug bounty program in collaboration with HackerOne [Read More]
A newly revealed side-channel attack can leak encrypted data from Intel microprocessors that use a Simultaneous Multithreading (SMT) architecture. [Read More]
Industrial control systems (ICS) are vulnerable to power analysis side-channel attacks, researcher warns [Read More]
It took Swiss company Sauter only 10 days to patch a serious arbitrary file read vulnerability affecting one of its building automation products [Read More]
BLEEDINGBIT: Millions of enterprise access points and other network devices may be exposed to remote attacks due to vulnerabilities in Bluetooth Low Energy (BLE) chips made by Texas Instruments [Read More]
Cisco recently discovered that some of its security appliances are affected by an actively exploited DoS zero-day vulnerability [Read More]
iPhone enthusiast Jose Rodriguez (aka videosdebarraquito) finds new iPhone lockscreen bypass. The latest method abuses the recently introduced Group FaceTime feature [Read More]
Apple has released security updates for macOS, iOS and other products. The iOS updates patch several serious FaceTime vulnerabilities and passcode bypass bugs [Read More]
Malicious actors could cause serious damage to organizations in the energy and water sectors by targeting their HMIs, Trend Micro warns [Read More]

FEATURES, INSIGHTS // Vulnerabilities

rss icon

Jim Ivers's picture
With a software composition analysis (SCA) tool in place, security teams can quickly scan an information repository and know where vulnerable software is being used.
David Holmes's picture
The "Reaper" IoT botnet is holding itself up as a blinky light in front of our faces, reminding the InfoSec community that we really need to get ahead of IoT madness.
Torsten George's picture
We need to consider whether traditional approaches to vulnerability management are still viable and if just upgrading existing methods or tools is sufficient.
Jalal Bouhdada's picture
Vendors, practitioners and security experts must all work closely together to combat the well-funded actors who pose a threat to medical devices.
Jim Ivers's picture
Why are even the most security-conscious organizations being compromised, and what does it mean for everyone else?
David Holmes's picture
DUHK and ROCA are both implementation-specific vulnerabilities concerning one of my favorite topics, random number generators.
Torsten George's picture
The end user community is at the mercy of security researchers to act responsibly in order to limit the potential for their findings to be used for malicious purposes.
Alastair Paterson's picture
With greater awareness about POS system attacks, operations against third-party suppliers, and the vulnerabilities of public or semi-public Wi-Fi networks, companies can do a lot to mitigate risk and ensure safer journeys for travelers.
Jennifer Blatnik's picture
One of the crucial benefits of blockchain is its distributed capabilities, which mean there isn’t one centralized target to hack.
Jim Ivers's picture
Given the observation that consumers still seem oblivious to the risks and the lack of awareness about basic security hygiene, the education push will fall short.