Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Lenovo has released patches for two critical vulnerabilities that were found last year in certain Broadcom Wi-Fi controllers. [Read More]
IBM releases firmware and operating system updates to address the Meltdown and Spectre vulnerabilities in Power Systems servers [Read More]
Facebook decided to increase a researcher’s bug bounty payout after discovering that that a bug he reported could lead to account takeover. [Read More]
Hackers willing to find unpatched vulnerabilities in the Linux operating system and report them to exploit acquisition firm Zerodium can earn up to $45,000 for their findings, the company announced on Thursday. [Read More]
VMware starts releasing patches and workarounds for Virtual Appliance products in response to the Spectre and Meltdown vulnerabilities [Read More]
Trustwave discloses the details of several vulnerabilities affecting Netgear routers, including devices that are top-selling products on Amazon and Best Buy [Read More]
What appears to be the source code of a key component of Apple’s iOS platform, responsible for trusted boot operation, was posted on GitHub yesterday. [Read More]
Google paid nearly $3 million to security researchers in 2017 who reported valid vulnerabilities in its products. [Read More]
Cisco is aware of attacks exploiting CVE-2018-0101, a critical remote code execution and DoS vulnerability affecting the company’s firewalls [Read More]
Intel has started releasing new firmware updates that should address the Spectre vulnerability after the first round of patches caused problems [Read More]

FEATURES, INSIGHTS // Vulnerabilities

rss icon

David Holmes's picture
DUHK and ROCA are both implementation-specific vulnerabilities concerning one of my favorite topics, random number generators.
Torsten George's picture
The end user community is at the mercy of security researchers to act responsibly in order to limit the potential for their findings to be used for malicious purposes.
Alastair Paterson's picture
With greater awareness about POS system attacks, operations against third-party suppliers, and the vulnerabilities of public or semi-public Wi-Fi networks, companies can do a lot to mitigate risk and ensure safer journeys for travelers.
Jennifer Blatnik's picture
One of the crucial benefits of blockchain is its distributed capabilities, which mean there isn’t one centralized target to hack.
Jim Ivers's picture
Given the observation that consumers still seem oblivious to the risks and the lack of awareness about basic security hygiene, the education push will fall short.
David Holmes's picture
Security researchers found 26 vulnerabilities within ISP network devices that would have given them remote admin access to the majority of home networks in the United States.
David Holmes's picture
A manufacturer of a meter may have a different threat model involving the physical aspects of the device itself: device memory, firmware interface, ecosystem communications.
Jim Ivers's picture
These recommendations will help your organization reduce risk and save real money on the cost of resolving defects. It is not often you get such a clear win-win scenario.
Dan Cornell's picture
Being able to properly defend applications requires organizations to first identify their attack surfaces before meaningful risk management can take place.
Marie Hattar's picture
When done successfully, continuous testing and training prevents bugs and performance issues from going out the door, while enabling developers to better spot problems in the future.