Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
Microsoft patches 50 vulnerabilities with June 2018 Patch Tuesday updates, including 11 critical remote code execution flaws affecting Windows and web browsers [Read More]
Okta researchers find flaw that allows malicious untrusted code to masquerade as legitimate trusted code and bypass checks by security software. All Mac OSs since 2005 affected, but no patch from Apple [Read More]
Crestron patches critical command injection vulnerability affecting the console service on its Digital Graphics Engine 100 (DGE-100) and other controllers [Read More]
ActiveX zero-day vulnerability discovered recently on the website of a South Korean think tank focused on national security has been abused by North Korea’s Lazarus group [Read More]
VMware patches remote code execution vulnerability in the Android and Windows Mobile agents for the Workspace ONE/AirWatch platform [Read More]
Several critical vulnerabilities expose door communication systems from ABB to remote hacker attacks. Patches and workarounds are available [Read More]
Many vendors ship Android devices with the Android Debug Bridge (ADB) feature enabled, exposing them to various attacks [Read More]
Insecure configurations and vulnerabilities in communications and navigation systems can allow hackers to remotely track, hijack and sink ships, researchers warn [Read More]
Cisco patches critical and high severity vulnerabilities in Prime Collaboration Provisioning (PCP) and other products [Read More]
Drupal’s security team has refuted reports that at least 115,000 websites are still vulnerable to Drupalgeddon2 attacks, arguing that the methodology used by the researcher who presented the number is flawed [Read More]
FEATURES, INSIGHTS // Vulnerabilities
Vendors, practitioners and security experts must all work closely together to combat the well-funded actors who pose a threat to medical devices.
Why are even the most security-conscious organizations being compromised, and what does it mean for everyone else?
DUHK and ROCA are both implementation-specific vulnerabilities concerning one of my favorite topics, random number generators.
The end user community is at the mercy of security researchers to act responsibly in order to limit the potential for their findings to be used for malicious purposes.
With greater awareness about POS system attacks, operations against third-party suppliers, and the vulnerabilities of public or semi-public Wi-Fi networks, companies can do a lot to mitigate risk and ensure safer journeys for travelers.
One of the crucial benefits of blockchain is its distributed capabilities, which mean there isn’t one centralized target to hack.
Given the observation that consumers still seem oblivious to the risks and the lack of awareness about basic security hygiene, the education push will fall short.
Security researchers found 26 vulnerabilities within ISP network devices that would have given them remote admin access to the majority of home networks in the United States.
A manufacturer of a meter may have a different threat model involving the physical aspects of the device itself: device memory, firmware interface, ecosystem communications.
These recommendations will help your organization reduce risk and save real money on the cost of resolving defects. It is not often you get such a clear win-win scenario.
SecurityWeek Daily Briefing
- Tesla Breach: Malicious Insider Revenge or Whistleblowing?
- "Wavethrough" Bug in Microsoft Edge Leaks Sensitive Information
- New Encrypted Downloader Delivers Metasploit Backdoor
- Watch Out for Fileless Ransomware
- How to Shed the Security Operations Doldrums
- Hidden Tunnels: A Favored Tactic to Evade Strong Access Controls
- Hackers Exploit Drupal Flaw for Monero Mining
- Red Alert Android Trojan for Rent at $500 Per Month
- Cisco Patches Critical Flaws in NX-OS Software
- Google Marks APKs Distributed by Google Play
Copyright © 2018 Wired Business Media. All Rights Reserved. Privacy Policy