Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
Researchers introduce smart greybox fuzzing, a new method for finding vulnerabilities in libraries that parse complex files. A fuzzer they developed discovered over 40 flaws [Read More]
Industry professionals comment on reports that a vulnerability in an API used by USPS exposed the data of 60 million customers [Read More]
Cisco releases second patch for a high severity Webex Meetings vulnerability. The flaw is known as WebExec and PoC code was released at disclosure [Read More]
Siemens warns users that a multifunctional platform for SIMATIC S7-1500 CPUs is affected by over 20 vulnerabilities in Linux and GNU components [Read More]
Researchers with software risk measurement and management company Checkmarx were able to create two mobile applications that abuse the functionality of smart bulbs for data exfiltration. [Read More]
Two recently disclosed Linux kernel vulnerabilities that remain unpatched could be exploited for local denial-of-service (DoS). [Read More]
The United States Postal Service (USPS) has fixed an API flaw that allowed unauthorized users to view account details, including email address, username, user ID, street address, phone number and mailing campaign data for other users. [Read More]
VMware patches critical vulnerability in Workstation and Fusion. The flaw earned a researcher $100,000 at a hacking competition in China [Read More]
Recently patched vulnerabilities in the popular AMP for WP plugin are being targeted in an active Cross-Site Scripting (XSS) campaign, Wordfence reports. [Read More]
Several vulnerabilities found in Dell EMC Avamar and Integrated Data Protection products. VMware vSphere Data Protection also impacted as it’s based on Avamar [Read More]
FEATURES, INSIGHTS // Vulnerabilities
With a software composition analysis (SCA) tool in place, security teams can quickly scan an information repository and know where vulnerable software is being used.
The "Reaper" IoT botnet is holding itself up as a blinky light in front of our faces, reminding the InfoSec community that we really need to get ahead of IoT madness.
We need to consider whether traditional approaches to vulnerability management are still viable and if just upgrading existing methods or tools is sufficient.
Vendors, practitioners and security experts must all work closely together to combat the well-funded actors who pose a threat to medical devices.
Why are even the most security-conscious organizations being compromised, and what does it mean for everyone else?
DUHK and ROCA are both implementation-specific vulnerabilities concerning one of my favorite topics, random number generators.
The end user community is at the mercy of security researchers to act responsibly in order to limit the potential for their findings to be used for malicious purposes.
With greater awareness about POS system attacks, operations against third-party suppliers, and the vulnerabilities of public or semi-public Wi-Fi networks, companies can do a lot to mitigate risk and ensure safer journeys for travelers.
One of the crucial benefits of blockchain is its distributed capabilities, which mean there isn’t one centralized target to hack.
Given the observation that consumers still seem oblivious to the risks and the lack of awareness about basic security hygiene, the education push will fall short.
SecurityWeek Daily Briefing
- 168 Arrested in Money Mule Crackdown
- Under Fire Huawei Agrees to UK Security Demands: Report
- California Man Gets 26-Month Prison Sentence for DDoS Attacks
- Google Launches Cloud Security Command Center in Beta
- EU Should Worry About Huawei, Other Chinese Firms: Official
- DeepPhish Project Shows Malicious AI is Not as Dangerous as Feared
- Vulnerability Exposes Rockwell Controllers to DoS Attacks
- Preparing for Tomorrow's Threats Today
- North Korea-linked Hackers Target Academic Institutions
- New Lawsuit Claims Marriott Still Exposes Customer Information
Copyright © 2018 Wired Business Media. All Rights Reserved. Privacy Policy