Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
Vulnerabilities in high-end smart alarms for cars exposed millions of vehicles to hacker attacks that could have had serious consequences. [Read More]
Google releases information on a zero-day vulnerability in Windows being actively exploited in targeted attacks alongside a recently fixed Chrome flaw. [Read More]
Exploit acquisition firm Zerodium is offering up to $500,000 for VMware ESXi and Microsoft Hyper-V exploits that allow the attacker to gain full access to the host. [Read More]
Over two dozen high severity vulnerabilities have been found in Cisco’s Nexus switches, including flaws that can be exploited for DoS attacks, code execution and privilege escalation. [Read More]
The products of several industrial automation companies are affected by the recently disclosed vulnerabilities in the WibuKey DRM solution. [Read More]
An update released recently by Google for its Chrome browser patches a vulnerability that has been exploited in the wild. [Read More]
A critical vulnerability in Rockwell Automation’s RSLinx Classic software can be exploited for DoS attacks and possibly for remote code execution. [Read More]
The results of a survey of 5,558 IT professionals from more than 150 countries confirm DevSecOps as a key and growing approach to effective software development. [Read More]
Microsoft is rolling out a new software update for Windows 10 devices to enable the Retpoline mitigations against Spectre attacks. [Read More]
Adobe patches CVE-2019-7816, a critical code execution vulnerability in ColdFusion that has been exploited in the wild. [Read More]
FEATURES, INSIGHTS // Vulnerabilities
With a software composition analysis (SCA) tool in place, security teams can quickly scan an information repository and know where vulnerable software is being used.
The "Reaper" IoT botnet is holding itself up as a blinky light in front of our faces, reminding the InfoSec community that we really need to get ahead of IoT madness.
We need to consider whether traditional approaches to vulnerability management are still viable and if just upgrading existing methods or tools is sufficient.
Vendors, practitioners and security experts must all work closely together to combat the well-funded actors who pose a threat to medical devices.
Why are even the most security-conscious organizations being compromised, and what does it mean for everyone else?
DUHK and ROCA are both implementation-specific vulnerabilities concerning one of my favorite topics, random number generators.
The end user community is at the mercy of security researchers to act responsibly in order to limit the potential for their findings to be used for malicious purposes.
With greater awareness about POS system attacks, operations against third-party suppliers, and the vulnerabilities of public or semi-public Wi-Fi networks, companies can do a lot to mitigate risk and ensure safer journeys for travelers.
One of the crucial benefits of blockchain is its distributed capabilities, which mean there isn’t one centralized target to hack.
Given the observation that consumers still seem oblivious to the risks and the lack of awareness about basic security hygiene, the education push will fall short.
SecurityWeek Daily Briefing
- Google Open Sources Sandboxed API
- New Mirai Variant Targets Enterprise IoT Devices
- Slack Introduces Enterprise Key Management Tool
- 'Shameless' Scammers Seek to Cash in on Christchurch Massacre
- Android Q Brings New Privacy and Security Features
- EU Adopts New Response Protocol for Major Cyberattacks
- Not All Context in Threat Intelligence is Created Equal
- Chrome, Firefox Get Windows Defender Application Guard Extensions
- Australia's Intelligence Agency Publishes its Vulnerability Disclosure Process
- Beto O'Rourke 'Mortified' Over Articles Written as Teen Member of Cult of the Dead Cow Hacker Group
Copyright © 2019 Wired Business Media. All Rights Reserved. Privacy Policy