Security Experts:

long dotted


Researchers introduce smart greybox fuzzing, a new method for finding vulnerabilities in libraries that parse complex files. A fuzzer they developed discovered over 40 flaws [Read More]
Industry professionals comment on reports that a vulnerability in an API used by USPS exposed the data of 60 million customers [Read More]
Cisco releases second patch for a high severity Webex Meetings vulnerability. The flaw is known as WebExec and PoC code was released at disclosure [Read More]
Siemens warns users that a multifunctional platform for SIMATIC S7-1500 CPUs is affected by over 20 vulnerabilities in Linux and GNU components [Read More]
Researchers with software risk measurement and management company Checkmarx were able to create two mobile applications that abuse the functionality of smart bulbs for data exfiltration. [Read More]
Two recently disclosed Linux kernel vulnerabilities that remain unpatched could be exploited for local denial-of-service (DoS). [Read More]
The United States Postal Service (USPS) has fixed an API flaw that allowed unauthorized users to view account details, including email address, username, user ID, street address, phone number and mailing campaign data for other users. [Read More]
VMware patches critical vulnerability in Workstation and Fusion. The flaw earned a researcher $100,000 at a hacking competition in China [Read More]
Recently patched vulnerabilities in the popular AMP for WP plugin are being targeted in an active Cross-Site Scripting (XSS) campaign, Wordfence reports. [Read More]
Several vulnerabilities found in Dell EMC Avamar and Integrated Data Protection products. VMware vSphere Data Protection also impacted as it’s based on Avamar [Read More]

FEATURES, INSIGHTS // Vulnerabilities

rss icon

Jim Ivers's picture
With a software composition analysis (SCA) tool in place, security teams can quickly scan an information repository and know where vulnerable software is being used.
David Holmes's picture
The "Reaper" IoT botnet is holding itself up as a blinky light in front of our faces, reminding the InfoSec community that we really need to get ahead of IoT madness.
Torsten George's picture
We need to consider whether traditional approaches to vulnerability management are still viable and if just upgrading existing methods or tools is sufficient.
Jalal Bouhdada's picture
Vendors, practitioners and security experts must all work closely together to combat the well-funded actors who pose a threat to medical devices.
Jim Ivers's picture
Why are even the most security-conscious organizations being compromised, and what does it mean for everyone else?
David Holmes's picture
DUHK and ROCA are both implementation-specific vulnerabilities concerning one of my favorite topics, random number generators.
Torsten George's picture
The end user community is at the mercy of security researchers to act responsibly in order to limit the potential for their findings to be used for malicious purposes.
Alastair Paterson's picture
With greater awareness about POS system attacks, operations against third-party suppliers, and the vulnerabilities of public or semi-public Wi-Fi networks, companies can do a lot to mitigate risk and ensure safer journeys for travelers.
Jennifer Blatnik's picture
One of the crucial benefits of blockchain is its distributed capabilities, which mean there isn’t one centralized target to hack.
Jim Ivers's picture
Given the observation that consumers still seem oblivious to the risks and the lack of awareness about basic security hygiene, the education push will fall short.