Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

The sheer quantity of weaknesses, concerns and vulnerabilities exposed by even the largest companies is far greater than most people would realize. [Read More]
Several Unix-like operating systems are affected by an X.Org vulnerability that can be exploited for privilege escalation and code execution [Read More]
Microsoft Office is impacted by a logical bug that allows an attacker to abuse the “online video” feature in Word to execute malicious code, Cymulate security researchers warn. [Read More]
SecureAuth Labs researchers discover multiple vulnerabilities in low-level drivers installed by ASRock utilities [Read More]
Cisco patches high severity command injection flaw in WebEx. The researchers who found the vulnerability named it WebExec and made its details public [Read More]
A new zero-day vulnerability in Windows was made public on Twitter by the same researcher who published an exploit for a bug in the Windows Task Scheduler at the end of August [Read More]
The Magecart hackers have now turned to vulnerable Magento extensions [Read More]
Department of Defense announces new Hack the Pentagon bug bounty program that allows it to run year-long assessments for high-value systems [Read More]
New report from CyberX shows that plaintext passwords, direct connections to the Internet, the lack of automated updates for antiviruses, and outdated operating systems often put industrial systems at risk of attacks [Read More]
Cisco and F5 Networks are investigating the possible impact of the recently patched libssh vulnerability on their products, while other vendors have concluded similar investigations [Read More]

FEATURES, INSIGHTS // Vulnerabilities

rss icon

David Holmes's picture
Security researchers found 26 vulnerabilities within ISP network devices that would have given them remote admin access to the majority of home networks in the United States.
David Holmes's picture
A manufacturer of a meter may have a different threat model involving the physical aspects of the device itself: device memory, firmware interface, ecosystem communications.
Jim Ivers's picture
These recommendations will help your organization reduce risk and save real money on the cost of resolving defects. It is not often you get such a clear win-win scenario.
Dan Cornell's picture
Being able to properly defend applications requires organizations to first identify their attack surfaces before meaningful risk management can take place.
Marie Hattar's picture
When done successfully, continuous testing and training prevents bugs and performance issues from going out the door, while enabling developers to better spot problems in the future.
Travis Greene's picture
To reduce exposure to malware, security teams need to learn the DevOps techniques that are being adopted across the rest of the IT organization.
Jim Ivers's picture
Medical devices are indeed vulnerable to attack, but the industry is waking up to the breadth of the problems, and several organizations are forming a vanguard to show the way forward.
Jennifer Blatnik's picture
If the WannaCry incident taught us anything, it’s that global, widespread ransomware can and will impact organizations without any notice. The time to prepare is now.
Torsten George's picture
Hackers are exploiting known vulnerabilities and are betting on the fact that organizations don’t know how to fix what really matters.
Jim Ivers's picture
With the advent of connected devices, privacy and security have become tightly linked because theft of private data is often the goal of malicious attacks.