Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
The sheer quantity of weaknesses, concerns and vulnerabilities exposed by even the largest companies is far greater than most people would realize. [Read More]
Several Unix-like operating systems are affected by an X.Org vulnerability that can be exploited for privilege escalation and code execution [Read More]
Microsoft Office is impacted by a logical bug that allows an attacker to abuse the “online video” feature in Word to execute malicious code, Cymulate security researchers warn. [Read More]
SecureAuth Labs researchers discover multiple vulnerabilities in low-level drivers installed by ASRock utilities [Read More]
Cisco patches high severity command injection flaw in WebEx. The researchers who found the vulnerability named it WebExec and made its details public [Read More]
A new zero-day vulnerability in Windows was made public on Twitter by the same researcher who published an exploit for a bug in the Windows Task Scheduler at the end of August [Read More]
The Magecart hackers have now turned to vulnerable Magento extensions [Read More]
Department of Defense announces new Hack the Pentagon bug bounty program that allows it to run year-long assessments for high-value systems [Read More]
New report from CyberX shows that plaintext passwords, direct connections to the Internet, the lack of automated updates for antiviruses, and outdated operating systems often put industrial systems at risk of attacks [Read More]
Cisco and F5 Networks are investigating the possible impact of the recently patched libssh vulnerability on their products, while other vendors have concluded similar investigations [Read More]
FEATURES, INSIGHTS // Vulnerabilities
Security researchers found 26 vulnerabilities within ISP network devices that would have given them remote admin access to the majority of home networks in the United States.
A manufacturer of a meter may have a different threat model involving the physical aspects of the device itself: device memory, firmware interface, ecosystem communications.
These recommendations will help your organization reduce risk and save real money on the cost of resolving defects. It is not often you get such a clear win-win scenario.
Being able to properly defend applications requires organizations to first identify their attack surfaces before meaningful risk management can take place.
When done successfully, continuous testing and training prevents bugs and performance issues from going out the door, while enabling developers to better spot problems in the future.
To reduce exposure to malware, security teams need to learn the DevOps techniques that are being adopted across the rest of the IT organization.
Medical devices are indeed vulnerable to attack, but the industry is waking up to the breadth of the problems, and several organizations are forming a vanguard to show the way forward.
If the WannaCry incident taught us anything, it’s that global, widespread ransomware can and will impact organizations without any notice. The time to prepare is now.
Hackers are exploiting known vulnerabilities and are betting on the fact that organizations don’t know how to fix what really matters.
With the advent of connected devices, privacy and security have become tightly linked because theft of private data is often the goal of malicious attacks.
SecurityWeek Daily Briefing
- Sophisticated Cyberattack Targets Pakistani Military
- What the Onslow Water and Sewer Authority Can Teach About Responsible Disclosure
- APT Simulation Provider XM Cyber Raises $22 Million
- Cloud Security Firm Netskope Raises $168.7 Million
- Samsung Galaxy S9, iPhone X Hacked at Pwn2Own Tokyo
- Google Services Inaccessible Due to BGP Leak
- 51 States Pledge Support for Global Cybersecurity Rules
- Researcher Bypasses Windows UAC by Spoofing Trusted Directory
- New Cloudflare DNS App Brings Increased Privacy for Mobile Devices
- Intel Asks for Comments on Draft Federal Privacy Law
Copyright © 2018 Wired Business Media. All Rights Reserved. Privacy Policy