Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
HP offering up to $10,000 for serious vulnerabilities found in its printers as part of what the company calls the industry’s first printer bug bounty program [Read More]
Samsung has patched critical vulnerabilities in its SmartThings Hub, which could be exploited to execute OS commands or other arbitrary code on vulnerable devices. [Read More]
A malicious campaign is abusing two chained Office documents, each exploiting a different vulnerability (CVE-2017-0199 and CVE-2017-11882 ) to deliver the FELIXROOT Backdoor. [Read More]
NetSpectre shows that Spectre Variant 1 attacks can be used to read arbitrary memory data remotely in a LAN or the cloud, but exfiltration is limited to 60 bits per hour [Read More]
U.S. Senator Ron Wyden sent a letter to national agencies demanding a collaboration on ending the government use of Adobe Flash. [Read More]
The lack of proper security mechanisms make many car sharing apps highly vulnerable to hacker attacks. Security holes found by Kaspersky can be exploited to obtain personal info and even steal cars [Read More]
One of the Solaris vulnerabilities patched by Oracle with the July 2018 CPU is closely related to a flaw first discovered in 2007 [Read More]
Vulnerabilities in Apache OpenWhisk could have been exploited by hackers to overwrite and execute code in IBM Cloud Functions. Patches released by both Apache and IBM [Read More]
AVEVA, which recently merged with Schneider Electric and took over the Wonderware products, patched critical vulnerabilities in the InduSoft and InTouch HMI/SCADA tools [Read More]
A critical vulnerability in Oracle WebLogic, patched with the July 2018 CPU, has been exploited in the wild by at least two threat groups [Read More]
FEATURES, INSIGHTS // Vulnerabilities
A manufacturer of a meter may have a different threat model involving the physical aspects of the device itself: device memory, firmware interface, ecosystem communications.
These recommendations will help your organization reduce risk and save real money on the cost of resolving defects. It is not often you get such a clear win-win scenario.
Being able to properly defend applications requires organizations to first identify their attack surfaces before meaningful risk management can take place.
When done successfully, continuous testing and training prevents bugs and performance issues from going out the door, while enabling developers to better spot problems in the future.
To reduce exposure to malware, security teams need to learn the DevOps techniques that are being adopted across the rest of the IT organization.
Medical devices are indeed vulnerable to attack, but the industry is waking up to the breadth of the problems, and several organizations are forming a vanguard to show the way forward.
If the WannaCry incident taught us anything, it’s that global, widespread ransomware can and will impact organizations without any notice. The time to prepare is now.
Hackers are exploiting known vulnerabilities and are betting on the fact that organizations don’t know how to fix what really matters.
With the advent of connected devices, privacy and security have become tightly linked because theft of private data is often the goal of malicious attacks.
If we agree that quality and security problems are both a form of defect, then we must sufficiently address both to produce software of the highest integrity.
SecurityWeek Daily Briefing
- ESET Launches New Enterprise Security Tools
- Botnet of Smart Heaters, ACs Can Cause Power Disruptions: Researchers
- NIST Small Business Cybersecurity Act Becomes Law
- Profile of a Threat Hunter
- Google Bug Bounty Program Now Covers Platform Abuse
- FBI Eyes Plethora of River-Related Threats
- SAP Releases August 2018 Security Updates
- Container Security Firm Twistlock Raises $33 Million
- Foreshadow/L1TF: What You Need to Know
- The Real Takeaways From the Reddit Hack
Copyright © 2018 Wired Business Media. All Rights Reserved. Privacy Policy