Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

HP offering up to $10,000 for serious vulnerabilities found in its printers as part of what the company calls the industry’s first printer bug bounty program [Read More]
Samsung has patched critical vulnerabilities in its SmartThings Hub, which could be exploited to execute OS commands or other arbitrary code on vulnerable devices. [Read More]
A malicious campaign is abusing two chained Office documents, each exploiting a different vulnerability (CVE-2017-0199 and CVE-2017-11882 ) to deliver the FELIXROOT Backdoor. [Read More]
NetSpectre shows that Spectre Variant 1 attacks can be used to read arbitrary memory data remotely in a LAN or the cloud, but exfiltration is limited to 60 bits per hour [Read More]
U.S. Senator Ron Wyden sent a letter to national agencies demanding a collaboration on ending the government use of Adobe Flash. [Read More]
The lack of proper security mechanisms make many car sharing apps highly vulnerable to hacker attacks. Security holes found by Kaspersky can be exploited to obtain personal info and even steal cars [Read More]
One of the Solaris vulnerabilities patched by Oracle with the July 2018 CPU is closely related to a flaw first discovered in 2007 [Read More]
Vulnerabilities in Apache OpenWhisk could have been exploited by hackers to overwrite and execute code in IBM Cloud Functions. Patches released by both Apache and IBM [Read More]
AVEVA, which recently merged with Schneider Electric and took over the Wonderware products, patched critical vulnerabilities in the InduSoft and InTouch HMI/SCADA tools [Read More]
A critical vulnerability in Oracle WebLogic, patched with the July 2018 CPU, has been exploited in the wild by at least two threat groups [Read More]

FEATURES, INSIGHTS // Vulnerabilities

rss icon

David Holmes's picture
A manufacturer of a meter may have a different threat model involving the physical aspects of the device itself: device memory, firmware interface, ecosystem communications.
Jim Ivers's picture
These recommendations will help your organization reduce risk and save real money on the cost of resolving defects. It is not often you get such a clear win-win scenario.
Dan Cornell's picture
Being able to properly defend applications requires organizations to first identify their attack surfaces before meaningful risk management can take place.
Marie Hattar's picture
When done successfully, continuous testing and training prevents bugs and performance issues from going out the door, while enabling developers to better spot problems in the future.
Travis Greene's picture
To reduce exposure to malware, security teams need to learn the DevOps techniques that are being adopted across the rest of the IT organization.
Jim Ivers's picture
Medical devices are indeed vulnerable to attack, but the industry is waking up to the breadth of the problems, and several organizations are forming a vanguard to show the way forward.
Jennifer Blatnik's picture
If the WannaCry incident taught us anything, it’s that global, widespread ransomware can and will impact organizations without any notice. The time to prepare is now.
Torsten George's picture
Hackers are exploiting known vulnerabilities and are betting on the fact that organizations don’t know how to fix what really matters.
Jim Ivers's picture
With the advent of connected devices, privacy and security have become tightly linked because theft of private data is often the goal of malicious attacks.
Jim Ivers's picture
If we agree that quality and security problems are both a form of defect, then we must sufficiently address both to produce software of the highest integrity.