Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Recently addressed vulnerabilities in the popular macOS cleanup application CleanMyMac X could allow attackers to modify the file system as root, Cisco Talos security researchers reveal. [Read More]
Two critical vulnerabilities have been patched by Adobe in its Acrobat and Reader products, but administrators don’t need to rush to install the updates. [Read More]
A new version of the NRSMiner is actively spreading in the southern region of Asia and using the EternalBlue exploit to infect systems. [Read More]
A vulnerabilitiy recently patched by Google in Chrome for Android with the release of Chrome 70 in October 2018 was an information disclosure bug that was originally reported in 2015, security researchers say. [Read More]
The European Union is offering nearly $1 million in bug bounties through the FOSSA project for vulnerabilities in 14 widely used free software projects. [Read More]
Vulnerabilities in the WibuKey Digital Rights Management (DRM) solution could be leveraged to disclose information, elevate privileges, or even execute code on affected systems. [Read More]
Singapore government announces second bug bounty program in collaboration with HackerOne after the first initiative resulted in bounties totaling $15,000 for 35 vulnerabilities. [Read More]
By adopting the HackerOne platform, the NCSC is being open and transparent in the handling of vulnerabilities on government websites and systems. [Read More]
Hack the Air Force 3.0: nearly 30 white hat hackers earn more than $130,000 for 120 vulnerabilities found in systems of the U.S. Air Force. [Read More]
Microsoft patches an Internet Explorer zero-day vulnerability that Google researchers say has been exploited in targeted attacks. [Read More]

FEATURES, INSIGHTS // Vulnerabilities

rss icon

David Holmes's picture
Security researchers found 26 vulnerabilities within ISP network devices that would have given them remote admin access to the majority of home networks in the United States.
David Holmes's picture
A manufacturer of a meter may have a different threat model involving the physical aspects of the device itself: device memory, firmware interface, ecosystem communications.
Jim Ivers's picture
These recommendations will help your organization reduce risk and save real money on the cost of resolving defects. It is not often you get such a clear win-win scenario.
Dan Cornell's picture
Being able to properly defend applications requires organizations to first identify their attack surfaces before meaningful risk management can take place.
Marie Hattar's picture
When done successfully, continuous testing and training prevents bugs and performance issues from going out the door, while enabling developers to better spot problems in the future.
Travis Greene's picture
To reduce exposure to malware, security teams need to learn the DevOps techniques that are being adopted across the rest of the IT organization.
Jim Ivers's picture
Medical devices are indeed vulnerable to attack, but the industry is waking up to the breadth of the problems, and several organizations are forming a vanguard to show the way forward.
Jennifer Blatnik's picture
If the WannaCry incident taught us anything, it’s that global, widespread ransomware can and will impact organizations without any notice. The time to prepare is now.
Torsten George's picture
Hackers are exploiting known vulnerabilities and are betting on the fact that organizations don’t know how to fix what really matters.
Jim Ivers's picture
With the advent of connected devices, privacy and security have become tightly linked because theft of private data is often the goal of malicious attacks.