Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

A vulnerability in the NVIDIA GeForce Experience (GFE) could be exploited for the execution of arbitrary commands on affected systems. [Read More]
NLA feature of Windows Remote Desktop Services can allow a hacker to bypass the lockscreen on remote sessions and there is no patch from Microsoft, CERT/CC warns. [Read More]
An easy-to-exploit local privilege escalation vulnerability has been found and patched in Rapid7’s InsightIDR intruder analytics solution. [Read More]
Serious vulnerabilities have been found and patched in the Kace K1000 systems management appliance from Quest (formerly offered by Dell). [Read More]
Hackers can use synthetic clicks to bypass many of the privacy and security features implemented by Apple in macOS. The vulnerability is currently unpatched. [Read More]
Unpatched vulnerabilities found in the rkt container runtime can be exploited by an attacker to escape the container and gain root access to the host. [Read More]
Microsoft has reminded users to patch the wormable Windows vulnerability tracked as BlueKeep and CVE-2019-0708 due to the high risk of exploitation. [Read More]
Several vulnerabilities, including ones classified as “high risk,” have been found in APROL process control systems from B&R Industrial Automation. [Read More]
Apple this week released updates for iTunes and iCloud for Windows applications, to address recently disclosed SQLite and WebKit security flaws in them. [Read More]
A newly disclosed vulnerability in Docker could be exploited by a malicious attacker to escape the container and gain arbitrary read/write file access on the host with root privileges. [Read More]

FEATURES, INSIGHTS // Vulnerabilities

rss icon

David Holmes's picture
Security researchers found 26 vulnerabilities within ISP network devices that would have given them remote admin access to the majority of home networks in the United States.
David Holmes's picture
A manufacturer of a meter may have a different threat model involving the physical aspects of the device itself: device memory, firmware interface, ecosystem communications.
Jim Ivers's picture
These recommendations will help your organization reduce risk and save real money on the cost of resolving defects. It is not often you get such a clear win-win scenario.
Dan Cornell's picture
Being able to properly defend applications requires organizations to first identify their attack surfaces before meaningful risk management can take place.
Marie Hattar's picture
When done successfully, continuous testing and training prevents bugs and performance issues from going out the door, while enabling developers to better spot problems in the future.
Travis Greene's picture
To reduce exposure to malware, security teams need to learn the DevOps techniques that are being adopted across the rest of the IT organization.
Jim Ivers's picture
Medical devices are indeed vulnerable to attack, but the industry is waking up to the breadth of the problems, and several organizations are forming a vanguard to show the way forward.
Jennifer Blatnik's picture
If the WannaCry incident taught us anything, it’s that global, widespread ransomware can and will impact organizations without any notice. The time to prepare is now.
Torsten George's picture
Hackers are exploiting known vulnerabilities and are betting on the fact that organizations don’t know how to fix what really matters.
Jim Ivers's picture
With the advent of connected devices, privacy and security have become tightly linked because theft of private data is often the goal of malicious attacks.