Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Microsoft is rolling out a new software update for Windows 10 devices to enable the Retpoline mitigations against Spectre attacks. [Read More]
Adobe patches CVE-2019-7816, a critical code execution vulnerability in ColdFusion that has been exploited in the wild. [Read More]
HackerOne says two of its hackers have each earned over $1 million by taking part in bug bounty programs and helping organizations fix vulnerabilities in their systems. [Read More]
A recently addressed vulnerability in the Cobalt Strike penetration testing platform could be exploited to identify attacker servers. [Read More]
A hacking group operating under the "Magecart" umbrella has changed its tactics following a November 2018 report exposing their activity. [Read More]
EdgeSpot claims to have seen several malicious PDFs that exploit a zero-day vulnerability in Chrome to collect information on users who open the files. [Read More]
Thunderclap vulnerabilities allow malicious actors to hack a computer and steal sensitive data by connecting a Thunderbolt peripheral device to the targeted system. [Read More]
Many PDF viewers and online validation services contain vulnerabilities that can be exploited to make unauthorized changes to signed PDF documents without invalidating the signature, researchers warn. [Read More]
NVIDIA has released a security update for the NVIDIA GPU display driver, to address several High severity vulnerabilities impacting GeForce, Quadro, NVS, and Tesla products. [Read More]
Malicious hackers start exploiting a critical WinRAR vulnerability disclosed less than a week ago, just as RARLab releases the final version of the update that patches the flaw. [Read More]

FEATURES, INSIGHTS // Vulnerabilities

rss icon

David Holmes's picture
Security researchers found 26 vulnerabilities within ISP network devices that would have given them remote admin access to the majority of home networks in the United States.
David Holmes's picture
A manufacturer of a meter may have a different threat model involving the physical aspects of the device itself: device memory, firmware interface, ecosystem communications.
Jim Ivers's picture
These recommendations will help your organization reduce risk and save real money on the cost of resolving defects. It is not often you get such a clear win-win scenario.
Dan Cornell's picture
Being able to properly defend applications requires organizations to first identify their attack surfaces before meaningful risk management can take place.
Marie Hattar's picture
When done successfully, continuous testing and training prevents bugs and performance issues from going out the door, while enabling developers to better spot problems in the future.
Travis Greene's picture
To reduce exposure to malware, security teams need to learn the DevOps techniques that are being adopted across the rest of the IT organization.
Jim Ivers's picture
Medical devices are indeed vulnerable to attack, but the industry is waking up to the breadth of the problems, and several organizations are forming a vanguard to show the way forward.
Jennifer Blatnik's picture
If the WannaCry incident taught us anything, it’s that global, widespread ransomware can and will impact organizations without any notice. The time to prepare is now.
Torsten George's picture
Hackers are exploiting known vulnerabilities and are betting on the fact that organizations don’t know how to fix what really matters.
Jim Ivers's picture
With the advent of connected devices, privacy and security have become tightly linked because theft of private data is often the goal of malicious attacks.