Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

More than 600 vulnerabilities were disclosed in the first half of 2021 and more than 60% are critical or high severity. [Read More]
Critical- and high-severity vulnerabilities in Cisco’s data center management console could lead to command execution and sensitive information leaks. [Read More]
Apple's security response team has pushed out software fixes for at least 39 software vulnerabilities haunting the macOS Catalina, iOS and iPadOS platforms. [Read More]
A critical vulnerability in Netwrix Auditor can allow attackers to execute arbitrary code on the server and possibly compromise the Active Directory domain. [Read More]
Google has addressed 11 vulnerabilities with the latest Chrome 103 update, including several high-severity use-after-free issues reported by external researchers. [Read More]
Oracle’s July 2022 CPU includes 349 new security patches, 230 of which address vulnerabilities that can be exploited remotely, without authentication. [Read More]
British startup Push Security has banked $4 million in early-stage funding to help secure SaaS app deployments. [Read More]
MDR platform provider Huntress has shelled out $22 million to acquire Curricula, a startup in the growing security awareness business. [Read More]
Microsoft releases Azure Storage SDK update to address a padding oracle vulnerability in client-side encryption. [Read More]
Widely used Micodus vehicle GPS trackers are affected by critical vulnerabilities that can be exploited by hackers to stalk people and remotely disable cars. [Read More]

FEATURES, INSIGHTS // Vulnerabilities

rss icon

Jim Ivers's picture
Given the observation that consumers still seem oblivious to the risks and the lack of awareness about basic security hygiene, the education push will fall short.
David Holmes's picture
Security researchers found 26 vulnerabilities within ISP network devices that would have given them remote admin access to the majority of home networks in the United States.
David Holmes's picture
A manufacturer of a meter may have a different threat model involving the physical aspects of the device itself: device memory, firmware interface, ecosystem communications.
Jim Ivers's picture
These recommendations will help your organization reduce risk and save real money on the cost of resolving defects. It is not often you get such a clear win-win scenario.
Dan Cornell's picture
Being able to properly defend applications requires organizations to first identify their attack surfaces before meaningful risk management can take place.
Marie Hattar's picture
When done successfully, continuous testing and training prevents bugs and performance issues from going out the door, while enabling developers to better spot problems in the future.
Travis Greene's picture
To reduce exposure to malware, security teams need to learn the DevOps techniques that are being adopted across the rest of the IT organization.
Jim Ivers's picture
Medical devices are indeed vulnerable to attack, but the industry is waking up to the breadth of the problems, and several organizations are forming a vanguard to show the way forward.
Jennifer Blatnik's picture
If the WannaCry incident taught us anything, it’s that global, widespread ransomware can and will impact organizations without any notice. The time to prepare is now.
Torsten George's picture
Hackers are exploiting known vulnerabilities and are betting on the fact that organizations don’t know how to fix what really matters.