Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Security researchers discovered that accounts of the wildly popular online game Fortnite could be taken over without the need for user credentials due to an application vulnerability. [Read More]
In an effort to improve the security of websites, WordPress will display a warning starting in April 2019 when encountering outdated PHP versions. [Read More]
Hackers can abuse legitimate features present in industrial controllers to hijack these devices and gain a foothold in a network, a researcher warns. [Read More]
Oracle has released its first set of security patches for 2019, delivering a total of 284 new security fixes across the company’s product portfolio, 33 which are rated critical. [Read More]
ForeScout researchers create PoC malware that demonstrates how malicious actors could hack smart buildings and building automation systems. [Read More]
The use of old and insecure radio frequency (RF) protocols exposes cranes and other heavy machinery to remote hacker attacks, researchers warn. [Read More]
Pwn2Own 2019 introduces automotive category – researchers can earn up to $300,000 and a Tesla Model 3 if they hack a Tesla. [Read More]
Mozilla will soon disable Adobe Flash by default in Firefox, the first step toward completely removing support for the plugin in the browser. [Read More]
Unpatched vulnerabilities discovered by researchers in IDenticard’s PremiSys building access control system can be exploited to create fake badges, disable door locks, and collect/modify user data. [Read More]
Schneider Electric’s EVlink Parking vehicle charging stations are affected by vulnerabilities that can be exploited for (remote) hacker attacks. [Read More]

FEATURES, INSIGHTS // Vulnerabilities

rss icon

Marc Solomon's picture
Recalculating and reevaluating priorities based on a continuous flow of new data, learnings and your risk profile, helps to ensure you’re staying focused on what matters in a highly dynamic environment.
Josh Lefkowitz's picture
Proper evaluation of business risk requires insight into the likelihood that a vulnerability will be exploited, and if exploited, how that vulnerability could impact the company on a macro level.
Torsten George's picture
Application Programming Interfaces (APIs) provide hackers with multiple venues to access an organization’s data and can even be used to cause massive business disruptions.
Torsten George's picture
Microservices and containers enable faster application delivery and improved IT efficiency. However, the adoption of these technologies has outpaced security.
Oliver Rochford's picture
We can’t rely on our own governments to practice responsible full disclosure. Full Disclosure is compromised. We can’t really blame them. Either everyone discloses, or no-one does.
Ashley Arbuckle's picture
By understanding and easing the cultural shift this entails, you can save time and money and sleep better at night with security occupying a seat at the DevOps table.
Travis Greene's picture
As DevOps and agile development methodologies take greater root in the enterprise, the traditional tools and approaches for eliminating vulnerabilities in code will no longer be able to keep pace.
Dan Cornell's picture
When planning a testing strategy for an application, it is important to evaluate the applicability and likely effectiveness of the various testing approach options.
David Holmes's picture
Several tech vendors have been added to the list of vendors vulnerable to a variation on the Bleichenbacher attack called the ROBOT attack.
Lance Cottrell's picture
Laws to support swift and automatic updates for all devices, and consequence to organizations that fail to ensure their IoT devices are secure, would be a big step forward for IoT security.