Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Nearly 20 vulnerabilities have been found by researchers in Oracle’s Java Card technology, which is used for smart cards and SIMs. Oracle says the technology is deployed on nearly six billion devices each year. [Read More]
A serious DoS vulnerability has been found in Schneider Electric’s Triconex TriStation Emulator software. No patch is available, but the vendor says it does not pose a risk to operating safety controllers. [Read More]
Apple Safari, Oracle VirtualBox and VMware Workstation were hacked on the first day of the Pwn2Own 2019 hacking competition, earning researchers a total of $240,000 in cash. [Read More]
Firefox 66 includes support for Windows Hello for Web Authentication on Windows 10, and brings patches for 21 vulnerabilities. [Read More]
Vulnerabilities recently addressed by CUJO AI in the CUJO Smart Firewall could be exploited to take over the device, Cisco Talos security researchers reveal. [Read More]
Security researchers found that SoftNAS Cloud Enterprise customers with openly exposed SoftNAS StorageCenter ports directly to the internet are vulnerable to an authenticated bypass. [Read More]
A vulnerability in Ghidra, the generic disassembler and decompiler released by the National Security Agency (NSA) in early March, could be exploited to execute code remotely, researchers say. [Read More]
Google has patched a vulnerability in its Photos service that could have been exploited via browser-based timing attacks to track users. [Read More]
Eight of the top ten most exploited vulnerabilities in 2018 affected Microsoft products, according Recorded Future's Cyber Threat Analysis. [Read More]
A security researcher working with Google Project Zero has discovered a novel bug class that impacts Windows and some of its drivers. [Read More]

FEATURES, INSIGHTS // Vulnerabilities

rss icon

Marc Solomon's picture
Recalculating and reevaluating priorities based on a continuous flow of new data, learnings and your risk profile, helps to ensure you’re staying focused on what matters in a highly dynamic environment.
Josh Lefkowitz's picture
Proper evaluation of business risk requires insight into the likelihood that a vulnerability will be exploited, and if exploited, how that vulnerability could impact the company on a macro level.
Torsten George's picture
Application Programming Interfaces (APIs) provide hackers with multiple venues to access an organization’s data and can even be used to cause massive business disruptions.
Torsten George's picture
Microservices and containers enable faster application delivery and improved IT efficiency. However, the adoption of these technologies has outpaced security.
Oliver Rochford's picture
We can’t rely on our own governments to practice responsible full disclosure. Full Disclosure is compromised. We can’t really blame them. Either everyone discloses, or no-one does.
Ashley Arbuckle's picture
By understanding and easing the cultural shift this entails, you can save time and money and sleep better at night with security occupying a seat at the DevOps table.
Travis Greene's picture
As DevOps and agile development methodologies take greater root in the enterprise, the traditional tools and approaches for eliminating vulnerabilities in code will no longer be able to keep pace.
Dan Cornell's picture
When planning a testing strategy for an application, it is important to evaluate the applicability and likely effectiveness of the various testing approach options.
David Holmes's picture
Several tech vendors have been added to the list of vendors vulnerable to a variation on the Bleichenbacher attack called the ROBOT attack.
Lance Cottrell's picture
Laws to support swift and automatic updates for all devices, and consequence to organizations that fail to ensure their IoT devices are secure, would be a big step forward for IoT security.