Security Experts:

WRITE FOR US

LATEST SECURITY NEWS HEADLINES

rss icon

Internet-Exposed Sphinx Servers at Risk of Attacks
Attacking Tor: What it Takes to Disrupt the Popular Onion Routing Network
Romania Mulls Excluding Huawei From its 5G Network
Facebook Announces 2019 Internet Defense Prize Winners
Chinese Cyber-Spies Target US-Based Research University
long dotted

NEWS & INDUSTRY UPDATES

Many Apache Struts Security Advisories Updated Following Review
Researchers determined that 24 security advisories for Apache Struts contained incorrect information on which versions were impacted by a vulnerability. [Read More]
Vulnerability Patched in Firefox Password Manager
The latest update released by Mozilla for Firefox patches a vulnerability that can be exploited to bypass the master password of the built-in password manager and obtain stored passwords. [Read More]
Intel Patches High-Severity Flaws in Tools, NUC Firmware
Intel patches high-severity vulnerabilities that can be exploited for privilege escalation, denial-of-service (DoS), and information disclosure in NUC firmware and a couple of tools. [Read More]
Kaspersky Makes Changes After Products Raise Privacy Concerns
Kaspersky has made some changes to the way its products check web pages for malicious activity after a researcher raised privacy concerns. [Read More]
DLL Hijacking Flaws Patched in Trend Micro Password Manager
DLL hijacking vulnerabilities that can be exploited for whitelisting bypass, persistence and privilege escalation have been patched in Trend Micro Password Manager. [Read More]
New Bluetooth Vulnerability Allows Attackers to Intercept Traffic
Key negotiation attack (KNBO) gives attackers the ability to decrypt all of the traffic between vulnerable Bluetooth devices during a session. [Read More]
SAP Patches Highest Number of Critical Flaws Since 2014
SAP on Tuesday patched three critical (Hot News) vulnerabilities in its products, the highest number of critical flaws fixed on the same day since 2014. [Read More]
British Airways Criticized for Exposing Passenger Flight Details
British Airways (BA) has been criticized for allowing hackers easy access to customer flight information via a vulnerability affecting its e-ticketing system. [Read More]
Microsoft Warns of New BlueKeep-Like, Wormable RDS Vulnerabilities
Microsoft alerts users that its latest security updates patch more BlueKeep-like, wormable vulnerabilities affecting Remote Desktop Services. [Read More]
HTTP/2 Implementation Vulnerabilities Expose Servers to DoS Attacks
Researchers at Google and Netflix discover 8 DoS vulnerabilities affecting various HTTP/2 implementations, including from Amazon, Apple, Facebook and Microsoft. [Read More]

FEATURES, INSIGHTS // Vulnerabilities

rss icon

Gunter Ollmann's picture
Harnessing Stunt Hacking for Enterprise Defense
Gunter Ollmann - Vulnerabilities
In a world of over-hyped bugs, stunt hacking, and branded vulnerability disclosures, my advice to CISOs is to make security lemonade by finding practical next steps to take.
Read full story
Josh Lefkowitz's picture
Risk-Based Vulnerability Management is a Must for Security & Compliance
Josh Lefkowitz - Compliance
Regardless of which framework you use, it’s crucial to operationalize it in the context of your organization’s unique environment and risk factors.
Read full story
Marc Solomon's picture
Industry Sharing Feeds, A Step in the Right Direction but Not Enough
Marc Solomon - Vulnerabilities
Recalculating and reevaluating priorities based on a continuous flow of new data, learnings and your risk profile, helps to ensure you’re staying focused on what matters in a highly dynamic environment.
Read full story
Josh Lefkowitz's picture
For Effective Patch Management, Don’t Overlook Risk
Josh Lefkowitz - Risk Management
Proper evaluation of business risk requires insight into the likelihood that a vulnerability will be exploited, and if exploited, how that vulnerability could impact the company on a macro level.
Read full story
Torsten George's picture
The Next Big Cyber-Attack Vector: APIs
Torsten George - Vulnerabilities
Application Programming Interfaces (APIs) provide hackers with multiple venues to access an organization’s data and can even be used to cause massive business disruptions.
Read full story
Torsten George's picture
Best Practices in Securing DevOps
Torsten George - Vulnerabilities
Microservices and containers enable faster application delivery and improved IT efficiency. However, the adoption of these technologies has outpaced security.
Read full story
Oliver Rochford's picture
Cyber War and the Compromise of Reliable Full Disclosure
Oliver Rochford - Vulnerabilities
We can’t rely on our own governments to practice responsible full disclosure. Full Disclosure is compromised. We can’t really blame them. Either everyone discloses, or no-one does.
Read full story
Ashley Arbuckle's picture
Embracing the Cultural Shift that Comes with Secure DevOps
Ashley Arbuckle - Vulnerabilities
By understanding and easing the cultural shift this entails, you can save time and money and sleep better at night with security occupying a seat at the DevOps table.
Read full story
Travis Greene's picture
Security and DevOps - What We Learned at DOES17
Travis Greene - Vulnerabilities
As DevOps and agile development methodologies take greater root in the enterprise, the traditional tools and approaches for eliminating vulnerabilities in code will no longer be able to keep pace.
Read full story
Dan Cornell's picture
Common Approaches to Automated Application Security Testing - SAST and DAST
Dan Cornell - Vulnerabilities
When planning a testing strategy for an application, it is important to evaluate the applicability and likely effectiveness of the various testing approach options.
Read full story