Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Researchers determined that 24 security advisories for Apache Struts contained incorrect information on which versions were impacted by a vulnerability. [Read More]
The latest update released by Mozilla for Firefox patches a vulnerability that can be exploited to bypass the master password of the built-in password manager and obtain stored passwords. [Read More]
Intel patches high-severity vulnerabilities that can be exploited for privilege escalation, denial-of-service (DoS), and information disclosure in NUC firmware and a couple of tools. [Read More]
Kaspersky has made some changes to the way its products check web pages for malicious activity after a researcher raised privacy concerns. [Read More]
DLL hijacking vulnerabilities that can be exploited for whitelisting bypass, persistence and privilege escalation have been patched in Trend Micro Password Manager. [Read More]
Key negotiation attack (KNBO) gives attackers the ability to decrypt all of the traffic between vulnerable Bluetooth devices during a session. [Read More]
SAP on Tuesday patched three critical (Hot News) vulnerabilities in its products, the highest number of critical flaws fixed on the same day since 2014. [Read More]
British Airways (BA) has been criticized for allowing hackers easy access to customer flight information via a vulnerability affecting its e-ticketing system. [Read More]
Microsoft alerts users that its latest security updates patch more BlueKeep-like, wormable vulnerabilities affecting Remote Desktop Services. [Read More]
Researchers at Google and Netflix discover 8 DoS vulnerabilities affecting various HTTP/2 implementations, including from Amazon, Apple, Facebook and Microsoft. [Read More]

FEATURES, INSIGHTS // Vulnerabilities

rss icon

Gunter Ollmann's picture
In a world of over-hyped bugs, stunt hacking, and branded vulnerability disclosures, my advice to CISOs is to make security lemonade by finding practical next steps to take.
Josh Lefkowitz's picture
Regardless of which framework you use, it’s crucial to operationalize it in the context of your organization’s unique environment and risk factors.
Marc Solomon's picture
Recalculating and reevaluating priorities based on a continuous flow of new data, learnings and your risk profile, helps to ensure you’re staying focused on what matters in a highly dynamic environment.
Josh Lefkowitz's picture
Proper evaluation of business risk requires insight into the likelihood that a vulnerability will be exploited, and if exploited, how that vulnerability could impact the company on a macro level.
Torsten George's picture
Application Programming Interfaces (APIs) provide hackers with multiple venues to access an organization’s data and can even be used to cause massive business disruptions.
Torsten George's picture
Microservices and containers enable faster application delivery and improved IT efficiency. However, the adoption of these technologies has outpaced security.
Oliver Rochford's picture
We can’t rely on our own governments to practice responsible full disclosure. Full Disclosure is compromised. We can’t really blame them. Either everyone discloses, or no-one does.
Ashley Arbuckle's picture
By understanding and easing the cultural shift this entails, you can save time and money and sleep better at night with security occupying a seat at the DevOps table.
Travis Greene's picture
As DevOps and agile development methodologies take greater root in the enterprise, the traditional tools and approaches for eliminating vulnerabilities in code will no longer be able to keep pace.
Dan Cornell's picture
When planning a testing strategy for an application, it is important to evaluate the applicability and likely effectiveness of the various testing approach options.