Security Experts:

Virus & Threats
long dotted

NEWS & INDUSTRY UPDATES

Researchers disclose RAMBleed, a new type of side-channel attack on DRAM that can be used to obtain potentially sensitive data, such as a 2048-bit RSA key, from a device’s memory. [Read More]
Microsoft wants to make its Windows platform passwordless and the latest Windows 10 release marks one step closer to that goal. [Read More]
Adobe patches critical arbitrary code execution vulnerabilities in Flash Player, ColdFusion and Campaign. [Read More]
A critical vulnerability has been found in oil tank monitoring devices from Tecson, but the vendor has released a patch and notes that there are less than 1,000 devices that could be affected. [Read More]
A vulnerability (CVE-2019-2725) in Oracle WebLogic is being exploited in attacks aimed at installing crypto-miners on vulnerable machines. [Read More]
VMware patches high-severity vulnerabilities in Tools and Workstation. Exploitation of the flaws can lead to kernel information leakage, DoS, and arbitrary code execution. [Read More]
macOS 10.15 Catalina brings several security-related improvements, including an enhanced Gatekeeper, a dedicated read-only volume for the OS, data protections, and support for Activation Lock. [Read More]
Elastic (NYSE: ESTC), the publicly traded company behind Elasticsearch and the Elastic Stack, has agreed to acquire endpoint security firm Endgame in a $234 million deal. [Read More]
Cisco has found several vulnerabilities, including one code execution flaw, in its Industrial Network Director product. [Read More]
Critical vulnerabilities have been found in the Ukrainian IPTV video streaming platform Ministra, which uses Infomir-manufactured set top boxes (STBs) to transmit streaming content from the platform to end users' televisions. [Read More]

FEATURES, INSIGHTS // Virus & Threats

rss icon

David Holmes's picture
Several tech vendors have been added to the list of vendors vulnerable to a variation on the Bleichenbacher attack called the ROBOT attack.
Lance Cottrell's picture
Laws to support swift and automatic updates for all devices, and consequence to organizations that fail to ensure their IoT devices are secure, would be a big step forward for IoT security.
Jim Ivers's picture
With a software composition analysis (SCA) tool in place, security teams can quickly scan an information repository and know where vulnerable software is being used.
David Holmes's picture
The "Reaper" IoT botnet is holding itself up as a blinky light in front of our faces, reminding the InfoSec community that we really need to get ahead of IoT madness.
Jack Danahy's picture
With all of our collective focus on machine learning, we simply can’t overlook human learning’s critical role in guarding against attack and protecting the organization.
Torsten George's picture
We need to consider whether traditional approaches to vulnerability management are still viable and if just upgrading existing methods or tools is sufficient.
Jalal Bouhdada's picture
Vendors, practitioners and security experts must all work closely together to combat the well-funded actors who pose a threat to medical devices.
Jim Ivers's picture
Why are even the most security-conscious organizations being compromised, and what does it mean for everyone else?
David Holmes's picture
DUHK and ROCA are both implementation-specific vulnerabilities concerning one of my favorite topics, random number generators.
Torsten George's picture
The end user community is at the mercy of security researchers to act responsibly in order to limit the potential for their findings to be used for malicious purposes.