Security Experts:

long dotted


Cisco patches high severity vulnerabilities, including privilege escalation and DoS, in email security, NX-OS and collaboration products [Read More]
Researchers earn more than $100,000 from Google for an Android exploit chain that can be used to remotely hack Pixel phones by getting the targeted user to click on a link [Read More]
Cybercriminals are delivering the Zyklon malware, which includes data theft and DDoS attack capabilities, using recently patched Office vulnerabilities [Read More]
Cybercriminals and nation state groups were quick to adopt the most effective exploits last year, a new AlienVault report reveals. [Read More]
Oracle released its Critical Patch Update for January 2018 to deliver 237 security fixes across its product portfolio, with half of the addressed vulnerabilities could be remotely exploited without authentication. [Read More]
ISC patches remotely exploitable BIND vulnerability that is not exploited in attacks, but has caused some DNS servers to crash [Read More]
A newly discovered variant of the Mirai Internet of Things (IoT) botnet is targeting devices with ARC (Argonaut RISC Core) embedded processors, researchers warn. [Read More]
Google researcher finds critical remote code execution vulnerability in Transmission BitTorrent app. An official fix has yet to be released [Read More]
BlackBerry launches Jarvis, a tool that helps companies in the automotive and other sectors scan their code for vulnerabilities and achieve compliance [Read More]
Facebook patches vulnerabilities that could have been exploited to hack accounts via Oculus app [Read More]

FEATURES, INSIGHTS // Vulnerabilities

rss icon

Dan Cornell's picture
When planning a testing strategy for an application, it is important to evaluate the applicability and likely effectiveness of the various testing approach options.
David Holmes's picture
Several tech vendors have been added to the list of vendors vulnerable to a variation on the Bleichenbacher attack called the ROBOT attack.
Lance Cottrell's picture
Laws to support swift and automatic updates for all devices, and consequence to organizations that fail to ensure their IoT devices are secure, would be a big step forward for IoT security.
Jim Ivers's picture
With a software composition analysis (SCA) tool in place, security teams can quickly scan an information repository and know where vulnerable software is being used.
David Holmes's picture
The "Reaper" IoT botnet is holding itself up as a blinky light in front of our faces, reminding the InfoSec community that we really need to get ahead of IoT madness.
Torsten George's picture
We need to consider whether traditional approaches to vulnerability management are still viable and if just upgrading existing methods or tools is sufficient.
Jalal Bouhdada's picture
Vendors, practitioners and security experts must all work closely together to combat the well-funded actors who pose a threat to medical devices.
Jim Ivers's picture
Why are even the most security-conscious organizations being compromised, and what does it mean for everyone else?
David Holmes's picture
DUHK and ROCA are both implementation-specific vulnerabilities concerning one of my favorite topics, random number generators.
Torsten George's picture
The end user community is at the mercy of security researchers to act responsibly in order to limit the potential for their findings to be used for malicious purposes.