Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Atlassian launches Bugcrowd-based public bug bounty program with rewards of up to $3,000 per vulnerability [Read More]
Boundary protection weaknesses remain the most prevalent in critical infrastructure sectors, according to assessments conducted in 2016 by ICS-CERT [Read More]
An old Kerberos authentication bypass vulnerability dubbed Orpheus' Lyre has been patched in Windows and some Linux distributions [Read More]
A purveyor of static code analysis wished to pitch his product to Samsung. What better way, he thought, than to run his product against the Samsung Tizen operating system, and demonstrate the results. [Read More]
More 50,000 computers vulnerable to the NSA-linked EternalBlue exploit were found by a free vulnerability scanner in recent weeks. [Read More]
Trend Micro patches several vulnerabilities that can lead to arbitrary command execution in its Deep Discovery Director product [Read More]
WhiteHat Security’s latest annual report shows that organizations have improved their security posture, but only slightly [Read More]
Microsoft patched a vulnerability (CVE-2017-856) where the Lightweight Directory Access Protocol (LDAP) wasn’t protected from Microsoft NT LAN Manager (NTLM) relay. [Read More]
HPE warns of security bypass, information disclosure, remote code execution, XSS and URL redirection vulnerabilities in several products [Read More]
Microsoft patches more than 50 vulnerabilities in Windows, IE, Edge, Office, Sharepoint, .NET, Exchange and even HoloLens [Read More]

FEATURES, INSIGHTS // Vulnerabilities

rss icon

Dan Cornell's picture
Gaining an understanding of the tools that development teams use provides security teams with valuable insight into how developers work, how they make decisions, and the incentives that drive them.
Jim Ivers's picture
Enlightened toy manufacturers likely begin to embrace the basic concepts of IoT security and build connected toys that can be trusted by parents.
Jim Ivers's picture
Enabling developers through the right mix of tools and education just makes too much sense and generates too much value for all concerned.
Adam Meyer's picture
Cyber threat intelligence is showing us is that most threats simply exploit a series of well-documented vulnerabilities and other weak points to move along the path of least resistance – and the most profit.
Josh Lefkowitz's picture
Not adhering to responsible disclosure has the potential to amplify the threats posed by certain vulnerabilities and incidents.
Jim Ivers's picture
Many of you understand that addressing the vulnerabilities in your software is something you can no longer ignore, and are ready to get serious about software security.
Jim Ivers's picture
If your target is a connected toy, there is a new angle to consider: how secure is that toy? Is the connectivity of the toy potentially exposing personal data about your child?
David Holmes's picture
Many can figure out how to hack Smart-city services using simple techniques like replay to get free services or, in some cases, make a little bit of money.
Torsten George's picture
Faced with hundreds, thousands, and even hundreds of thousands of vulnerabilities across their IT infrastructures leaves security practitioners at a virtually insurmountable disadvantage.
Jim Ivers's picture
As with any business relationship, you should use software or open source components from your allies with your eyes open to the potential risks.