Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Trend Micro patches several vulnerabilities, including ones rated critical and high severity, in Mobile Security for Enterprise [Read More]
Microsoft has announced an extension to its Microsoft Office Bounty Program, which is now set to run until December 31, 2017. [Read More]
Equifax shares more details about the breach and how it was discovered by the company [Read More]
VMware patches critical SVGA code execution flaw and other vulnerabilities in ESXi, vCenter Server, Workstation and Fusion [Read More]
Magento has released updates for its eCommerce platforms to address numerous vulnerabilities, including a remote code execution bug rated Critical severity. [Read More]
Apple's new Secure Kernel Extension Loading (SKEL) security feature, set to be implemented in the upcoming macOS 10.13 High Sierra, is trivial to bypass, a security researcher claims. [Read More]
Equifax confirms that an Apache Struts vulnerability exploited in the wild since March has been used to breach its systems [Read More]
Zerodium is offering a total of $1 million for Tor Browser zero-day exploits that it will sell to governments [Read More]
SEC Consult discloses details of several vulnerabilities affecting IBM InfoSphere DataStage and Information Server [Read More]
SAP on Tuesday released 16 security notes as part of its SAP Security Patch Day, to which it also added 1 out-of-band release and 6 updates to previously released Security Notes, for a total of 23 Notes. [Read More]

FEATURES, INSIGHTS // Vulnerabilities

rss icon

Jennifer Blatnik's picture
If the WannaCry incident taught us anything, it’s that global, widespread ransomware can and will impact organizations without any notice. The time to prepare is now.
Torsten George's picture
Hackers are exploiting known vulnerabilities and are betting on the fact that organizations don’t know how to fix what really matters.
Jim Ivers's picture
With the advent of connected devices, privacy and security have become tightly linked because theft of private data is often the goal of malicious attacks.
Jim Ivers's picture
If we agree that quality and security problems are both a form of defect, then we must sufficiently address both to produce software of the highest integrity.
Adam Meyer's picture
As with anything new, you need to prepare and plan for IoT devices being in your environment to maximize the value they provide, while minimizing the inherent risk of these network-enabled devices.
Dan Cornell's picture
Gaining an understanding of the tools that development teams use provides security teams with valuable insight into how developers work, how they make decisions, and the incentives that drive them.
Jim Ivers's picture
Enlightened toy manufacturers likely begin to embrace the basic concepts of IoT security and build connected toys that can be trusted by parents.
Jim Ivers's picture
Enabling developers through the right mix of tools and education just makes too much sense and generates too much value for all concerned.
Adam Meyer's picture
Cyber threat intelligence is showing us is that most threats simply exploit a series of well-documented vulnerabilities and other weak points to move along the path of least resistance – and the most profit.
Josh Lefkowitz's picture
Not adhering to responsible disclosure has the potential to amplify the threats posed by certain vulnerabilities and incidents.