Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Facebook has partially restored the View As feature abused by hackers last year in a massive data breach that affected 29 million accounts. [Read More]
Google Project Zero has started tracking zero-day vulnerabilities exploited in the wild. A spreadsheet currently lists over 100 flaws seen since 2014. [Read More]
Microsoft's Attack Surface Analyzer 2.0 helps developers identify potential security risks that changes to the operating system’s security configuration may introduce. [Read More]
Google is offering to replace Bluetooth Titan Security Keys for free after researchers at Microsoft discovered a misconfiguration that can be exploited to attack the devices. [Read More]
SAP released of 8 Security Notes as part of its SAP Security Patch Day for May 2019, which also included 5 updates to previously released Notes. [Read More]
New Intel CPU vulnerabilities known as MDS, ZombieLoad, Fallout and RIDL impact millions of devices. Affected vendors published advisories and blog posts with information for users. [Read More]
Microsoft patches nearly 80 vulnerabilities with its May 2019 Patch Tuesday updates, including a zero-day and a wormable RDS flaw that can be exploited for WannaCry-like attacks. [Read More]
ZombieLoad, RIDL and Fallout: Intel processors are vulnerable to more speculative execution side-channel attacks that can allow malware to obtain sensitive data. [Read More]
Twitter warned that a bug in Twitter for iOS led to the company inadvertently collecting location data and sharing it with a third-party. [Read More]
Adobe patches a critical vulnerability in Flash Player and over 80 flaws in its Acrobat products. [Read More]

FEATURES, INSIGHTS // Vulnerabilities

rss icon

Marc Solomon's picture
Recalculating and reevaluating priorities based on a continuous flow of new data, learnings and your risk profile, helps to ensure you’re staying focused on what matters in a highly dynamic environment.
Josh Lefkowitz's picture
Proper evaluation of business risk requires insight into the likelihood that a vulnerability will be exploited, and if exploited, how that vulnerability could impact the company on a macro level.
Torsten George's picture
Application Programming Interfaces (APIs) provide hackers with multiple venues to access an organization’s data and can even be used to cause massive business disruptions.
Torsten George's picture
Microservices and containers enable faster application delivery and improved IT efficiency. However, the adoption of these technologies has outpaced security.
Oliver Rochford's picture
We can’t rely on our own governments to practice responsible full disclosure. Full Disclosure is compromised. We can’t really blame them. Either everyone discloses, or no-one does.
Ashley Arbuckle's picture
By understanding and easing the cultural shift this entails, you can save time and money and sleep better at night with security occupying a seat at the DevOps table.
Travis Greene's picture
As DevOps and agile development methodologies take greater root in the enterprise, the traditional tools and approaches for eliminating vulnerabilities in code will no longer be able to keep pace.
Dan Cornell's picture
When planning a testing strategy for an application, it is important to evaluate the applicability and likely effectiveness of the various testing approach options.
David Holmes's picture
Several tech vendors have been added to the list of vendors vulnerable to a variation on the Bleichenbacher attack called the ROBOT attack.
Lance Cottrell's picture
Laws to support swift and automatic updates for all devices, and consequence to organizations that fail to ensure their IoT devices are secure, would be a big step forward for IoT security.