Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Hackers could deliver malware to a macOS system using an Office document containing macro code, simply by getting the victim to open the document. [Read More]
Vulnerabilities found in protocol gateway devices can allow hackers targeting industrial systems to launch stealthy attacks. [Read More]
Researchers analyzed DJI’s Pilot app for Android and found some security issues, but the Chinese drone giant says the claims are “misleading.” [Read More]
Google has patched over 50 vulnerabilities in the Android operating system with the August 2020 security updates. [Read More]
Microsoft says it has paid out nearly $14 million through its bug bounty programs in the past year, with the highest rewards paid out for Hyper-V vulnerabilities. [Read More]
Researchers have developed a worm to demonstrate that design flaws and vulnerabilities in legacy programming languages can be leveraged by malicious actors to attack industrial robots. [Read More]
High-severity vulnerabilities found in Mitsubishi Electric factory automation products can be exploited to remotely attack industrial organizations. [Read More]
Google Project Zero has released a report on the zero-day vulnerabilities exploited in attacks in 2019. [Read More]
A Florida teen hacked the Twitter accounts of prominent politicians, celebrities and technology moguls to scam people around globe out of more than $100,000 in Bitcoin, authorities said Friday. [Read More]
The patches released by Linux distributions for the GRUB2 vulnerability dubbed BootHole (CVE-2020-10713) are causing many systems to become unbootable. [Read More]

FEATURES, INSIGHTS // Vulnerabilities

rss icon

Torsten George's picture
Application Programming Interfaces (APIs) provide hackers with multiple venues to access an organization’s data and can even be used to cause massive business disruptions.
Torsten George's picture
Microservices and containers enable faster application delivery and improved IT efficiency. However, the adoption of these technologies has outpaced security.
Oliver Rochford's picture
We can’t rely on our own governments to practice responsible full disclosure. Full Disclosure is compromised. We can’t really blame them. Either everyone discloses, or no-one does.
Ashley Arbuckle's picture
By understanding and easing the cultural shift this entails, you can save time and money and sleep better at night with security occupying a seat at the DevOps table.
Travis Greene's picture
As DevOps and agile development methodologies take greater root in the enterprise, the traditional tools and approaches for eliminating vulnerabilities in code will no longer be able to keep pace.
Dan Cornell's picture
When planning a testing strategy for an application, it is important to evaluate the applicability and likely effectiveness of the various testing approach options.
David Holmes's picture
Several tech vendors have been added to the list of vendors vulnerable to a variation on the Bleichenbacher attack called the ROBOT attack.
Lance Cottrell's picture
Laws to support swift and automatic updates for all devices, and consequence to organizations that fail to ensure their IoT devices are secure, would be a big step forward for IoT security.
Jim Ivers's picture
With a software composition analysis (SCA) tool in place, security teams can quickly scan an information repository and know where vulnerable software is being used.
David Holmes's picture
The "Reaper" IoT botnet is holding itself up as a blinky light in front of our faces, reminding the InfoSec community that we really need to get ahead of IoT madness.