Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

An attacker able to successfully exploit the bug could execute code remotely on a vulnerable device. [Read More]
The new Unc0ver jailbreak, which works on a vast majority of iPhones, leverages a vulnerability that Apple said had been exploited before it released a patch in January. [Read More]
Threat intelligence vendor Recorded Future is reporting a wave of targeted attacks against power plants, electricity distribution centers and seaports in India. [Read More]
A critical vulnerability discovered in a firewall appliance made by Genua could be very useful to threat actors once they’ve gained access to an organization’s network. [Read More]
A critical authentication bypass vulnerability can be exploited by hackers to remotely compromise Rockwell controllers. [Read More]
NEWS ANALYSIS: Armorblox raises $30 million and joins a growing list of well-heeled startups taking a stab addressing one of cybersecurity’s most difficult problems: keeping malicious hackers out of corporate mailboxes. [Read More]
The security bugs could be exploited by unauthenticated, remote attackers to bypass protections, access device information, or modify files with root privileges. [Read More]
Full-time Linux kernel maintainers Gustavo Silva and Nathan Chancellor to focus on improving security. [Read More]
Hackers have already started scanning the web for VMware vCenter Server instances affected by a recently patched vulnerability. [Read More]
Google Project Zero has disclosed the details and released a PoC exploit for a serious Windows vulnerability that can be exploited for remote code execution. [Read More]

FEATURES, INSIGHTS // Vulnerabilities

rss icon

Josh Lefkowitz's picture
Proper evaluation of business risk requires insight into the likelihood that a vulnerability will be exploited, and if exploited, how that vulnerability could impact the company on a macro level.
Torsten George's picture
Application Programming Interfaces (APIs) provide hackers with multiple venues to access an organization’s data and can even be used to cause massive business disruptions.
Torsten George's picture
Microservices and containers enable faster application delivery and improved IT efficiency. However, the adoption of these technologies has outpaced security.
Oliver Rochford's picture
We can’t rely on our own governments to practice responsible full disclosure. Full Disclosure is compromised. We can’t really blame them. Either everyone discloses, or no-one does.
Ashley Arbuckle's picture
By understanding and easing the cultural shift this entails, you can save time and money and sleep better at night with security occupying a seat at the DevOps table.
Travis Greene's picture
As DevOps and agile development methodologies take greater root in the enterprise, the traditional tools and approaches for eliminating vulnerabilities in code will no longer be able to keep pace.
Dan Cornell's picture
When planning a testing strategy for an application, it is important to evaluate the applicability and likely effectiveness of the various testing approach options.
David Holmes's picture
Several tech vendors have been added to the list of vendors vulnerable to a variation on the Bleichenbacher attack called the ROBOT attack.
Lance Cottrell's picture
Laws to support swift and automatic updates for all devices, and consequence to organizations that fail to ensure their IoT devices are secure, would be a big step forward for IoT security.
Jim Ivers's picture
With a software composition analysis (SCA) tool in place, security teams can quickly scan an information repository and know where vulnerable software is being used.