The new Unc0ver jailbreak, which works on a vast majority of iPhones, leverages a vulnerability that Apple said had been exploited before it released a patch in January. [Read More]
Threat intelligence vendor Recorded Future is reporting a wave of targeted attacks against power plants, electricity distribution centers and seaports in India. [Read More]
A critical vulnerability discovered in a firewall appliance made by Genua could be very useful to threat actors once they’ve gained access to an organization’s network. [Read More]
NEWS ANALYSIS: Armorblox raises $30 million and joins a growing list of well-heeled startups taking a stab addressing one of cybersecurity’s most difficult problems: keeping malicious hackers out of corporate mailboxes. [Read More]
The security bugs could be exploited by unauthenticated, remote attackers to bypass protections, access device information, or modify files with root privileges. [Read More]
Google Project Zero has disclosed the details and released a PoC exploit for a serious Windows vulnerability that can be exploited for remote code execution. [Read More]
Proper evaluation of business risk requires insight into the likelihood that a vulnerability will be exploited, and if exploited, how that vulnerability could impact the company on a macro level.
Application Programming Interfaces (APIs) provide hackers with multiple venues to access an organization’s data and can even be used to cause massive business disruptions.
Microservices and containers enable faster application delivery and improved IT efficiency. However, the adoption of these technologies has outpaced security.
We can’t rely on our own governments to practice responsible full disclosure. Full Disclosure is compromised. We can’t really blame them. Either everyone discloses, or no-one does.
By understanding and easing the cultural shift this entails, you can save time and money and sleep better at night with security occupying a seat at the DevOps table.
As DevOps and agile development methodologies take greater root in the enterprise, the traditional tools and approaches for eliminating vulnerabilities in code will no longer be able to keep pace.
When planning a testing strategy for an application, it is important to evaluate the applicability and likely effectiveness of the various testing approach options.
Laws to support swift and automatic updates for all devices, and consequence to organizations that fail to ensure their IoT devices are secure, would be a big step forward for IoT security.
With a software composition analysis (SCA) tool in place, security teams can quickly scan an information repository and know where vulnerable software is being used.