Google discloses Microsoft Edge security flaw before it could be fixed

Google seems to be gunning for Microsoft again by going public with a vulnerability in Microsoft Edge before Microsoft could develop a patch. The flaw affects Microsoft’s Arbitrary Code Guard (ACG), which Microsoft described a year ago in a post about major security improvements released in the Creators Update of Windows 10. To mitigate arbitrary native code […]

Lawsuits threaten infosec research — just when we need it most

This year, two security reporters and one researcher will fight for their professional lives in court. Steve Ragan, senior staff writer at tech news site CSO, and Dan Goodin, security editor at Ars Technica, were last year named defendants in two separate lawsuits. The cases are different, but they have a common theme: they are being sued […]

The four myths hampering cybersecurity maturity

We’ve seen tremendous advances in technology over the last 15 years or so, but security continues to struggle as much today as it did a decade ago. According to Scott M. Kannry, CEO at Axio, a large part of the problem is that security professionals and their leaders have bought into myths that hamper their […]

Still relying solely on CVE and NVD for vulnerability tracking? Bad idea

2017 broke the previous all-time record for the highest number of reported vulnerabilities. The 20,832 vulnerabilities cataloged during 2017 by Risk Based Security (VulnDB) eclipsed the total covered by MITRE’s Common Vulnerability Enumeration (CVE) and the National Vulnerability Database (NVD) by more than 7,900. “Incredibly, we see too many companies still relying on CVE and […]

Meltdown-Spectre flaws: We’ve found new attack variants, say researchers

Researchers have developed a tool to uncover new ways of attacking the Meltdown and Spectre CPU side-channel flaws, which may force chipmakers like Intel to re-examine already difficult hardware mitigations. The tool allowed the researchers to synthesize a software-attack based on a description of a CPU’s microarchitecture and an execution pattern that could be attacked. […]

Discover hidden cybersecurity talent to solve your hiring crisis

Not having access to technical talent is a common complaint in the cybersecurity world. Folks with security experience on their resumes are in such high demand, CISOs need to hunt beyond the fields we know. CISOs need to embrace diversity not only of bodies but of talents and experiences. They can start by focusing on acquiring […]

7 steps security leaders can take to deal with Spectre and Meltdown

Security and risk management leaders must take a pragmatic and risk-based approach to the ongoing threats posed by an entirely new class of vulnerabilities, according to Gartner. Spectre and Meltdown are the code names given to different strains of a new class of attacks that target an underlying exploitable design implementation inside the majority of computer […]

7 threat modeling mistakes you’re probably making

The Open Web Application Security Project (OWASP) describes threat modeling as a structured approach for identifying, quantifying and addressing the security risks associated with an application. It essentially involves thinking strategically about threats when building or deploying a system so proper controls for preventing or mitigating threats can be implemented earlier in the application lifecycle. Threat modeling […]

3 Tips to Keep Cybersecurity Front & Center

For IT departments — especially in large organizations — daily operations are complex, multifaceted, and often overwhelming. With so many different demands requiring attention, cybersecurity easily gets lost in the shuffle, particularly when it’s perceived to create more work or extra steps. But in today’s risk environment, keeping cybersecurity front and center is not a […]

Windows 10 Critical Vulnerability Reports Grew 64% in 2017

The number of critical vulnerabilities reported for Windows 10 increased 64% between 2016 and 2017. In total, 587 vulnerabilities were reported across Windows Vista, Windows 7, Windows 8.1/RT 8.1, and Windows 10 over the course of last year. Researchers at Avecto analyzed data issued by Microsoft via the Security Update Guide throughout 2017. The guide […]