Data breaches and cyber-attacks are often caused by failing to patch known (and fixable) vulnerabilities

Data breaches were rarely out of the news last year, with the likes of VTech, OPM, Experian/T-Mobile, Ashley Madison and even Hello Kitty all admitting to data leaks. Read why data breaches and cyber attacks often occur by companies failing to patch known (and fixable) vulnerabilities on Beta News.

Vulnerability Management Program Best Practices – Part 1

An enterprise vulnerability management program can reach its full potential when it is built on well-established foundational goals that address the information needs of all stakeholders, its output is tied back to the goals of the enterprise, and there is a reduction in the overall risk of the organization. Read more about the vulnerability management […]

Security Slice: Cloudy with a Chance of Patching

FireEye recently discovered a massive spear-phishing malware campaign targeting journalists in Hong Kong. The attack appeared to be state-sponsored, and hid a command and control server in their victim’s Dropbox account. As is often the case, the attack could have been circumvented by installing a few simple patches. Read/hear the security slice podcast by Craig […]

Many embedded devices ship without adequate security tests, analysis shows

An analysis of hundreds of publicly available firmware images for routers, DSL modems, VoIP phones, IP cameras and other embedded devices uncovered high-risk vulnerabilities in a significant number of them, pointing to poor security testing by manufacturers. The study was performed by researchers from the Eurecom research center in France and Ruhr-University Bochum in Germany, […]

As more devices go online, hackers hunt for vulnerabilities

Read why Ian Duncan says that as more and more devices go online, hackers will hunt for new vulnerabilities on Baltimore Sun : The hack was simple. Terry Dunlap tapped out a few commands on his laptop and within seconds a message popped on the screen: “Done!” With a few more keystrokes, he could see what […]

Unpatched software vulnerabilities continue to plague businesses

Cybersecurity firm F-Secure says over 70 per cent of businesses continue to leave themselves open to attacks by failing to update their software. The finding is surprising given the availability of security solutions that can help businesses control and manage software updating within their companies. A recent alert from the United States Computer Emergency Readiness […]

Stack Ranking the SSL Vulnerabilities for the Enterprise

Read David Holmes rank the SSL vulnerabilities for enterprises on Security Week : This week’s cute OpenSSL vulnerability is CVE-2015-1793. This little one-line OpenSSL bug could allow an attacker who has a legitimate end-leaf certificate to circumvent the OpenSSL code that validates the certificate’s purpose. The attacker could then, in theory, sign other leaf certificates and […]

The Top Five Cyber Security Vulnerabilities

In the last weeks, the hack of the Federal Office of Personnel Management (OPM), apparently tied to Chinese sponsored hackers, raised the discussion about the potential catastrophic damage caused by the exploitation of a cyber-security vulnerability. Part of the cyber-security community has considered this last incident the equivalent of a cyber-9/11. Read the top five […]

Hundreds Of Wind Turbines And Solar Systems Wide Open To Easy Exploits

Maxim Rupp has been popular with the US government lately, though he’s often the bearer of bad news. The German researcher has pointed out numerous glaring flaws in clean energy systems, from wind turbines to solar lighting, that could be hacked to turn off supplies in countries across the world. They are serious vulnerabilities, ones […]

Report Finds Organizations Overlook Known Security Vulnerabilities

NopSec, a provider of precision threat prediction and remediation solutions, today released a new report, “2015 State of Vulnerability Risk Management.” The report reveals key security vulnerability issues historically and by industry, analyzes cross-industry remediation developments and highlights the effect social media has on the risk associated with security vulnerabilities. Read the NopSec’s 2015 State of […]