4 new areas of security vulnerability created by the Internet of Things

Read Ben Rossi explain four new areas of security vulnerability created by Internet of Things on Information Age : The ongoing proliferation of personal computer technology and internet access has changed the face of virtually every industry on Earth, but it’s only the dawn of a new age of connectivity. Read his full article here.

A quarter of Windows devices open to hack

A quarter of all Windows devices, including tablets, computers and smartphones, are open to 700 vulnerabilities because enterprises have failed to update Internet Explorer (IE) at a company wide level. Read the new report called Trusted Access 2016 by Duo Security which reveals that 72 per cent of Java users are running an out-of-date version of the […]

Here Are 4 Vulnerabilities Ransomware Attacks Are Exploiting Now

A zero-day exploit exposed in the Hacking Team breach is among the top weapons deployed in recent ransomware attacks, as well as lots of Flash. Don’t blink, but there’s a common thread in the most recent ransomware attacks: they use four known Adobe Flash Player and Microsoft Silverlight software bugs that have patches available, according […]

Data breaches and cyber-attacks are often caused by failing to patch known (and fixable) vulnerabilities

Data breaches were rarely out of the news last year, with the likes of VTech, OPM, Experian/T-Mobile, Ashley Madison and even Hello Kitty all admitting to data leaks. Read why data breaches and cyber attacks often occur by companies failing to patch known (and fixable) vulnerabilities on Beta News.

Vulnerability Management Program Best Practices – Part 1

An enterprise vulnerability management program can reach its full potential when it is built on well-established foundational goals that address the information needs of all stakeholders, its output is tied back to the goals of the enterprise, and there is a reduction in the overall risk of the organization. Read more about the vulnerability management […]

Security Slice: Cloudy with a Chance of Patching

FireEye recently discovered a massive spear-phishing malware campaign targeting journalists in Hong Kong. The attack appeared to be state-sponsored, and hid a command and control server in their victim’s Dropbox account. As is often the case, the attack could have been circumvented by installing a few simple patches. Read/hear the security slice podcast by Craig […]

Many embedded devices ship without adequate security tests, analysis shows

An analysis of hundreds of publicly available firmware images for routers, DSL modems, VoIP phones, IP cameras and other embedded devices uncovered high-risk vulnerabilities in a significant number of them, pointing to poor security testing by manufacturers. The study was performed by researchers from the Eurecom research center in France and Ruhr-University Bochum in Germany, […]

As more devices go online, hackers hunt for vulnerabilities

Read why Ian Duncan says that as more and more devices go online, hackers will hunt for new vulnerabilities on Baltimore Sun : The hack was simple. Terry Dunlap tapped out a few commands on his laptop and within seconds a message popped on the screen: “Done!” With a few more keystrokes, he could see what […]

Unpatched software vulnerabilities continue to plague businesses

Cybersecurity firm F-Secure says over 70 per cent of businesses continue to leave themselves open to attacks by failing to update their software. The finding is surprising given the availability of security solutions that can help businesses control and manage software updating within their companies. A recent alert from the United States Computer Emergency Readiness […]

Stack Ranking the SSL Vulnerabilities for the Enterprise

Read David Holmes rank the SSL vulnerabilities for enterprises on Security Week : This week’s cute OpenSSL vulnerability is CVE-2015-1793. This little one-line OpenSSL bug could allow an attacker who has a legitimate end-leaf certificate to circumvent the OpenSSL code that validates the certificate’s purpose. The attacker could then, in theory, sign other leaf certificates and […]