Vulnerabilities

Strategies for effectively protecting intellectual property

When it comes to protecting your organization's intellectual property (IP), a single click by an end-user can either lead to data protection or a data breach.

Securing Your Website to Protect Brand Reputation

Customers are doing more and more business online. Nearly 80% of the U.S. population shops online and half bank online. However, websites are constantly under attack. 71% of consumers feel it is up to the online stores to ensure the protection of their information, making website security a top priority for many businesses.

Creating an encryption strategy for modern risks mitigation

Every company has a data security risk mitigation strategy. However, the continuous news cycle on data breaches is proof that it is time to augment that strategy.

Best way to operationalize threat intelligence is enforcing it at the DNS layer

How many days go by before you take action on new threat intelligence?

Understanding the FFIEC cybersecurity assessment tool

The Federal Financial Institutions Examination Council (FFIEC) recently released the Cybersecurity Assessment Tool (CAT) to help financial institutions identify their risks and determine their cybersecurity preparedness. The CAT will no doubt be relied on by examiners from the OCC, FDIC and other agencies as they assess banking institutions' cybersecurity readiness.

Baby monitor vulnerabilities bring IoT security issues into sharp focus

Baby monitor vulnerabilities bring IoT security issues into sharp focus

By

Research from Rapid7 uncovered vulnerabilities in video baby monitors that could provide a pathway to compromise other devices and networks that link to business resources.

Fortinet addresses four vulnerabilities in FortiClient

Fortinet addresses four vulnerabilities in FortiClient

By

Fortinet has released a firmware update for its endpoint security solution FortiClient in order to address four vulnerabilities reported by Core Security.

Belkin Wi-Fi routers at risk from multiple vulnerabilities

Belkin Wi-Fi routers at risk from multiple vulnerabilities

Flaws have not been patched and there are no workarounds for many of them, says US CERT.

KPMG survey: 4 out of 5 health execs say company data has been compromised

KPMG survey: 4 out of 5 health execs say company data has been compromised

By

A KPMG Health Care and Cyber Security report found that four-fifths of execs said their data has been compromised in cyber attacks.

Adobe Flash steadily heading toward demise

Adobe Flash steadily heading toward demise

By

Both Amazon and Google took steps to downplay or completely rid its company's entities of Flash ads.

Adobe issues security updates to address ColdFusion vulnerability

By

Successful exploitation of the ColdFusion vulnerability could result in information disclosure, Adobe said.

CERT warns DSL router users of vulnerability

CERT warns DSL router users of vulnerability

By

CERT issued a warning on Tuesday over a vulnerability in DSL routers that all contained the same hard-coded credentials.

Audit report finds sensitive data at risk for at least 73 Callif. agencies

Audit report finds sensitive data at risk for at least 73 Callif. agencies

By

Sensitive data of California residents including, social security numbers, health records, and income tax information vulnerable

Car industry bands together to thwart hacking threats

Car industry bands together to thwart hacking threats

By

Automakers are banding together to help guard against and mitigate a new breed of cyberattack targeting on-board computer systems.

WordPress sites redirect to Neutrino EK, CryptoWall pushed via Flash exploit

WordPress sites redirect to Neutrino EK, CryptoWall pushed via Flash exploit

By

Zscaler has been seeing attackers targeting WordPress sites running version 4.2 and lower.

Facebook updates ThreatExchange info, says gov't agencies not welcome

Facebook updates ThreatExchange info, says gov't agencies not welcome

By

Facebook is looking to expand its ThreatExchange while also keeping government participation at a non-existent level.

Sandbox violation in Apple's iOS affects MDM users, could enable breaches

Sandbox violation in Apple's iOS affects MDM users, could enable breaches

By

The vulnerability, which is being referred to by Appthority as Quicksand, was patched by Apple in iOS 8.4.1.

Drupal 6.37 and 7.39 released, critical vulnerabilities addressed

Drupal 6.37 and 7.39 released, critical vulnerabilities addressed

By

Open source CMS platform Drupal has issued security patches to address several critical vulnerabilities affecting Drupal 6 and 7.

10 Reasons You Need to Test, Not Guess

10 Reasons You Need to Test, Not Guess

How you are securing your sensitive information should not be a guessing game

Microsoft patches critical remote code execution bug in Internet Explorer

Microsoft patches critical remote code execution bug in Internet Explorer

By

A patch released Tuesday addresses a critical memory corruption vulnerability that can be exploited by an attacker to enable remote code execution.

Quantity and strength of DDoS attacks increased in Q2 2015, report shows

Quantity and strength of DDoS attacks increased in Q2 2015, report shows

By

Researchers at Akamai reported an increase in the quantity and strengths of DDoS style attacks in Q2 of 2015 compared to last year.

Widespread Android vulnerability enables code execution with full privileges

Widespread Android vulnerability enables code execution with full privileges

By

Google has addressed the bug, CVE-2015-3842, which can be exploited via a malicious app that does not require any permissions.

BitTorrent protocol family vulnerable to DRDoS attacks

BitTorrent protocol family vulnerable to DRDoS attacks

By

Researchers at WOOT '15 demonstrated how the BitTorrent protocol family is vulnerable to DRDoS attacks.

GM says OnStar app flaw fixed, researcher says still exploitable

GM says OnStar app flaw fixed, researcher says still exploitable

By

GM's OnStar RemoteLink mobile application contains a vulnerability that can enable an attacker to identify, start a vehicle and more.

Phishing scams, malicious attachments top, threat report reveals

Phishing scams, malicious attachments top, threat report reveals

By

Hackers went old school during the first half of 2015, resurrecting the use of malicious email attachments and also began targeting businesses with a new stream of phishing attacks, according to Proofpoint's first half threat report.

Vulnerability identified in Google Admin app, remains unpatched

Vulnerability identified in Google Admin app, remains unpatched

By

The vulnerability was identified by security researchers with MWR Labs, and it impacts Google Admin version 2014101605 and lower.

Even after patch, Stagefright poses threat to Android devices

By

After a patch for the Stagefright flaw was discovered to be incomplete, leaving Android devices vulnerable to attack, Google has released a new patch to open source.

Facebook rescinds Harvard student's internship for creating map app

Facebook rescinds Harvard student's internship for creating map app

By

Facebook withdrew an internship offer from a Harvard student after her created an app to exploit a flaw in Facebook Messenger.

OpenSSH releases version 7.0

By

OpenSSH released version 7.0 this week, along with four security fixes and various new features.

Salesforce subdomain affected by reflected XSS vulnerability

Salesforce subdomain affected by reflected XSS vulnerability

By

The cross-site scripting vulnerability has been addressed, but it could have been exploited by an attacker to distribute malware and carry out phishing attacks.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US