Posts

Why Patching Software Is Hard: Technical Challenges

Huge companies like Equifax can stumble over basic technical issues. Here’s why.
Source: Vulnerabilitys & Threats

The Week in Crypto: Bad News for SSH, WPA2, RSA & Privacy

KRACK, ROCO, exposed SSH keys and the European Commission’s loosey-goosey stance on backdoors have made it a rough week for cryptography. Here’s your wrap-up on the best of the worst.
Source: Vulnerabilitys & Threats

Oracle Fixes 20 Remotely Exploitable Java SE Vulns

Quarterly update for October is the smallest of the year: only 252 flaws to fix! Oracle advises to apply patches ‘without delay.’
Source: Vulnerabilitys & Threats

Reuters: Microsoft's 2013 Breach Hit Bug Repository, Insiders Say

Five anonymous former Microsoft employees tell Reuters that Microsoft’s database of internally discovered vulnerabilities was compromised in 2013, but Microsoft will not confirm it occurred.
Source: Vulnerabilitys & Threats

Private, Public, or Hybrid? Finding the Right Fit in a Bug Bounty Program

How can a bug bounty not be a bug bounty? There are several reasons. Here’s why you need to understand the differences.
Source: Vulnerabilitys & Threats

The State of Ransomware

Ransomware has become one of the most prevalent new cybersecurity threats faced by today’s enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization’s ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Source: Vulnerabilitys & Threats

Security's #1 Problem: Economic Incentives

The industry rewards cutting corners rather than making software safe. Case in point: the Equifax breach.
Source: Vulnerabilitys & Threats

SecureAuth to Merge with Core Security

K1 Investment Management, which owns Core Security, plans to acquire the identity management and authentication company for more than $200 million.
Source: Vulnerabilitys & Threats

The 'Team of Teams' Model for Cybersecurity

Security leaders can learn some valuable lessons from a real-life military model.
Source: Vulnerabilitys & Threats

How to Use Purple Teaming for Smarter SOCs

Justin Harvey explains why the standard blue team vs. red team can be improved upon, and provides tips on doing purple teaming right.
Source: Vulnerabilitys & Threats