IOActive’s director of penetration testing says memsad causes software to expose passwords, keys, and tokens we use to protect our data. And the rot has spread far and wide.
For implanted medical devices, where a faulty update could harm or even kill a patient, a doctor’s office visit is in order. With no billing code, hospitals have been eating the costs.
Parisa Tabriz, head of Chrome security and leader of Project Zero, calls out Google’s leadership approach in Internet security as a combination of muscle and joint efforts.
Hackers are divided on the prospects of SBOM standards. Some say they could reduce many patching obstacles. Others worry that they could do more harm than good.
Industrial facilities ranging from oil rigs to breweries use Schneider software to monitor and control their machines. Hacks could have serious commercial or safety implications.
They’re key to advanced persistent threats. They’re increasingly simple. And they’re called zero-days because there’s essentially no time to patch them before a potential cybercriminal exploit.
Software updates and security patches for critical-infrastructure systems like those of hospitals, 911 dispatchers, and power plants aren’t easy or cheap. But there’s no excuse, experts say, for neglecting them.
At BSides and RSA, bug bounty experts Amit Elazari and Katie Moussouris say today’s programs lack adequate "safe harbor" hacker protections and vulnerability-patching requirements.
Symantec researchers say Inception Framework is hijacking vulnerable old routers to forward malicious traffic and thus obscure the source of its advanced persistent threats.
The Meltdown and Spectre chip flaw exploits are prompting a deluge of security patches. They might also represent a rude wake-up call to chip designers that speed and energy efficiency aren’t everything.
To gain unrestricted access to Macs running High Sierra prior to patching, someone could simply enter the word “root” as the username. Apple’s major misstep isn’t isolated, experts say.
Exploits for vulnerabilities in Wi-Fi, Microsoft Office, and encryption keys are making waves. One is called KRACK. Here’s what security experts say we should make of them.
Crime kits are automated, self-contained tools that cybercriminals of any skill level can deploy to exploit a vulnerability. Protecting their proliferation requires a multipronged approach.
Because organizations running critical infrastructure, from power plants to hospitals, often hold off on system updates, they are more vulnerable to ransomware like WannaCry.
Sans regulation or consistent guidelines, experts say it’s in the best interest of software vendors and security researchers to coordinate on disclosures and patch releases.
With “flexibility and freedom” comes “multifaceted” threats to consumer safety. Here’s how browser developers ranging from Google to Mozilla are approaching today’s challenges.
From a plea for an “NIH for cyber” to a plan for “software supply chain transparency,” Black Hat and DefCon insiders say it’s time for the U.S. government to ensure software safety.
White and black hats alike are successfully prying their way into Internet-connected devices ranging from cattle tags to tea kettles. We ask two experts about the long-term implications.
Automated bug detectors often add another layer of security to app development. The social network’s software blocks its programmers from reusing code containing a known vulnerability.
Add the Pentagon to the growing list of nontech organizations looking to improve their tech security by paying independent security researchers to hack them.
A hacker equipped with a $15 dongle and 15 lines of code can exploit the vulnerability to connect to, spy on, and control a computer using it, a Bastille security researcher says.
Makers of the Internet of Things devices say they’re now taking security seriously, but researchers say that’s just not true—and it’s going to be a while before it is.
