Advantech fixes serious vulns in WebAccess HMI/SCADA software
Advantech has plugged nine security holes in WebAccess and has urged users to upgrade the software as soon as possible. Advantech WebAccess is a web browser-based software …
Cisco unveils LabVIEW code execution flaw that won’t be patched
LabVIEW, the widely used system design and development platform developed by National Instruments, sports a memory corruption vulnerability that could lead to code execution. …
Drone maker DJI launches bug bounty program
Chinese consumer drone maker DJI has announced that it’s starting a bug bounty program and has invited researchers to discover and responsibly disclose issues that could …
Leveraging social media in advanced threat intelligence
In this podcast recorded at Black Hat USA 2017, Christian Lees, CISO at InfoArmor, discusses how leveraging social media helps to understand the motives and threat landscape …
Researchers figured out how to disable the Intel ME controller on Intel chipsets
Researchers have discovered that Intel Management Engine (Intel ME) 11, a dedicated (and non-optional) microcontroller integrated into all Intel chipsets, can be disabled …
Tech firms band together to take down Android DDoS botnet
An ad-hoc alliance of tech firms has managed to seriously cripple an Android-based botnet that was being actively used to DDoS multiple content providers. The botnet, dubbed …
Complete and continuous cloud infrastructure protection
In this podcast recorded at Black Hat USA 2017, Hari Srinivasan, Director of Product Management at Qualys, talks about the challenges involved in securing clouds, and explains …
Chinese government’s latest crack against online anonymity
The Chinese government is dead-set on making it so that all online interactions can be tied to a specific user. The latest move towards this goal came on Friday, when the …
New, custom ransomware delivered to orgs via extremely targeted emails
Ransomware campaigns are usually wide-flung affairs: the attackers send out as many malicious emails as possible and hope to hit a substantial number of targets. But more …
Getting a start on cyber threat hunting
In this age of advanced persistent threats, waiting for traditional threat management solutions like IDS and SIEM to flag incidents and threats is simply not enough anymore. …
Know your adversary: Focus on social engineering
In this podcast recorded at Black Hat USA 2017, Tim Roberts, Senior Security Consultant at NTT Security, talks about social engineering and emphasizes the importance of …
Week in review: Android Oreo security, hacking robots, DDoS attacks on the rise
Here’s an overview of some of last week’s most interesting news, podcasts and articles: Judge limits DOJ’s search of anti-Trump website data On Thursday, District …
Featured news
Resources
Don't miss
- Why we must go beyond tooling and CVEs to illuminate security blind spots
- Making security and development co-owners of DevSecOps
- Review: Passwork 7.0, self-hosted password manager for business
- What a mature OT security program looks like in practice
- Machine unlearning gets a practical privacy upgrade