I had a great discussion on the SECURITYbreak podcast talking about security vulnerability research impacting Apple vision pro VR headsets, MasterCard’s acquisition of threat intelligence vendor Recorded Future, and some horrific aspects of cybercrim
Vulnerability (20)
When cybersecurity researchers break the law, destroy their reputation, and make the bug-bounty research community look bad.
TL:DR Researchers found a vulnerability in a cryptocurrency exchange. They notified the company, but then exploited the bug to
We're talking about the latest Java-based vulnerability CVE-2021-44228. Recently, a critical Zero-day vulnerability has been found in log4j which permits Remote Code Execution (RCE) allowing the attackers to get remote access. The Vulnerability got
Recently, we were pentesting a Data mining and Analytics company. The amount of data that they talked about is phenomenal and they are planning to move to Big Data. They invited me to write a blog on state of the art, Big Data security concerns and c
Our editorial team has handpicked some great talks from Black Hat Conference - one of the largest IT Security Conference in the world.
Black Hat - built by and for the global InfoSec community - returns to Las Vegas for its 19th year. This six day e
Overview
With the increasing need of Bluetooth Low Energy (BLE) IoT security, comes the part of vulnerability management in these networks. Unlike the IP security, BLE security framework is not yet mature. The newer version of BLE have enhanced the s
Many new devices are trying to fit into our life seamlessly. As a result, there’s a quest for a “universal access methods” for all devices. Voice activation seems to be a natural candidate for the task and many implementations for it surfaced in rece
Background:
It has been suggested that any new development will include less than 1% original code. If this isn’t presently true, it will likely be as time progresses.
With any security program, the goal is to identify the vulnerabilities, the relate
New CPU Vulnerabilities Discovered
RIDL/ZombieLoad and L1DES/CacheOut are just the latest variants of vulnerabilities discovered in Intel CPU’s that target Micro-architectural Data Sampling (MDS) weaknesses. Discovered over 7 months ago, researchers r
Bugcrowd has released some interesting survey data that provides insights into the white-hat vulnerability researcher community.
Of note, most researchers were male (94%) and make less than $25k per year finding vulnerabilities. A vast majority were m
Intel has released patches for several security vulnerabilities in their Active Management Technology (AMT) and Intel Standard Manageability (ISM) platforms. One of them was a critical flaw in AMT that allowed remote privilege escalation CVE-2020-8
The first warning sign was “hackproof” in the 360Lock marketing materials. As it turns out, with no surprise to any security professional, the NFC and Bluetooth enabled padlock proved to be anything but secure.
Recent verified reports highlight exploitable vulnerabilities in Apple’s security chip that cannot be patched! The announcement adds to the growing concerns and shifting perceptions about hardware security.
Hardware-based security has pros and cons.
The U.S. National Security Agency knows which vulnerabilities China backed hackers are exploiting the most to gain access to sensitive data.
The Chinese state-sponsored information gathering engine is a vacuum when it comes to acquiring information fr
A group of security vulnerability researchers, after many months of work, were able to figure out the update process and secret key used to decrypt Intel microcode updates for the Goldmont architecture product lines.
This is an important finding as it
A website tied to an event that quizzed people on their hacking knowledge, launched by major a security consultancy firm, is itself vulnerable to being hacked.
This incident showcases a number of important lessons for every organization that wants to
Another vulnerability and exploit named VoltPillager has been published for Intel Corporation's SGX security technology. The attack itself is simply a hardware version of a previously discovered PlunderVolt software vulnerability where voltage to th
Vulnerability Management System was implemented as a practice within the Organization across the Global Business Unit (India, Middle East & Africa). The implementation included Vulnerability Assessment and Remediation. The assessment is made based
The network security industry recommends that an organization periodically perform risk modeling,assessment, and risk management to anticipate and take pro-active measures against threats.
(Read more: Top 5 Application Security Technology Trends )
CISO Platform
A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.
Join CISO Community Share Your Knowledge (Post A Blog)
16th CISOPlatform 100 Awards
- Description:
16th CISO Platform, Top 100 Awards
Top 100 Awards is India's 1st & Oldest CISO Awards, happening on 17-18 October at Chennai, Mahabalipuram, India
Click here for the agenda & details: https://www.cisoplatform.com/top-100-ciso-awards-2024Click here to nominate: …
- Created by: Priyanka Aash