In this Threatpost op-ed, Dave Dittrich and Katherine Carpenter explain the dangers of conflating measurable events, or observables, with indicators of compromise, which require context and other constructs to provide true threat intelligence.
Browsing Category: Vulnerabilities
Oracle fixed 136 vulnerabilities across 46 different products this week as part of its regularly scheduled Critical Patch Update.
Google released its annual Android Security Report, a state of the union on the Android ecosystem.
Researchers at Bastille said they’ve more than doubled the range with which an attacker can exploit the Mousejack vulnerability.
Google determined that Safe Browsing warnings correlate with quicker remediation times, though not as quick as direct contact with webmasters who have registered with Google Search Console.
A Berkeley postdoctoral researcher and former MIT student will soon unveil Space, a static-analysis web-application security tool that can find vulnerabilities in a minute.
Cisco Talos said that 3.2 million servers are vulnerable to the JBoss flaw used as the initial point of compromise in the recent SamSam ransomware attacks.
VMware fixed a critical vulnerability in one of its products this week that could’ve led to a man in a middle attack if exploited by an attacker.
Mike Mimoso and Chris Brook recap the news of the week, including the Badlock bust, encryption legislation, and cryptoworm ransomware. Mike also discusses last week’s Infiltrate Con.
In this Threatpost Op-Ed, Katie Moussouris explains the significance of the newly free availability of ISO Standard 29147 Vulnerability disclosure, and why it keeps an important dialogue open between hackers and industry.