Information Security Threats
- March 10, 2017
News roundup: Report on zero-day vulnerabilities questions government stockpiling. Plus, Comey talks encryption and privacy, FCC blocks consumer protection rule, and more.
- March 08, 2017
Experts criticize both WikiLeaks and the CIA for failing responsible vulnerability disclosure around the Vault 7 documents, and question the CIA's use of the VEP.
- February 06, 2017
Rapid7's Beardsley and Brown are back with more insight into vulnerability disclosure, the value of bug bounty programs and, of course, IoT.
- January 20, 2017
News roundup: A flawed Adobe extension was secretly installed on 30 million Chrome browsers. Plus, the Mirai author has been identified; Google releases security details; and more.
- January 13, 2017
News roundup: St. Jude Medical patches vulnerable medical IoT devices after a five-month controversy. Plus, the Email Privacy Act is reintroduced; Juniper warns of a firewall flaw; and more.
- December 02, 2016
News roundup: Tor browser patches de-anonymizing vulnerability. Plus, Senators ask Obama to release information on Russia's impact on the election, Mirai botnet for rent and more.
- November 29, 2016
Vendors get an extra 30 days to patch under Cisco Talos' new responsible disclosure guidelines, as Talos notes key differences in time to patch among vendors.
- November 18, 2016
News roundup: The latest chapter of Symantec's security struggles involves a high-severity DLL code flaw. Plus, Dyn attacker might be a lone gamer, James Clapper resigns and more.
- October 19, 2016
IBM asks, and researcher pulls proof of concept code from a coordinated vulnerability disclosure, internet explodes.
- September 16, 2016
Google Project Zero Prize hacking competition is set to improve Android security by rewarding remote code execution exploits with prizes up to $200,000.
- August 05, 2016
Apple will be starting a bug bounty program for researchers who find critical vulnerabilities in iOS or iCloud and offer big rewards.
- May 19, 2016
The ImageTragick bug raises questions over responsible disclosure, as the flaw in the ImageMagick image-processing library exposes millions of websites to remote code execution.
- May 18, 2016
Internet pioneer Paul Vixie spoke with SearchSecurity about Internet crime, the glibc bug and other pervasive vulnerabilities that may never be eradicated.
- April 08, 2016
Vulnerability branding was once a practice that elevated understanding of flaws and potentially led to better remediation, but now serves as little more than marketing for security researchers.
- February 01, 2016
We often talk about shifts in information security from advanced threats to emerging technology defenses, but this year marks a few major turning points.