Penetration testing ethical hacking and vulnerability assessments
- April 27, 2018
News roundup: Researchers found a keycard vulnerability that enabled them to enter millions of hotel rooms worldwide. Plus, Yahoo has been fined $35 million by the SEC, and more.
- April 20, 2018
Following its controversial lawsuit against an Ars Technica security reporter, Keeper Security has teamed with Bugcrowd on a formal vulnerability disclosure program.
- April 19, 2018
Bug bounty programs may seem to offer salvation at a bargain price for securing networks and systems, but Katie Moussouris offers tips for avoiding major pitfalls.
- March 09, 2018
Tenable.io Lumin enables organizations to gauge their 'cyber exposure' to vulnerabilities and allows them to compare remediation efforts against industry benchmark data.
- January 26, 2018
Intel first learned of the Spectre vulnerabilities on June 1, but a confidential document shows the chipmaker didn't inform OEM partners until almost six months later.
- January 26, 2018
A newly-discovered Blizzard security bug, which affected all of the company's popular PC games including Overwatch, should serve as a warning for the video game industry.
- January 25, 2018
The Electron framework -- used to develop desktop apps using web code -- included a remote code execution flaw that was passed on to popular apps like Slack.
- January 04, 2018
Vendors released the vulnerability disclosures and patches for the new Meltdown and Spectre CPU attacks as the infosec industry begins mitigating risks.
- November 21, 2017
Security researchers tested the controversial Intel Management Engine and other products, finding multiple Intel firmware vulnerabilities.
- November 03, 2017
Security researchers competing at Mobile Pwn2Own 2017 used multiple vulnerabilities to hack iOS 11 in order to execute code and win prizes.
- October 31, 2017
A security researcher earned more than $15,000 by finding three flaws in the Google Issue Tracker, aka Buganizer, which revealed details on unpatched vulnerabilities.
- October 26, 2017
In this week's Risk & Repeat podcast, SearchSecurity editors discuss vulnerability marketing and compare how the recent KRACK attack and ROCA flaw were publicized and promoted.
- September 28, 2017
A security researcher describes the network lateral movement process from an attacker's perspective and a few key points of focus for IT pros, at DerbyCon.
- September 27, 2017
The DerbyCon keynote covered why security research is an approachable field, as well as how to bypass a Windows digital signature check to run unwanted code.
- September 08, 2017
A researcher discovered a remotely exploitable Apache Struts vulnerability being actively exploited in the wild. A patch was released, and users were urged to update software immediately.