vulnerability 
Schneier on Security
NOVEMBER 15, 2023
We provide a security analysis of the SSH, IKEv1, and IKEv2 protocols in this scenario, and use our attack to discover hundreds of compromised keys in the wild from several independently vulnerable implementations.
Schneier on Security
APRIL 8, 2024
This is a newly discovered email vulnerability: The email your manager received and forwarded to you was something completely innocent, such as a potential customer asking a few questions. All that email was supposed to achieve was being forwarded to you. However, the moment the email appeared in your inbox, it changed.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Boulevard
APRIL 26, 2024
What is a cybersecurity vulnerability, how do they happen, and what can organizations do to avoid falling victim? Among the many cybersecurity pitfalls, snares, snags, and hazards, cybersecurity vulnerabilities and the likes of zero-day attacks are perhaps the most insidious.
Schneier on Security
APRIL 5, 2024
It seems that the FCC might be fixing the vulnerabilities in SS7 and the Diameter protocol: On March 27 the commission asked telecommunications providers to weigh in and detail what they are doing to prevent SS7 and Diameter vulnerabilities from being misused to track consumers’ locations.
Speaker: Erika R. Bales, Esq.
Without simplified fundamentals, security and compliance programs may allow too much interpretation or variance that could result in vulnerabilities – ranging from annoying to catastrophic. From a legal and regulatory perspective, Erika R. Bales, Esq.
Schneier on Security
SEPTEMBER 27, 2023
Rather than Apple, Google, and Citizen Lab coordinating and accurately reporting the common origin of the vulnerability, they chose to use a separate CVE designation, the researchers said. The researchers concluded that “millions of different applications” would remain vulnerable until they, too, incorporated the libwebp fix.
Schneier on Security
MARCH 27, 2024
The technique is a collection of security vulnerabilities that would allow a hacker to almost instantly open several models of Saflok-brand RFID-based keycard locks sold by the Swiss lock maker Dormakaba. My guess is that for many locks, this is a permanent vulnerability. Some older installations may take years.
Speaker: Blackberry, OSS Consultants, & Revenera
64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. Software is complex, which makes threats to the software supply chain more real every day. In the U.S. alone, cyber losses totaled $10.3 billion in 2022.
Speaker: William Hord, Senior VP of Risk & Professional Services
Are we leveraging risk velocity and vulnerability to obtain more granular residual risk results? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?
Expert insights. Personalized for you.
337 
Let's personalize your content