Security Wire Daily News
Security researchers tested the controversial Intel Management Engine and other products, finding multiple Intel firmware vulnerabilities.
A security researcher at UpGuard found exposed data in Amazon Web Services cloud storage buckets and once again the data belongs to the Department of Defense.
An anonymous security researcher has once again earned the top Google bug bounty prize in the Chrome Reward Program for Chrome OS exploit chain.
News roundup: In under a week after its release, researchers were able to bypass the main iPhone X security feature, Face ID. Plus, Microsoft patched a 17-year-old flaw, and more.
A lengthy Kaspersky report offers more insight into how the antivirus company discovered Equation Group malware and came to possess classified U.S. government data.
Experts are still unsure about the Vulnerabilities Equities Process, but admit the new VEP Charter could be a good step towards making federal vulnerability review better.
The White House wants a more open Vulnerabilities Equities Process and has unveiled a new VEP Charter in order to promote transparency in bug reviews.
Microsoft said there were no critical vulnerabilities for Windows Server this month, but it issued patches for exploits that could be more damaging in the long run.
A new proof of concept exploit, called AVGater, has found a way to abuse antivirus quarantines to attack systems and gain full control.
News roundup: Following the massive Equifax breach, the CEO said he doesn't know if customer data is encrypted or not. Plus, flaws were found in IEEE's P1735 standard, and more.
New court documents indicate an FBI hacking operation may have crossed international borders and infected systems in Russia, China and Iran.
The latest security release from Google patched the Android KRACK vulnerability affecting WiFi's WPA2 protocol, but update confusion leaves users unsure if they are safe or not.
A fake WhatsApp app bypassed Google's Play Store checks and was downloaded 1 million times, but one expert said Google's store is still the safest place to get apps.
Security researchers competing at Mobile Pwn2Own 2017 used multiple vulnerabilities to hack iOS 11 in order to execute code and win prizes.
News roundup: Comodo and Symantec sales signal important changes in the certificate authority business. Plus, an Oracle vulnerability gets a CVSS score of 10.0, and more.
Two senators introduced a bipartisan election security bill called the SAVE Act, which aims to improve voting infrastructure and harden state systems against attack.
Cataclysmic security incidents highlight the importance of a vulnerability management program versus a patch management system. Here's how to implement a risk-based approach.
SOCs are maturing, but organizations facing the increased threat landscape understand that improving their effectiveness must be a priority in the year ahead.
The managing director at Promontory Financial Group, now part of IBM, talks about supercomputers, cryptography applications and her start in computer science.
Information security operations centers are “growing up,” according to one study. But, with staffing shortages and manual collection of data, performance metrics are hard to get.