Davey Winder

Oracle E-Business Suite PAYDAY critical vulnerabilities remain a licence to print money

Oracle E-Business Suite PAYDAY critical vulnerabilities remain a licence to print money

Half of Oracle EBS customers have not patched critical payment system vulnerabilities in Oracle E-Business Suite - with a CVSS score of 9.9 out of 10, these these vulnderabilities are very high-risk indeed.

Android smartphone fuzzing reveals 'gaping hole' in trusted execution environment

Android smartphone fuzzing reveals 'gaping hole' in trusted execution environment

Security researchers find vulnerabilities in the supposedly impenetrable 'secure world' storage vault in Android phones that could allow access to payment credentials

Google looks to open source silicon to solve the root of trust conundrum

Google looks to open source silicon to solve the root of trust conundrum

A hardware vulnerability can have significant impact on software security as most software was designed around assumptions present in the hardware and subsequently compiled for a given hardware platform.

Are businesses asking the right questions when it comes to cloud security?

Are businesses asking the right questions when it comes to cloud security?

Survey says 39 percent of cybersecurity professionals identify cloud storage and file sharing apps as being the most vulnerable to insider attacks

Can CISOs at smaller enterprises wield enough influence to square the third-party security circle?

Can CISOs at smaller enterprises wield enough influence to square the third-party security circle?

Persistence, consistency, & flexibility are the keys to driving security strategy in smaller enterprises. They must also be consistent about strategy & the next steps that need to be taken to improve security maturity.

APT actors up their game; is it only a government concern or do enterprises need to pay more attention?

APT actors up their game; is it only a government concern or do enterprises need to pay more attention?

CISOs roll their eyes when they hear 'APT', or say they're not a real threat to most organisations, but they are on the rise, and their hacking techniques do pose a threat as they get weaponised by cyber-criminals.

Pass the Hash attacks are symptomatic of much bigger security problems

Pass the Hash attacks are symptomatic of much bigger security problems

A newly published survey reveals that some 68 percent of IT security stakeholders don't know if they've experienced a Pass the Hash (PtH) attack. That isn't necessarily a cause for too much concern.

Energy sector under attack from malware combo attacks

Energy sector under attack from malware combo attacks

Kaspersky products were triggered on 41.6 percent of ICS computers in the energy sector globally in just the first six months of 2019.

Enterprise ransomware threat shines spotlight on poor patch management

Enterprise ransomware threat shines spotlight on poor patch management

Vulnerability scores from 2007 don't adequately measure risk in 2019; 31.5% of vulnerabilities exploited by ransomware could have been patched from 2015 or earlier but they're used as they're still successful;

Attackers abuse security feature to deliver malicious content via video ads

Attackers abuse security feature to deliver malicious content via video ads

A new malware campaign is abusing a security feature - sandboxed iFrames - so that instead of protecting links in video advertising it can be used to deliver malicious content.