SEARCH
Archive
History Suggests Attackers Will Hit Struts Flaw Quickly
The open source Struts web application framework has a target on its back. Attackers are likely developing exploits. Is it time to stop using Struts?
What Defenders Need to Know About the Latest Struts Flaw
It hasn’t even been a year since the Equifax breach was made public, and Apache has fixed yet another another critical vulnerability in the Struts web application framework. Does your incident response plan include assessing the risk exposure and deploying defenses on top of patch management?
What IT Needs to Know About Foreshadow
Foreshadow/L1TF refer to a group of vulnerabilities that can be exploited in modern Intel chips using speculative execution attacks to bypass security protections and harvest sensitive information.
Expect More Spectre, Meltdown Variants Until Updated Chips Arrive
After Meltdown and Spectre, many researchers warned that increased scrutiny on side-channel meant more attacks will be found, so the discovery of "Variant 4" is not a surprise. More variants will be found as chip makers update their designs over the next few years to fix the issues.
Predict Which Security Flaws Will be Exploited, Patch Those Bugs
How do enterprises figure out which security flaws to fix first? Research shows common vulnerability management and remediation strategies are no better than random guesses. Trying to predict which flaws will be exploited and fixing those is a better use of the security teams's time.