In-brief: The Devil’s Ivy vulnerability in the open source gSOAP library is widespread and supposedly trivial to exploit. So why, one month later, haven’t we seen any attacks? Is Devil’s Ivy a dud? ‘Don’t count on it,’ security experts tell us.
In-brief: more than three years after it was first discovered, the Heartbleed vulnerability in OpenSSL continues to plague organizations worldwide. Why has it been so hard to fix? In this Industry Perspective, Patrick Carey of the firm Black Duck talks about some of the complicating factors that make vulnerabilities like Heartbleed so hard to eradicate.
In-brief: a new service built into Internet of Things search engine Shodan promises to find the computers that control remote access trojans (RATs) – a common form of information stealing malware.
In-brief: new botnets, dubbed “Brickerbot” were first spotted in recent weeks conducting what Radware termed “permanent denial of service” attacks: compromising and then destroying data on vulnerable connected endpoints.
In-brief: The recently disclosed trove of personnel files by an US Air Force officer is one piece of a much larger phenomenon: exposed, vulnerable and Internet-connected network attached storage (or NAS) devices chock full of gigabytes sensitive data.