Security Experts:

Security Infrastructure
long dotted

NEWS & INDUSTRY UPDATES

Google and CWI announced the first SHA-1 collision, creating two PDFs with different content but identical hashes [Read More]
Fortinet released details on the top malware, ransomware, mobile malware, IPS events, botnets, and exploit kits targeting the healthcare industry in Q4 2016. [Read More]
Researchers use drones and hard drive LEDs to steal data from air-gapped computers at speeds of up to 4,000 bps [Read More]
Netflix releases Stethoscope, an open source security tool that gives users recommendations for securing their devices [Read More]
Cisco launches four new Firepower next-generation firewalls for businesses that perform a high volume of sensitive transactions [Read More]
An attacker can discover various details about Firefox users due to the manner in which the browser caches intermediate CA certificates, a researcher has discovered. [Read More]
Breach that may have affected many major organizations comes to light after nearly two years. Links found to Chinese APTs [Read More]
Researchers warn about the threat posed by logic bombs to industrial control systems (ICS), particularly programmable logic controllers (PLCs) [Read More]
Unpatched vulnerabilities in Java and Python allow attackers to use FTP injections to bypass firewalls, including from Cisco and Palo Alto Networks [Read More]
A remote command execution (RCE) vulnerability has been found by a researcher in Siklu EtherHaul radios [Read More]

FEATURES, INSIGHTS // Security Infrastructure

rss icon

Ashley Arbuckle's picture
Generally referred to as the “attack chain,” the approach cybercriminals follow to launch and execute attacks is well-documented and includes reconnaissance, weaponization, delivery, and installation.
Travis Greene's picture
Shadow IT 2.0 is a symptom of a bigger problem – the inability to maintain digital competitive advantage due to the insufficient pace of code deployment.
Scott Simkin's picture
Attackers have developed anti-VM analysis techniques to allow the malware to recognize when it is being run on a virtual machine and fail to execute, meaning the system or threat analytics cannot make a verdict determination or extract intelligence from the sample.
Adam Meyer's picture
Cyber threat intelligence needs to be tailored to its audience as it means different things to different people, whether it’s on-the-network defenders, Red Teams, threat analysts, risk officers, business executives and Board of Directors, legal, application owners, and so on.
Jennifer Blatnik's picture
Focusing on securing an endless amount of endpoints is almost impossible to do effectively. You can’t rely on the devices to be secure and you can’t rely on the consumers to secure their devices themselves.
Marc Solomon's picture
Threat intelligence has a shelf life, but there’s not a well-defined, industry standard on how to expire threat intelligence.
Marie Hattar's picture
To fully realize the benefit of the Public Cloud, it is vital that the same due diligence applied to a physical network is applied to a cloud-based infrastructure.
Alan Cohen's picture
While there are clear security benefits gained through network segmentation, the principal goal of creating subnets is to improve performance, avoiding broadcast storms and latency stimulated by our insatiable requirement for bandwidth.
Jim Ivers's picture
Savvy organizations have learned how to use a mix of static and dynamic application security testing types to increase their coverage and lower their risk.
Rafal Los's picture
Do you ever find yourself trying to protect your organization from exotic attack scenarios that are highly unlikely or that would have a minimal impact on you?