Security Experts:

Virus & Threats
long dotted


Lexmark patches critical vulnerability in Markvision Enterprise printer management software [Read More]
A recently patched Windows zero-day vulnerability has been used by an APT actor dubbed FruityArmor for privilege escalation [Read More]
A new IoT worm dubbed Hajime uses BitTorrent protocols to communicate over a P2P network instead of using a centralized server [Read More]
The number of IoT devices ensnared by Mirai botnets has increased considerably following the leak of the malware’s source code [Read More]
Oracle's Critical Patch Update (CPU) for October 2016 brings a total of 253 new security fixes across multiple product families, nearly half of which can be exploited remotely without authentication. [Read More]
Researchers have found a new ASLR bypass method by exploiting a hardware vulnerability [Read More]
A recently conducted security assessment of VeraCrypt has revealed over 25 security vulnerabilities in the popular encryption platform, including a critical cryptography flaw. [Read More]
An exploit for a zero-day vulnerability affecting an ecommerce plugin for WordPress has been added by cybercriminals to their toolkit [Read More]
Many home Internet routers are known to include vulnerabilities, while home users are not known for their ability to behave securely. [Read More]
The Dyre developers that were not arrested by Russian authorities are apparently working on a new banking Trojan dubbed TrickBot [Read More]

FEATURES, INSIGHTS // Virus & Threats

rss icon

Jim Ivers's picture
Mature organizations should adopt a blended approach that employs testing tools at various stages in the development life cycle.
Scott Simkin's picture
While exploit kits are certainly contributing to the steady rise in the number of cyberattacks, in the end, the methods they use to infect endpoints and networks can be stopped provided the proper steps are taken.
David Holmes's picture
SWEET32 is probably not something that an enterprise administrator needs to lose sleep over. Very likely, we will never see a SWEET32 attack in the wild, just as we never have for POODLE or BEAST.
Jim Ivers's picture
When will automakers speak up about the measures they have taken to test the software embedded in their vehicles?
Dan Cornell's picture
Security teams and DevOps teams aren’t always on the same page and the lack of communication often results in misaligned priorities that significantly inhibit productivity.
Erin O’Malley's picture
Conventional email security solutions may defend against spam, viruses, and malware, but they don’t defend against ignorance or egregious stupidity.
Jim Ivers's picture
Organizations should understand the risks and returns of open source and either start putting policies in place or getting serious about enforcing existing policies.
Torsten George's picture
Relying solely on existing intelligence provided by vulnerability scanners should only be a first step in a cyber risk management process.
Wade Williamson's picture
It turned out to be a tricky month for security admins to take that long-awaited summer vacation because July was one of the busiest months in recent memory in terms of vulnerabilities.
Jim Ivers's picture
If a car’s systems can be hacked to disable critical systems, then attacks can also be used to extract information. Similar to IoT, if data is being collected, data can be exfiltrated.