Security Experts:

Virus & Threats
long dotted

NEWS & INDUSTRY UPDATES

Cisco warned on Thursday that as a result of default encryption keys in three of its security products, customers are at risk of an unauthenticated remote attacker being able intercept traffic or gain access to vulnerable systems with root privileges.
Health organizations in North America are being hit hardest by the Stegoloader malware, according to Trend Micro.
According to the FBI, CryptoWall attacks cost victims in excess of $18 million between April 2014 and June 2015.
Trend Micro analyzed the recent Adobe Flash Player vulnerability and found the root cause between the zero-day and another flaw was very similar.
Bug bounty platform provider HackerOne announced on Wednesday that it has raised $25 million in a Series B financing round led by New Enterprise Associates (NEA).
France summoned the US ambassador on Wednesday and said it "will not tolerate any acts that threaten its security" after leaked documents indicated Washington spied on President Francois Hollande and his two predecessors.
Adobe patched a zero-day vulnerability in Flash Player that has come under attack in the wild.
A team of researchers has demonstrated a way to steal encryption keys from a PC using a device tiny enough to conceal inside a piece of pita bread.
Researchers at Trustwave have uncovered critical vulnerabilities in RubyGems, the package manager for the Ruby programming language.
Documents leaked by NSA Edward Snowden suggest the NSA and GCHQ may be targeting antivirus companies and reverse-engineering their products, according to a report.

FEATURES, INSIGHTS // Virus & Threats

rss icon

Mark Hatton's picture
Unfortunately, when it comes to security, what you’ve accomplished means very little. It’s all about where the vulnerabilities still exist.
David Holmes's picture
Is it possible to apply this maxim to global SSL patch rates? Let’s take a look at the most recent SSL vulnerability: POODLE.
David Holmes's picture
The media was so taken with the idea that Kate Upton nude photos had caused a DDoS attack that they just took the story and ran with it. But what really caused disrupted service across New Zealand’s major ISPs?
Mark Hatton's picture
Without the ability to prioritize in certain situations, you may end up waiting weeks to apply the most important patch. Think of your corporate network like your home. There are probably lots of items on your honey do list, but they can’t all be completed today.
Marc Solomon's picture
Today’s email-based attacks don’t occur at a single point in time and use multiple methods to evade detection. To bolster protection, organizations may turn to a set of disparate products that don’t – and can’t – work together.
Scott Simkin's picture
As more organizations build applications other than Web and corporate email into the course of their business, adversaries are taking note and adjusting their tactics.
Torsten George's picture
It appears that 2014 will be remembered in the IT industry for several severe and wide-reaching server-side vulnerabilities. So what lessons can we learn from these vulnerabilities?
Marc Solomon's picture
Recent high-profile security breaches at major retailers stem from the fact that in-store networks and their components are evolving and spawning a range of attack vectors.
Torsten George's picture
To limit the risk of having drive-by malware attacks planted on their websites, organizations should monitor the payload of their different Internet properties, which for larger organizations can easily become a huge undertaking.
Fahmida Y. Rashid's picture
Opinions vary wildly among experts as to the potential impact of the Shellshock vulnerability. What is known—and agreed upon—at this point, is that Shellshock is a very serious vulnerability because it allows remote code execution and gives the attacker full access to the system.