Security Experts:

Virus & Threats
long dotted

NEWS & INDUSTRY UPDATES

Drupal is warning organizations to assume their Drupal 7 web sites were compromised unless updated or patched to version 7.32 before Oct 15th, 11pm UTC.
Microsoft will also disable SSL 3.0 support in Azure and Office 365 Dec. 1.
Cyber attacks might be taking a toll now, but just wait: a survey of experts says things are likely to get even worse in the US over the next decade.
ICS-CERT issued an advisory about an ongoing attack campaign targeting industrial control systems that is believed to have been active since at least 2011.
A researcher has identified a flaw that can be exploited to trick certain ASUS wireless routers into updating their firmware to old or potentially malicious versions.
A serious vulnerability has been discovered in a File Transfer Protocol (FTP) client used by many Unix-like (*NIX) operating systems, representatives of the NetBSD Project reported.
A reconnaissance framework documented by researchers earlier this year has been used by multiple threat groups in watering hole attacks targeting organizations in various sectors.
The phishing campaign was first spotted in mid-October, and leverages vulnerabilities in unpatched versions of Adobe Reader.
Network security firm Fortinet today announced that its sandboxing solution, FortiSandbox, is now available as a virtual appliance.
A researcher has identified an exit node on the Tor anonymity network which is set up to maliciously modify the files that go through it.

FEATURES, INSIGHTS // Virus & Threats

rss icon

Marc Solomon's picture
Recent high-profile security breaches at major retailers stem from the fact that in-store networks and their components are evolving and spawning a range of attack vectors.
Torsten George's picture
To limit the risk of having drive-by malware attacks planted on their websites, organizations should monitor the payload of their different Internet properties, which for larger organizations can easily become a huge undertaking.
Fahmida Y. Rashid's picture
Opinions vary wildly among experts as to the potential impact of the Shellshock vulnerability. What is known—and agreed upon—at this point, is that Shellshock is a very serious vulnerability because it allows remote code execution and gives the attacker full access to the system.
Jason Polancich's picture
Businesses have more data on hand than they think. They key is crafting a plan to track it and combine it with data from outside their own walls against which the internal data can be analyzed.
Marc Solomon's picture
Malvertising underscores the need for an approach to security that addresses the full attack continuum. With ongoing visibility and control, and intelligent and continuous updates, security professionals can take action to stop the inevitable outbreak.
Torsten George's picture
When an organization is solely focused on strengthening its compliance posture to pass an audit, they primarily look at control failures and gaps and try to mitigate them.
Mark Hatton's picture
You need to identify your security shortcomings before someone else does. Simulate attacks and tests to associate known vulnerabilities, previous attack patterns, and security/network data to identify potential attack paths to your company’s most important data.
Scott Simkin's picture
While SSL decryption is necessary for maintaining network security, security admins need to establish strict rules about how they handle decrypted data.
Ryan Naraine's picture
John Hultquist, Manager of Cyber Espionage Threat Intelligence at ISIGHT Partners, joins the podcast to talk about "NEWSCASTER," a cyber espionage operation that uses fictitious social media accounts to launch attacks.
Danelle Au's picture
The protection of connected ( Internet of Things) devices is likely better performed at a network level rather than an endpoint level due to the variety of devices that may exist and the limited endpoint security functions that can be supported.