Security Experts:

Virus & Threats
long dotted


A recently patched Adobe Flash Player vulnerability is being abused in a new malvertising campaign that redirects users to the Angler exploit kit (EK), Malwarebytes researchers warn. [Read More]
Chrome 51.0.2704.63 patches 42 security vulnerabilities, including 23 flaws that have been disclosed by external researchers. [Read More]
China-linked APT actor Wekby has been using a piece of malware that leverages DNS requests for C&C communications [Read More]
An Office vulnerability patched by Microsoft last year (CVE-2015-2545) is actively exploited by APT actors and cybercriminals [Read More]
An official inquiry has found serious shortcomings in how US presidential candidate Hillary Clinton in her former post as secretary of state managed the security of their emails. [Read More]
Agari, a provider security solutions that help detect email-based cyberattacks, today announced that it has raised $22 million in a Series D funding round, bringing the total raised by the company to $44.7 million. [Read More]
Adobe has updated Connect for Windows to patch an untrusted search path vulnerability in the add-in installer [Read More]
A threat group believed to be operating from China has been targeting Indian embassies all over the world [Read More]
Recent attack on Swiss defense firm RUAG was carried out by the Russia-linked cyber espionage group Turla [Read More]
A Critical Elevation of Privilege (EoP) vulnerability in the Qualcomm Secure Execution Environment (QSEE) affects around 60 percent of all Android devices around the world, despite being already fixed, researchers warn. [Read More]

FEATURES, INSIGHTS // Virus & Threats

rss icon

Wade Williamson's picture
Behavioral detection models can focus in on what the attacker actually does, instead of relying on a set of signatures or known indicators of compromise that often lag behind attackers.
Emily Ratliff's picture
Wendy Nather coined the term “security poverty line” to describe how organizations operate when they have insufficient investment in IT security.
Jim Ivers's picture
Software that protects the crown jewels of the organization and reduces risk translates to “valuable.”
Jim Ivers's picture
Developers are not trained in security and security is not yet an adequately integrated component of the development process. We are not applying good, or even minimal, security practices.
Emily Ratliff's picture
Writing yet another “security” paper isn’t going to do the trick. Security practitioners need to do a better job of getting our messages integrated into core developer documentation.
Simon Crosby's picture
Next-gen Anti-Virus can’t help any more than traditional AV, but the principle of least privilege, enforced through virtualization based security, can stop the breach before it starts.
Jim Ivers's picture
The Internet of Things (IoT) will result in billions of connected devices coming on line in the next ten years, and the associated software will be built by industries that traditionally have not emphasized software security.
Emily Ratliff's picture
When you run an application, how can you verify that what you are running was actually built from the code that a trusted developer wrote?
David Holmes's picture
A determined attacker could almost certainly find another, easier (non-SSL) vulnerability much faster and cheaper than by using DROWN.
Jim Ivers's picture
Aside from tools, there are many types of application security testing that can be used to find vulnerabilities in software. An organization must consider multiple software security testing methods to really manage its risk.