Security Experts:

Virus & Threats
long dotted


The FBI has launched Malware Investigator, an unclassified automated malware analysis tool designed to provide users with detailed technical information on malware.
In the four days since the vulnerability was disclosed, Incapsula's Web application firewall deflected more than 217,000 exploit attempts on over 4,100 domains. However, the company estimates that the total number of Shellshock attacks could be as high as 1 billion.
Apple on issued a software update to protect Mac OS X computers from the recently discovered "Bash" bug also known as Shellshock.
The amount of cryptomalware hitting users in Australia has increased dramatically since May, according to Symantec.
Several organizations that use the GNU Bourne Again Shell (Bash) in their products have been hard at work producing software updates to address the recently discovered vulnerability dubbed "Shellshock" or "Bash Bug."
Apple said Friday that its Macintosh PCs are unlikely to be affected by the recently discovered "Bash" bug that could hit millions of computers and other devices connected to the Internet.
Argus Cyber Security, a Tel Aviv, Israel-based startup focused on automotive cyber security, announced on Monday that it has raised $4 million in a Series A round of funding.
Industry reactions to the recently disclosed "Shellshock" vulnerability affecting the GNU Bourne Again Shell (Bash).
A new "browsersnapshot" feature added to the Dyre Malware enables attackers to collect cookies, client-side certificates and private keys from the infected computer's Windows Certificate Store.
Symantec has put together a video which demonstrates the threatening Shellshock vulnerability in action and answers many important questions.

FEATURES, INSIGHTS // Virus & Threats

rss icon

Fahmida Y. Rashid's picture
Opinions vary wildly among experts as to the potential impact of the Shellshock vulnerability. What is known—and agreed upon—at this point, is that Shellshock is a very serious vulnerability because it allows remote code execution and gives the attacker full access to the system.
Jason Polancich's picture
Businesses have more data on hand than they think. They key is crafting a plan to track it and combine it with data from outside their own walls against which the internal data can be analyzed.
Marc Solomon's picture
Malvertising underscores the need for an approach to security that addresses the full attack continuum. With ongoing visibility and control, and intelligent and continuous updates, security professionals can take action to stop the inevitable outbreak.
Torsten George's picture
When an organization is solely focused on strengthening its compliance posture to pass an audit, they primarily look at control failures and gaps and try to mitigate them.
Mark Hatton's picture
You need to identify your security shortcomings before someone else does. Simulate attacks and tests to associate known vulnerabilities, previous attack patterns, and security/network data to identify potential attack paths to your company’s most important data.
Scott Simkin's picture
While SSL decryption is necessary for maintaining network security, security admins need to establish strict rules about how they handle decrypted data.
Ryan Naraine's picture
John Hultquist, Manager of Cyber Espionage Threat Intelligence at ISIGHT Partners, joins the podcast to talk about "NEWSCASTER," a cyber espionage operation that uses fictitious social media accounts to launch attacks.
Danelle Au's picture
The protection of connected ( Internet of Things) devices is likely better performed at a network level rather than an endpoint level due to the variety of devices that may exist and the limited endpoint security functions that can be supported.
Mark Hatton's picture
The fact that you aren’t seeing or hearing about potential threats to the organization, or alarms aren’t being raised by the security team, shouldn’t make you feel better as an executive.
Torsten George's picture
A threat is the agent that takes advantage of a vulnerability. This relationship must be a key factor in the risk assessment process and can no longer be treated as risk’s neglected step child.