Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Security companies have started detecting attacks that leverage a critical remote code execution (RCE) vulnerability in Windows, which Microsoft patched last week.
A new report shows that the number of attacks 10 Gbps and above increased nearly 40 percent during the third quarter of the year.
Drupal 6.34 and Drupal 7.34 were released to address multiple moderately critical vulnerabilities affecting prior versions.
Researchers uncovered three vulnerabilities in digital video recorder devices that can be used to execute code without authentication.
The creators of the jQuery Validation Plugin have fixed a vulnerability in a demo component that was first reported to them more than three years ago.
Britain's privacy watchdog called on Russia to take down a site showing hacked live feeds from thousands of homes and businesses around the world and warned it was planning "regulatory action".
Apple's first update for the iOS 8.1 mobile operating system includes bug fixes, increased stability and performance improvements for older devices, and also addresses several security issues.
The vulnerabilities exist in Advantech EKI-6340 V2.05, Advantech Web Access 7.2 and Advantech AdamView V4.3, according to Core Security.
With the release of the stable version of Chrome 39, Google has made several changes to improve stability and performance, but it has also addressed numerous vulnerabilities.
A new report from IBM's X-Force team identifies the U.S. as the country hosting the largest percentage of malicious links.

FEATURES, INSIGHTS // Vulnerabilities

rss icon

Torsten George's picture
It appears that 2014 will be remembered in the IT industry for several severe and wide-reaching server-side vulnerabilities. So what lessons can we learn from these vulnerabilities?
Torsten George's picture
To limit the risk of having drive-by malware attacks planted on their websites, organizations should monitor the payload of their different Internet properties, which for larger organizations can easily become a huge undertaking.
Fahmida Y. Rashid's picture
Opinions vary wildly among experts as to the potential impact of the Shellshock vulnerability. What is known—and agreed upon—at this point, is that Shellshock is a very serious vulnerability because it allows remote code execution and gives the attacker full access to the system.
Jason Polancich's picture
Businesses have more data on hand than they think. They key is crafting a plan to track it and combine it with data from outside their own walls against which the internal data can be analyzed.
Torsten George's picture
When an organization is solely focused on strengthening its compliance posture to pass an audit, they primarily look at control failures and gaps and try to mitigate them.
Mark Hatton's picture
You need to identify your security shortcomings before someone else does. Simulate attacks and tests to associate known vulnerabilities, previous attack patterns, and security/network data to identify potential attack paths to your company’s most important data.
Scott Simkin's picture
While SSL decryption is necessary for maintaining network security, security admins need to establish strict rules about how they handle decrypted data.
Ryan Naraine's picture
John Hultquist, Manager of Cyber Espionage Threat Intelligence at ISIGHT Partners, joins the podcast to talk about "NEWSCASTER," a cyber espionage operation that uses fictitious social media accounts to launch attacks.
Danelle Au's picture
The protection of connected ( Internet of Things) devices is likely better performed at a network level rather than an endpoint level due to the variety of devices that may exist and the limited endpoint security functions that can be supported.
Mark Hatton's picture
The fact that you aren’t seeing or hearing about potential threats to the organization, or alarms aren’t being raised by the security team, shouldn’t make you feel better as an executive.
view counter