Security updates released by Apple last week address a series of vulnerabilities, including the recently uncovered SSL 3.0 flaw (CVE-2014-3566) that can be leveraged to obtain potentially sensitive information from encrypted communications.
Akamai's Prolexic Security Engineering & Response Team found 4.1 million Internet-facing Universal Plug and Play devices are potentially vulnerable to being employed in this type of reflection DDoS attack.
Attackers exploited a zero-day vulnerability in Windows to spy on NATO, the European Union, the Ukraine, and private energy and telecommunications companies, according to cyber-intelligence firm iSight Partners.
To limit the risk of having drive-by malware attacks planted on their websites, organizations should monitor the payload of their different Internet properties, which for larger organizations can easily become a huge undertaking.
Opinions vary wildly among experts as to the potential impact of the Shellshock vulnerability. What is known—and agreed upon—at this point, is that Shellshock is a very serious vulnerability because it allows remote code execution and gives the attacker full access to the system.
You need to identify your security shortcomings before someone else does. Simulate attacks and tests to associate known vulnerabilities, previous attack patterns, and security/network data to identify potential attack paths to your company’s most important data.
John Hultquist, Manager of Cyber Espionage Threat Intelligence at ISIGHT Partners, joins the podcast to talk about "NEWSCASTER," a cyber espionage operation that uses fictitious social media accounts to launch attacks.
The protection of connected ( Internet of Things) devices is likely better performed at a network level rather than an endpoint level due to the variety of devices that may exist and the limited endpoint security functions that can be supported.