Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Poor configurations can lead to credential exposure, according to Palo Alto Networks.
Apple has released a new version of its mobile operating system and, in addition to some interesting new features, the latest version includes fixes for several security issues.
The Chinese government has started launching cyberattacks against Apple customers just as the company announced the availability of the latest iPhone in the country, an anti-censorship organization reported on Monday.
Cisco has been analyzing its products to determine which of them are affected by the recently disclosed Secure Sockets Layer (SSL) version 3 protocol flaw dubbed Padding Oracle On Downgraded Legacy Encryption (POODLE).
In an effort to ensure that its advertising system is not plagued by any security bugs, Facebook has decided to double the amount of money it awards to researchers who identify vulnerabilities in the social media network's ads code.
PHP released versions 5.6.2, 5.5.18 and 5.4.34 of the scripting language. In addition to some functionality bugs, the latest releases address a series of security-related flaws.
Security updates released by Apple last week address a series of vulnerabilities, including the recently uncovered SSL 3.0 flaw (CVE-2014-3566) that can be leveraged to obtain potentially sensitive information from encrypted communications.
Trustwave researcher Ben Hayak presented an attack method, which he calls Same Origin Method Execution (SOME), at the Back Hat Europe security conference in Amsterdam, the Netherlands.
Akamai's Prolexic Security Engineering & Response Team found 4.1 million Internet-facing Universal Plug and Play devices are potentially vulnerable to being employed in this type of reflection DDoS attack.
The Drupal Security Team advises users to upgrade to version 7.32 as soon as possible.

FEATURES, INSIGHTS // Vulnerabilities

rss icon

Torsten George's picture
To limit the risk of having drive-by malware attacks planted on their websites, organizations should monitor the payload of their different Internet properties, which for larger organizations can easily become a huge undertaking.
Fahmida Y. Rashid's picture
Opinions vary wildly among experts as to the potential impact of the Shellshock vulnerability. What is known—and agreed upon—at this point, is that Shellshock is a very serious vulnerability because it allows remote code execution and gives the attacker full access to the system.
Jason Polancich's picture
Businesses have more data on hand than they think. They key is crafting a plan to track it and combine it with data from outside their own walls against which the internal data can be analyzed.
Torsten George's picture
When an organization is solely focused on strengthening its compliance posture to pass an audit, they primarily look at control failures and gaps and try to mitigate them.
Mark Hatton's picture
You need to identify your security shortcomings before someone else does. Simulate attacks and tests to associate known vulnerabilities, previous attack patterns, and security/network data to identify potential attack paths to your company’s most important data.
Scott Simkin's picture
While SSL decryption is necessary for maintaining network security, security admins need to establish strict rules about how they handle decrypted data.
Ryan Naraine's picture
John Hultquist, Manager of Cyber Espionage Threat Intelligence at ISIGHT Partners, joins the podcast to talk about "NEWSCASTER," a cyber espionage operation that uses fictitious social media accounts to launch attacks.
Danelle Au's picture
The protection of connected ( Internet of Things) devices is likely better performed at a network level rather than an endpoint level due to the variety of devices that may exist and the limited endpoint security functions that can be supported.
Mark Hatton's picture
The fact that you aren’t seeing or hearing about potential threats to the organization, or alarms aren’t being raised by the security team, shouldn’t make you feel better as an executive.
Torsten George's picture
A threat is the agent that takes advantage of a vulnerability. This relationship must be a key factor in the risk assessment process and can no longer be treated as risk’s neglected step child.