Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

IOActive has expanded its Vehicle Security Service to help automakers and Original Equipment Manufacturers (OEMs) better protect against cyber threats.
Palo Alto Networks released details of a backdoor on Android-based devices manufactured by Coolpad.
Two products from Cisco are vulnerable to a new variant of the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack, the company said in a security advisory.
Several Linux distributions are affected by a couple of security holes found in "mailx," a utility that's used for sending and receiving mail.
CA Technologies, one of the world's largest independent software corporations, has released a hotfix to address several vulnerabilities affecting the company's CA Release Automation product.
Last week, the developers of Docker released new versions of the product to address several security issues, and they shared some information on the steps taken by the company to make the solution more secure.
A researcher has identified a stack buffer overflow vulnerability in Honeywell's OPOS (OLE for Retail Point-of-Sale) Suite, a solution that provides a standard programming interface for the integration of PoS hardware into retail PoS systems based on Microsoft Windows.
The upgrade mechanism in older versions of Malwarebytes Anti-Malware and Malwarebytes Anti-Exploit is plagued by a vulnerability that can be exploited to load malicious code on affected systems.
Researchers at threat intelligence company Norse have identified a serious vulnerability in FreeBSD, the popular Unix-like operating system that's used on servers, desktop computers and embedded platforms.
ICS-CERT issued an updated warning about an ongoing attack campaign against critical infrastructure companies.

FEATURES, INSIGHTS // Vulnerabilities

rss icon

Torsten George's picture
It appears that 2014 will be remembered in the IT industry for several severe and wide-reaching server-side vulnerabilities. So what lessons can we learn from these vulnerabilities?
Torsten George's picture
To limit the risk of having drive-by malware attacks planted on their websites, organizations should monitor the payload of their different Internet properties, which for larger organizations can easily become a huge undertaking.
Fahmida Y. Rashid's picture
Opinions vary wildly among experts as to the potential impact of the Shellshock vulnerability. What is known—and agreed upon—at this point, is that Shellshock is a very serious vulnerability because it allows remote code execution and gives the attacker full access to the system.
Jason Polancich's picture
Businesses have more data on hand than they think. They key is crafting a plan to track it and combine it with data from outside their own walls against which the internal data can be analyzed.
Torsten George's picture
When an organization is solely focused on strengthening its compliance posture to pass an audit, they primarily look at control failures and gaps and try to mitigate them.
Mark Hatton's picture
You need to identify your security shortcomings before someone else does. Simulate attacks and tests to associate known vulnerabilities, previous attack patterns, and security/network data to identify potential attack paths to your company’s most important data.
Scott Simkin's picture
While SSL decryption is necessary for maintaining network security, security admins need to establish strict rules about how they handle decrypted data.
Ryan Naraine's picture
John Hultquist, Manager of Cyber Espionage Threat Intelligence at ISIGHT Partners, joins the podcast to talk about "NEWSCASTER," a cyber espionage operation that uses fictitious social media accounts to launch attacks.
Danelle Au's picture
The protection of connected ( Internet of Things) devices is likely better performed at a network level rather than an endpoint level due to the variety of devices that may exist and the limited endpoint security functions that can be supported.
Mark Hatton's picture
The fact that you aren’t seeing or hearing about potential threats to the organization, or alarms aren’t being raised by the security team, shouldn’t make you feel better as an executive.