Security Experts:

Virus & Threats
long dotted

NEWS & INDUSTRY UPDATES

Researchers at Kaspersky Lab believe there is a connection between the Regin malware platform and a malware platform exposed in documents leaked by Edward Snowden.
Both the size and frequency of distributed denial of service attacks jumped during the past year, according to Arbor Networks.
Researchers from Core Security have identified a vulnerability that can be remotely exploited for denial-of-service (DoS) attacks against certain Android devices.
The official NFL Mobile application exposes users' personal details, Wandera researchers warn just a few days before Super Bowl.
Google says it's no longer practical to fix vulnerabilities in older version of Android WebView and some experts believe it's a wise decision.
NSA offered organizations a set of best practices for defending against malware attacks.
The vulnerabilities disclosed last week by Google and the Thunderstrike flaw detailed in December by a researcher have been reportedly fixed by Apple in OS X Yosemite 10.10.2 beta.
Up until last week, it was easy for a malicious hacker to gain access to the reservations and personal details of Marriott customers by leveraging a vulnerability in the hotel chain’s official mobile application.
Several security vulnerabilities affecting PHP were addressed last week with the release of versions 5.6.5, 5.5.21 and 5.4.37.
Adobe updated Flash Player over the weekend to fix the second zero-day vulnerability (CVE-2015-0311) reported last week. The patch was released ahead of schedule.

FEATURES, INSIGHTS // Virus & Threats

rss icon

Torsten George's picture
When an organization is solely focused on strengthening its compliance posture to pass an audit, they primarily look at control failures and gaps and try to mitigate them.
Mark Hatton's picture
You need to identify your security shortcomings before someone else does. Simulate attacks and tests to associate known vulnerabilities, previous attack patterns, and security/network data to identify potential attack paths to your company’s most important data.
Scott Simkin's picture
While SSL decryption is necessary for maintaining network security, security admins need to establish strict rules about how they handle decrypted data.
Ryan Naraine's picture
John Hultquist, Manager of Cyber Espionage Threat Intelligence at ISIGHT Partners, joins the podcast to talk about "NEWSCASTER," a cyber espionage operation that uses fictitious social media accounts to launch attacks.
Danelle Au's picture
The protection of connected ( Internet of Things) devices is likely better performed at a network level rather than an endpoint level due to the variety of devices that may exist and the limited endpoint security functions that can be supported.
Mark Hatton's picture
The fact that you aren’t seeing or hearing about potential threats to the organization, or alarms aren’t being raised by the security team, shouldn’t make you feel better as an executive.
Torsten George's picture
A threat is the agent that takes advantage of a vulnerability. This relationship must be a key factor in the risk assessment process and can no longer be treated as risk’s neglected step child.
Marc Solomon's picture
Many continue to click on links or attachments sent via email without taking any steps to verify the origin of the email or the validity of the link or attachment. It only takes one click to for an attacker to establish a foothold in the target’s systems.
Mark Hatton's picture
Here are five things I recommend security pros keep in mind when navigating the line between tight security and keeping the organization running at peak proficiency.
Chris Hinkley's picture
Whether you’re buying a smart refrigerator for your home or a printer for your company, your first step is deciding the risk involved and how to deploy the device in a secure manner while preserving the functionality you require.