Security Experts:

Virus & Threats
long dotted

NEWS & INDUSTRY UPDATES

Unpatched versions of Orbit Open Ad Server are vulnerable to a potentially significant SQL injection vulnerability
Intel's McAfee security division says it is focused on securing the Internet of Things as the number of devices continues to grow.
Canada's tax agency shuttered its website Wednesday after warning that encrypted taxpayer data could be vulnerable to the "Heartbleed" bug.
BlackBerry issued a patch to addresses a remote code execution vulnerability (CVE-2014-1468) that affects BlackBerry 10 smartphones and could enable an attacker to take control of the device with root/superuser rights.
AT&T is offering a new cloud-based security solution designed to protect customers against malware and malicious websites while offering security policy control across enterprise, web, social and mobile networks.
All totaled, Microsoft issued four security bulletins this month covering issues in Office, IE and Windows.
A patch for the bug is available, but if left open attackers could get their hands on secret keys and other data. CVE-2014-0160
Security experts believe criminals are hoarding XP vulnerabilities with plans to launch campaigns exploiting them at a later date, since those zero days will become "forever days."
Intego, a provider of security products designed exclusively for Mac OS, introduced its latest product line, including VirusBarrier X8 and NetBarrier X8.
Microsoft will issue four security bulletins as Windows XP comes to its end-of-life.

FEATURES, INSIGHTS // Virus & Threats

rss icon

Mark Hatton's picture
The best way to anticipate a move by an adversary is to put yourself in their position and ask, what would I do in the same situation? Studying the ways in which you would attack a given situation provides a strategic advantage when planning your defense.
Ryan Naraine's picture
In this podcast, Richard Boscovich, assistant general counsel in the Microsoft Digital Crimes Unit, talks about the new Microsoft Cybercrime Center and the ongoing battle to stop the proliferation of botnets around the world.
Michael Callahan's picture
There’s more than functionality and availability issues ailing Healthcare.gov. There’s significant potential for compromise.
Ryan Naraine's picture
Vinnie Liu from Bishop Fox joins Ryan Naraine on the podcast to warn businesses about the security risks associated with the new LinkedIn Intro application.
Oliver Rochford's picture
Choosing to do unauthenticated scanning is not an option – if you want to do vulnerability assessment properly and to the fullest maximum of its potential, you have no other choice.
Ryan Naraine's picture
Costin Raiu of Kaspersky Lab's global research and analysis team talks about the global implications of the Icefog APT campaign and discloses that a major command-and-control shutdown is currently underway.
Michael Callahan's picture
The problem with this Internet of Things is that the manufacturers of "smart" devices are not always as concerned about security as we end-users might want them to be.
Tal Be'ery's picture
Serialization-deserialization vulnerabilities can be extremely harmful, but seem to be less widely understood than the ones that involve direct user input. This column is dedicated to taking a deeper look at these vulnerabilities.
Nimmy Reichenberg's picture
By including security into the DevOps model, organizations can attain that improved agility and operational excellence while also improving the necessary checks and balances before changes are pushed into production.
Mark Hatton's picture
One of the biggest inhibitors to securing an organization’s most critical information is treating all data as if it had the same value. While it would be nice to be able to secure every bit of data or information on your network, that is a nearly impossible task.