Security Experts:

Virus & Threats
long dotted


Experts comment on recently proposed software-based mitigations for the DRAM attack dubbed Rowhammer [Read More]
Updates released for Firefox and the Tor Browser patch the zero-day vulnerability exploited, possibly by law enforcement, to unmask Tor users [Read More]
PluginPhantom is a new Android Trojan that abuses the DroidPlugin plugin framework to evade static detection. [Read More]
Firefox zero-day vulnerability actively exploited in attacks aimed at Tor users. Mozilla is working on a patch [Read More]
During the more frequent feature updates in Windows 10, pressing SHIFT+F10 gives the user admin privileges while BitLocker is disabled. [Read More]
Cisco has decided to give vendors 90 days to patch the vulnerabilities discovered by its Talos researchers before disclosing their details [Read More]
German ISP Deutsche Telekom confirms that nearly 1 million customers suffered disruptions due to malware attacks on routers [Read More]
Mirai-based malware uses a recently disclosed attack vector to hijack Internet gateway devices [Read More]
While packed with a load of new security features, Window 10 doesn’t offer some of the additional protections that Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) brings, CERT vulnerability analyst Will Dormann warns. [Read More]
Researcher discovers several enumeration vulnerabilities in Uber’s recently launched UberCENTRAL service [Read More]

FEATURES, INSIGHTS // Virus & Threats

rss icon

Scott Simkin's picture
While exploit kits are certainly contributing to the steady rise in the number of cyberattacks, in the end, the methods they use to infect endpoints and networks can be stopped provided the proper steps are taken.
David Holmes's picture
SWEET32 is probably not something that an enterprise administrator needs to lose sleep over. Very likely, we will never see a SWEET32 attack in the wild, just as we never have for POODLE or BEAST.
Jim Ivers's picture
When will automakers speak up about the measures they have taken to test the software embedded in their vehicles?
Dan Cornell's picture
Security teams and DevOps teams aren’t always on the same page and the lack of communication often results in misaligned priorities that significantly inhibit productivity.
Erin O’Malley's picture
Conventional email security solutions may defend against spam, viruses, and malware, but they don’t defend against ignorance or egregious stupidity.
Jim Ivers's picture
Organizations should understand the risks and returns of open source and either start putting policies in place or getting serious about enforcing existing policies.
Torsten George's picture
Relying solely on existing intelligence provided by vulnerability scanners should only be a first step in a cyber risk management process.
Wade Williamson's picture
It turned out to be a tricky month for security admins to take that long-awaited summer vacation because July was one of the busiest months in recent memory in terms of vulnerabilities.
Jim Ivers's picture
If a car’s systems can be hacked to disable critical systems, then attacks can also be used to extract information. Similar to IoT, if data is being collected, data can be exfiltrated.
Torsten George's picture
Vulnerability assessments are often confused with penetration tests. In fact, the two terms are often used interchangeably, but they are worlds apart.