Security Experts:

Virus & Threats
long dotted

NEWS & INDUSTRY UPDATES

A new Linux Trojan developed in Go has been used by cybercriminals for cryptocurrency mining [Read More]
QuadRooter is a set of four vulnerabilities that gives attackers complete control of Android devices. [Read More]
Network video recorders from Netgear and NUUO are plagued by several unpatched vulnerabilities [Read More]
To date, SAP has issued over 3,660 Security Notes and Support Package Implementation Notes to address thousands of vulnerabilities in its business critical applications, a new report from ERPScan reveals. [Read More]
VMware patches two vulnerabilities, including a DLL hijacking issue that could have been exploited to execute arbitrary code [Read More]
Adobe’s Flash Player might be the most targeted product when criminal exploit kits are involved, Microsoft Office, Windows and Internet Explorer take center stage when Russian advanced persistent threat (APT) groups are involved. [Read More]
Microsoft offers up to $15,000 to researchers who find remote code execution flaws in Edge running on Windows Insider Preview builds [Read More]
Apple launches private bug bounty program with rewards of up to $200,000 for serious vulnerabilities [Read More]
Panasonic Avionics launches private bug bounty program to ensure the security of its in-flight entertainment systems [Read More]
Just two weeks after Chrome 52 was released in the stable channel, Google has issued an update to resolve 10 security vulnerabilities. [Read More]

FEATURES, INSIGHTS // Virus & Threats

rss icon

Jim Ivers's picture
Developers are not trained in security and security is not yet an adequately integrated component of the development process. We are not applying good, or even minimal, security practices.
Emily Ratliff's picture
Writing yet another “security” paper isn’t going to do the trick. Security practitioners need to do a better job of getting our messages integrated into core developer documentation.
Simon Crosby's picture
Next-gen Anti-Virus can’t help any more than traditional AV, but the principle of least privilege, enforced through virtualization based security, can stop the breach before it starts.
Jim Ivers's picture
The Internet of Things (IoT) will result in billions of connected devices coming on line in the next ten years, and the associated software will be built by industries that traditionally have not emphasized software security.
Emily Ratliff's picture
When you run an application, how can you verify that what you are running was actually built from the code that a trusted developer wrote?
David Holmes's picture
A determined attacker could almost certainly find another, easier (non-SSL) vulnerability much faster and cheaper than by using DROWN.
Jim Ivers's picture
Aside from tools, there are many types of application security testing that can be used to find vulnerabilities in software. An organization must consider multiple software security testing methods to really manage its risk.
Torsten George's picture
The benefits of automatic patching far exceed the risks, but with differing risk perceptions and tolerance levels, the decision must be made by each organization.
Jim Ivers's picture
What is missing from the conversation is how large a role software plays in the IoT equation. Plugging something into the Internet does not make it work -- it just makes it vulnerable.
Mike Lennon's picture
For the past several years, enterprise security leaders have been challenged with the task of locking down endpoints with traditional security solutions that are proving to be ineffective against todays threats.