Security Experts:

Virus & Threats
long dotted


A new survey from ForeScout Technologies underscores the challenges of and the attitudes about IT security in corporations around the world.
A vulnerability in WPtouch, a popular plugin that's used to create simple themes for the mobile visitors of WordPress websites, can be leveraged by an attacker to upload PHP files to impacted servers.
A vulnerability in Microsoft's Active Directory service can be exploited by an attacker to change a targeted user's password.
Google said it would create a new, “well-staffed” security team called Project Zero with the objective to significantly reduce the number of people harmed by targeted attacks.
Oracle said future security patches for Java 7 will work on Windows XP, but pointed out that it can no longer provide "complete guarantees" for the software because the operating systems is no longer supported by Microsoft.
According to the survey, 64 percent of the respondents said they anticipated one or more serious attacks in the coming year.
Oracle's update will include critical fixes for Java SE and Oracle Fusion Middleware.
The developers of the popular password manager LastPass informed users on Friday of security vulnerabilities reported to the company last year.
Researchers at Lacoon Mobile Security discuss an issue impacting the Gmail application for iOS they believe could help an attacker launching man-in-the-middle attacks.
Researchers at Kaspersky Lab have published a detailed analysis of a "versatile" Linux DDoS Trojan available online.

FEATURES, INSIGHTS // Virus & Threats

rss icon

Mark Hatton's picture
Predictive security narrows the scope considerably and helps IT and security pros zero-in on the most likely vulnerabilities and areas most-at-risk due to the sensitive nature of the data they hold.
Chris Hinkley's picture
Vulnerabilities are a fact of life. Independent testing may be illegal without express permission, but that doesn’t stop code pillagers from sniffing out vulnerabilities and weaknesses in your web applications.
Jon-Louis Heimerl's picture
Social engineering attacks can happen at any time. Here are some strategies you can use to help reduce the chances of a successful social engineering/phishing attack you or your organization.
Torsten George's picture
Without putting vulnerabilities into the context of the risk associated with them, organizations often misalign their remediation resources.
Mark Hatton's picture
Complacency is never a good thing, but in security it can have devastating effects. While it’s good to acknowledge progress, that should never stand in the way of staying ahead of the next potential threat.
Aviv Raff's picture
Just as offices need to detect break-ins to keep criminals from committing industrial espionage, enterprises need to put more focus on detecting APTs and other advanced threats to keep adversaries from their network.
Mark Hatton's picture
The best way to anticipate a move by an adversary is to put yourself in their position and ask, what would I do in the same situation? Studying the ways in which you would attack a given situation provides a strategic advantage when planning your defense.
Ryan Naraine's picture
In this podcast, Richard Boscovich, assistant general counsel in the Microsoft Digital Crimes Unit, talks about the new Microsoft Cybercrime Center and the ongoing battle to stop the proliferation of botnets around the world.
Michael Callahan's picture
There’s more than functionality and availability issues ailing There’s significant potential for compromise.
Ryan Naraine's picture
Vinnie Liu from Bishop Fox joins Ryan Naraine on the podcast to warn businesses about the security risks associated with the new LinkedIn Intro application.