Security Experts:

Virus & Threats
long dotted

NEWS & INDUSTRY UPDATES

A new report from IBM's X-Force team identifies the U.S. as the country hosting the largest percentage of malicious links.
Microsoft issues an out-of-band update (MS14-068) rated as critical that addresses a vulnerability in Microsoft Windows Kerberos KDC.
Two independent research groups have already managed to bypass the protection mechanisms provided by the latest version of Microsoft's Enhanced Mitigation Experience Toolkit (EMET).
A study of more than 600,000 online ads during a three-month period linked one percent to malicious activity.
Microsoft reported that some users who have applied patch (MS14-066) to address the Schannel Remote Code Execution Vulnerability (CVE-2014-632) 1are having issues, including a fatal alert related to the TLS protocol.
Researchers claim that a new attack method can be leveraged to silently modify the digital ballots used in the Internet voting process.
A new sophisticated piece of malware distributed by threat actors through a malicious exit node on the Tor anonymity network appears to be related to the notorious MiniDuke.
The PlugX (Korplug) remote access Trojan (RAT) has been used by a threat group to target users in Afghanistan, Russia, Tajikistan, Kazakhstan and Kyrgyzstan.
BrowserStack, the cross-browser testing service, has provided more details on the attack in which a hacker gained access to information belonging to some of the company's customers.
Researchers hacked several of the latest popular smartphones during the Mobile Pwn2Own competition that took place alongside the PacSec Applied Security Conference in Tokyo on November 12-13.

FEATURES, INSIGHTS // Virus & Threats

rss icon

Ryan Naraine's picture
John Hultquist, Manager of Cyber Espionage Threat Intelligence at ISIGHT Partners, joins the podcast to talk about "NEWSCASTER," a cyber espionage operation that uses fictitious social media accounts to launch attacks.
Danelle Au's picture
The protection of connected ( Internet of Things) devices is likely better performed at a network level rather than an endpoint level due to the variety of devices that may exist and the limited endpoint security functions that can be supported.
Mark Hatton's picture
The fact that you aren’t seeing or hearing about potential threats to the organization, or alarms aren’t being raised by the security team, shouldn’t make you feel better as an executive.
Torsten George's picture
A threat is the agent that takes advantage of a vulnerability. This relationship must be a key factor in the risk assessment process and can no longer be treated as risk’s neglected step child.
Marc Solomon's picture
Many continue to click on links or attachments sent via email without taking any steps to verify the origin of the email or the validity of the link or attachment. It only takes one click to for an attacker to establish a foothold in the target’s systems.
Mark Hatton's picture
Here are five things I recommend security pros keep in mind when navigating the line between tight security and keeping the organization running at peak proficiency.
Chris Hinkley's picture
Whether you’re buying a smart refrigerator for your home or a printer for your company, your first step is deciding the risk involved and how to deploy the device in a secure manner while preserving the functionality you require.
Mark Hatton's picture
Predictive security narrows the scope considerably and helps IT and security pros zero-in on the most likely vulnerabilities and areas most-at-risk due to the sensitive nature of the data they hold.
Chris Hinkley's picture
Vulnerabilities are a fact of life. Independent testing may be illegal without express permission, but that doesn’t stop code pillagers from sniffing out vulnerabilities and weaknesses in your web applications.
Jon-Louis Heimerl's picture
Social engineering attacks can happen at any time. Here are some strategies you can use to help reduce the chances of a successful social engineering/phishing attack you or your organization.
view counter