Security Experts:

Virus & Threats
long dotted

NEWS & INDUSTRY UPDATES

Last week, the developers of Docker released new versions of the product to address several security issues, and they shared some information on the steps taken by the company to make the solution more secure.
A researcher has identified a stack buffer overflow vulnerability in Honeywell's OPOS (OLE for Retail Point-of-Sale) Suite, a solution that provides a standard programming interface for the integration of PoS hardware into retail PoS systems based on Microsoft Windows.
Researchers have uncovered a worm that's designed to plant backdoors on QNAP network-attached storage (NAS) devices. The malware is distributed through the exploitation of the GNU Bash vulnerability known as ShellShock.
The upgrade mechanism in older versions of Malwarebytes Anti-Malware and Malwarebytes Anti-Exploit is plagued by a vulnerability that can be exploited to load malicious code on affected systems.
Researchers at threat intelligence company Norse have identified a serious vulnerability in FreeBSD, the popular Unix-like operating system that's used on servers, desktop computers and embedded platforms.
ICS-CERT issued an updated warning about an ongoing attack campaign against critical infrastructure companies.
A security vulnerability identified on AliExpress, the wholesale marketplace owned by the Chinese e-commerce giant Alibaba, could have been exploited by hackers to hijack merchant accounts. A different flaw could have been leveraged to gain access to buyers' details.
Researchers at Bitdefender have conducted some experiments to find out just how difficult it is for a hacker to intercept the data sent between smartphones and smartwatches.
Microsoft now allows Internet Explorer 11 users to disable fallback to SSL 3.0 in an effort to protect them against attacks leveraging the recently disclosed vulnerability known as Padding Oracle On Downgraded Legacy Encryption (POODLE).
Cyber crime is a serious threat to safety in the skies, aviation industry heavyweights said Wednesday, vowing to fight the growing scourge before it causes a catastrophic incident.

FEATURES, INSIGHTS // Virus & Threats

rss icon

Scott Simkin's picture
While SSL decryption is necessary for maintaining network security, security admins need to establish strict rules about how they handle decrypted data.
Ryan Naraine's picture
John Hultquist, Manager of Cyber Espionage Threat Intelligence at ISIGHT Partners, joins the podcast to talk about "NEWSCASTER," a cyber espionage operation that uses fictitious social media accounts to launch attacks.
Danelle Au's picture
The protection of connected ( Internet of Things) devices is likely better performed at a network level rather than an endpoint level due to the variety of devices that may exist and the limited endpoint security functions that can be supported.
Mark Hatton's picture
The fact that you aren’t seeing or hearing about potential threats to the organization, or alarms aren’t being raised by the security team, shouldn’t make you feel better as an executive.
Torsten George's picture
A threat is the agent that takes advantage of a vulnerability. This relationship must be a key factor in the risk assessment process and can no longer be treated as risk’s neglected step child.
Marc Solomon's picture
Many continue to click on links or attachments sent via email without taking any steps to verify the origin of the email or the validity of the link or attachment. It only takes one click to for an attacker to establish a foothold in the target’s systems.
Mark Hatton's picture
Here are five things I recommend security pros keep in mind when navigating the line between tight security and keeping the organization running at peak proficiency.
Chris Hinkley's picture
Whether you’re buying a smart refrigerator for your home or a printer for your company, your first step is deciding the risk involved and how to deploy the device in a secure manner while preserving the functionality you require.
Mark Hatton's picture
Predictive security narrows the scope considerably and helps IT and security pros zero-in on the most likely vulnerabilities and areas most-at-risk due to the sensitive nature of the data they hold.
Chris Hinkley's picture
Vulnerabilities are a fact of life. Independent testing may be illegal without express permission, but that doesn’t stop code pillagers from sniffing out vulnerabilities and weaknesses in your web applications.