Security Experts:

Virus & Threats
long dotted

NEWS & INDUSTRY UPDATES

The Fire OS 4.6.1 update released by Amazon for Fire Phone patches at least three security holes.
The recently patched Flash Player flaw used by the Chinese threat group APT3 has now been integrated into the Magnitude exploit kit.
Cisco warned on Thursday that as a result of default encryption keys in three of its security products, customers are at risk of an unauthenticated remote attacker being able intercept traffic or gain access to vulnerable systems with root privileges.
Health organizations in North America are being hit hardest by the Stegoloader malware, according to Trend Micro.
According to the FBI, CryptoWall attacks cost victims in excess of $18 million between April 2014 and June 2015.
Trend Micro analyzed the recent Adobe Flash Player vulnerability and found the root cause between the zero-day and another flaw was very similar.
Bug bounty platform provider HackerOne announced on Wednesday that it has raised $25 million in a Series B financing round led by New Enterprise Associates (NEA).
France summoned the US ambassador on Wednesday and said it "will not tolerate any acts that threaten its security" after leaked documents indicated Washington spied on President Francois Hollande and his two predecessors.
Adobe patched a zero-day vulnerability in Flash Player that has come under attack in the wild.
A team of researchers has demonstrated a way to steal encryption keys from a PC using a device tiny enough to conceal inside a piece of pita bread.

FEATURES, INSIGHTS // Virus & Threats

rss icon

Jason Polancich's picture
Businesses have more data on hand than they think. They key is crafting a plan to track it and combine it with data from outside their own walls against which the internal data can be analyzed.
Marc Solomon's picture
Malvertising underscores the need for an approach to security that addresses the full attack continuum. With ongoing visibility and control, and intelligent and continuous updates, security professionals can take action to stop the inevitable outbreak.
Torsten George's picture
When an organization is solely focused on strengthening its compliance posture to pass an audit, they primarily look at control failures and gaps and try to mitigate them.
Mark Hatton's picture
You need to identify your security shortcomings before someone else does. Simulate attacks and tests to associate known vulnerabilities, previous attack patterns, and security/network data to identify potential attack paths to your company’s most important data.
Scott Simkin's picture
While SSL decryption is necessary for maintaining network security, security admins need to establish strict rules about how they handle decrypted data.
Ryan Naraine's picture
John Hultquist, Manager of Cyber Espionage Threat Intelligence at ISIGHT Partners, joins the podcast to talk about "NEWSCASTER," a cyber espionage operation that uses fictitious social media accounts to launch attacks.
Danelle Au's picture
The protection of connected ( Internet of Things) devices is likely better performed at a network level rather than an endpoint level due to the variety of devices that may exist and the limited endpoint security functions that can be supported.
Mark Hatton's picture
The fact that you aren’t seeing or hearing about potential threats to the organization, or alarms aren’t being raised by the security team, shouldn’t make you feel better as an executive.
Torsten George's picture
A threat is the agent that takes advantage of a vulnerability. This relationship must be a key factor in the risk assessment process and can no longer be treated as risk’s neglected step child.
Marc Solomon's picture
Many continue to click on links or attachments sent via email without taking any steps to verify the origin of the email or the validity of the link or attachment. It only takes one click to for an attacker to establish a foothold in the target’s systems.