Security Experts:

Virus & Threats
long dotted

NEWS & INDUSTRY UPDATES

Intel Security's McAfee Labs found that 18 of the 25 most downloaded apps tested last year by CERT remain vulnerable to man-in-the-middle attacks.
Google Safe Browsing expanded in Chrome, search, and ads to protect users against unwanted software.
PrivDog exposes users to HTTPS spoofing attacks because it fails to validate SSL certificates, researchers have warned.
Remote code execution vulnerability found in the Samba interoperability suite. The flaw has been addressed by Samba developers and Linux distribution vendors.
According to the latest edition of Hewlett-Packard's Cyber Risk Report, 44 percent of known breaches in 2014 came from vulnerabilities that were between two and four years old.
Cisco has released software updates to address a denial-of-service (DoS) vulnerability in IOS XR Software, a self-healing and fully distributed network operating system designed for service providers.
Researchers figured out a way to bypass encryption protections in the Telegram messaging app's Secure Chats feature.
IPS definition package update for Norton and Symantec products caused 32-bit version of Internet Explorer to crash. A new update has been released to address the issue.
Komodia libraries that break HTTPS browsing and put users at risk have been found in several applications.
Security experts react to the Superfish incident: impact on Lenovo's reputation, risks, and recommendations for consumers and manufacturers.

FEATURES, INSIGHTS // Virus & Threats

rss icon

Marc Solomon's picture
Malvertising underscores the need for an approach to security that addresses the full attack continuum. With ongoing visibility and control, and intelligent and continuous updates, security professionals can take action to stop the inevitable outbreak.
Torsten George's picture
When an organization is solely focused on strengthening its compliance posture to pass an audit, they primarily look at control failures and gaps and try to mitigate them.
Mark Hatton's picture
You need to identify your security shortcomings before someone else does. Simulate attacks and tests to associate known vulnerabilities, previous attack patterns, and security/network data to identify potential attack paths to your company’s most important data.
Scott Simkin's picture
While SSL decryption is necessary for maintaining network security, security admins need to establish strict rules about how they handle decrypted data.
Ryan Naraine's picture
John Hultquist, Manager of Cyber Espionage Threat Intelligence at ISIGHT Partners, joins the podcast to talk about "NEWSCASTER," a cyber espionage operation that uses fictitious social media accounts to launch attacks.
Danelle Au's picture
The protection of connected ( Internet of Things) devices is likely better performed at a network level rather than an endpoint level due to the variety of devices that may exist and the limited endpoint security functions that can be supported.
Mark Hatton's picture
The fact that you aren’t seeing or hearing about potential threats to the organization, or alarms aren’t being raised by the security team, shouldn’t make you feel better as an executive.
Torsten George's picture
A threat is the agent that takes advantage of a vulnerability. This relationship must be a key factor in the risk assessment process and can no longer be treated as risk’s neglected step child.
Marc Solomon's picture
Many continue to click on links or attachments sent via email without taking any steps to verify the origin of the email or the validity of the link or attachment. It only takes one click to for an attacker to establish a foothold in the target’s systems.
Mark Hatton's picture
Here are five things I recommend security pros keep in mind when navigating the line between tight security and keeping the organization running at peak proficiency.