Security Experts:

Virus & Threats
long dotted

NEWS & INDUSTRY UPDATES

Researchers discover what they believe to be the first insider threat Trojan - a piece of malware that helps attackers recruit insiders [Read More]
Neutrino EK creators add Internet Explorer exploit after researchers publish a PoC [Read More]
Vulnerabilities affecting the Windows Print Spooler Components allow an attacker to compromise systems via the printer itself. [Read More]
Drupal released security updates for three modules to patch Highly Critical and Critical remote code execution (RCE) vulnerabilities in them. [Read More]
Carmaker Fiat Chrysler launches bug bounty program with rewards of up to $1,500 per bug [Read More]
Attackers can broadcast hidden voice commands from a loudspeaker at an event or to embed them in a trending YouTube video to compromise mobile devices. [Read More]
SAP released a set of monthly security updates for July 2016, which included 10 security notes, one of which was rated Hot News. [Read More]
As part of its monthly security update for July 2016, Microsoft released 11 security bulletins to resolve multiple vulnerabilities in Internet Explorer, Edge, Office, JScript and VBScript, and .NET Framework. [Read More]
Adobe today released security updates for Flash Player, Acrobat, Reader, and XMP Toolkit for Java, to address multiple Critical vulnerabilities affecting Windows, Mac OS X, ChromeOS, and Linux users. [Read More]
Persistent cross-site scripting (XSS) vulnerabilities were patched in three popular WordPress plugins, including Activity Log, All in One SEO Pack, and WP Live Chat Support. [Read More]

FEATURES, INSIGHTS // Virus & Threats

rss icon

Simon Crosby's picture
Next-gen Anti-Virus can’t help any more than traditional AV, but the principle of least privilege, enforced through virtualization based security, can stop the breach before it starts.
Jim Ivers's picture
The Internet of Things (IoT) will result in billions of connected devices coming on line in the next ten years, and the associated software will be built by industries that traditionally have not emphasized software security.
Emily Ratliff's picture
When you run an application, how can you verify that what you are running was actually built from the code that a trusted developer wrote?
David Holmes's picture
A determined attacker could almost certainly find another, easier (non-SSL) vulnerability much faster and cheaper than by using DROWN.
Jim Ivers's picture
Aside from tools, there are many types of application security testing that can be used to find vulnerabilities in software. An organization must consider multiple software security testing methods to really manage its risk.
Torsten George's picture
The benefits of automatic patching far exceed the risks, but with differing risk perceptions and tolerance levels, the decision must be made by each organization.
Jim Ivers's picture
What is missing from the conversation is how large a role software plays in the IoT equation. Plugging something into the Internet does not make it work -- it just makes it vulnerable.
Mike Lennon's picture
For the past several years, enterprise security leaders have been challenged with the task of locking down endpoints with traditional security solutions that are proving to be ineffective against todays threats.
Simon Crosby's picture
Attackers return again and again to vulnerable components like Flash because they can keep tapping into perennial vulnerabilities.
Jim Ivers's picture
Experienced organizations learn that security is not a drag on performance, but can provide productivity gains by eliminating security vulnerabilities early in the development process.