Security Experts:

Virus & Threats
long dotted

NEWS & INDUSTRY UPDATES

An easy-to-exploit vulnerability in the PwnedList service could have been used to access millions of credentials [Read More]
CERT details the Accellion File Transfer Appliance vulnerabilities uncovered by a researcher while trying to hack a Facebook server [Read More]
Vulnerability in PL/SQL Developer allows MitM attackers to deliver malware and execute arbitrary commands [Read More]
Microsoft offering up to $15,000 for serious vulnerabilities in the Nano Server installation option of Windows Server 2016 [Read More]
Google on Thursday released an updated version of Chrome 50 for Windows, Mac, and Linux, to resolve 9 security vulnerabilities in the popular web browser. [Read More]
OpenSSL will patch high severity vulnerabilities with the release of versions 1.0.2h and 1.0.1t on May 3 [Read More]
Software developed by a French advertising company creates backdoors on 12 million computers [Read More]
Mozilla patches 14 vulnerabilities, including critical and high severity issues, with the release of Firefox 46 [Read More]
Kaspersky says malicious actors are increasingly abusing open source security tools such as the Browser Exploitation Framework (BeEF) [Read More]
A cyber espionage group dubbed Platinum has been abusing a Windows patching system in attacks aimed at Asian entities [Read More]

FEATURES, INSIGHTS // Virus & Threats

rss icon

Jim Ivers's picture
Developers are not trained in security and security is not yet an adequately integrated component of the development process. We are not applying good, or even minimal, security practices.
Emily Ratliff's picture
Writing yet another “security” paper isn’t going to do the trick. Security practitioners need to do a better job of getting our messages integrated into core developer documentation.
Simon Crosby's picture
Next-gen Anti-Virus can’t help any more than traditional AV, but the principle of least privilege, enforced through virtualization based security, can stop the breach before it starts.
Jim Ivers's picture
The Internet of Things (IoT) will result in billions of connected devices coming on line in the next ten years, and the associated software will be built by industries that traditionally have not emphasized software security.
Emily Ratliff's picture
When you run an application, how can you verify that what you are running was actually built from the code that a trusted developer wrote?
David Holmes's picture
A determined attacker could almost certainly find another, easier (non-SSL) vulnerability much faster and cheaper than by using DROWN.
Jim Ivers's picture
Aside from tools, there are many types of application security testing that can be used to find vulnerabilities in software. An organization must consider multiple software security testing methods to really manage its risk.
Torsten George's picture
The benefits of automatic patching far exceed the risks, but with differing risk perceptions and tolerance levels, the decision must be made by each organization.
Jim Ivers's picture
What is missing from the conversation is how large a role software plays in the IoT equation. Plugging something into the Internet does not make it work -- it just makes it vulnerable.
Mike Lennon's picture
For the past several years, enterprise security leaders have been challenged with the task of locking down endpoints with traditional security solutions that are proving to be ineffective against todays threats.