Security Experts:

Virus & Threats
long dotted

NEWS & INDUSTRY UPDATES

SAP has patched serious vulnerabilities impacting users of their SAP BASIS and SAP BusinessObjects software.
A $20 USB microcontroller that an attacker can wear around his neck can be used to weaponize mouse clicks and keyboard actions in an effort to install backdoors, evade firewalls and modify DNS settings within seconds, a researcher has demonstrated.
The ProClima configuration utility developed by Schneider Electric is affected by several command injection vulnerabilities, the Industrial Control Systems Computer Emergency Response Team (ICS-CERT) reported on Tuesday.
Researchers at cloud security company Alert Logic have discovered a vulnerability in the Linux platform that can lead to privilege escalation. The flaw has been dubbed "Grinch"
Akamai Technologies issued a report about attackers using the Xsser Trojan to target Android and iOS devices.
IOActive has expanded its Vehicle Security Service to help automakers and Original Equipment Manufacturers (OEMs) better protect against cyber threats.
Palo Alto Networks released details of a backdoor on Android-based devices manufactured by Coolpad.
Two products from Cisco are vulnerable to a new variant of the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack, the company said in a security advisory.
Several Linux distributions are affected by a couple of security holes found in "mailx," a utility that's used for sending and receiving mail.
CA Technologies, one of the world's largest independent software corporations, has released a hotfix to address several vulnerabilities affecting the company's CA Release Automation product.

FEATURES, INSIGHTS // Virus & Threats

rss icon

Marc Solomon's picture
Today’s email-based attacks don’t occur at a single point in time and use multiple methods to evade detection. To bolster protection, organizations may turn to a set of disparate products that don’t – and can’t – work together.
Scott Simkin's picture
As more organizations build applications other than Web and corporate email into the course of their business, adversaries are taking note and adjusting their tactics.
Torsten George's picture
It appears that 2014 will be remembered in the IT industry for several severe and wide-reaching server-side vulnerabilities. So what lessons can we learn from these vulnerabilities?
Marc Solomon's picture
Recent high-profile security breaches at major retailers stem from the fact that in-store networks and their components are evolving and spawning a range of attack vectors.
Torsten George's picture
To limit the risk of having drive-by malware attacks planted on their websites, organizations should monitor the payload of their different Internet properties, which for larger organizations can easily become a huge undertaking.
Fahmida Y. Rashid's picture
Opinions vary wildly among experts as to the potential impact of the Shellshock vulnerability. What is known—and agreed upon—at this point, is that Shellshock is a very serious vulnerability because it allows remote code execution and gives the attacker full access to the system.
Jason Polancich's picture
Businesses have more data on hand than they think. They key is crafting a plan to track it and combine it with data from outside their own walls against which the internal data can be analyzed.
Marc Solomon's picture
Malvertising underscores the need for an approach to security that addresses the full attack continuum. With ongoing visibility and control, and intelligent and continuous updates, security professionals can take action to stop the inevitable outbreak.
Torsten George's picture
When an organization is solely focused on strengthening its compliance posture to pass an audit, they primarily look at control failures and gaps and try to mitigate them.
Mark Hatton's picture
You need to identify your security shortcomings before someone else does. Simulate attacks and tests to associate known vulnerabilities, previous attack patterns, and security/network data to identify potential attack paths to your company’s most important data.