Security Experts:

Virus & Threats
long dotted

NEWS & INDUSTRY UPDATES

A critical vulnerability impacts Linux systems and can be used to remotely take control of a system, according to Qualys.
Researchers at Kaspersky Lab believe there is a connection between the Regin malware platform and a malware platform exposed in documents leaked by Edward Snowden.
Both the size and frequency of distributed denial of service attacks jumped during the past year, according to Arbor Networks.
Researchers from Core Security have identified a vulnerability that can be remotely exploited for denial-of-service (DoS) attacks against certain Android devices.
The official NFL Mobile application exposes users' personal details, Wandera researchers warn just a few days before Super Bowl.
Google says it's no longer practical to fix vulnerabilities in older version of Android WebView and some experts believe it's a wise decision.
NSA offered organizations a set of best practices for defending against malware attacks.
The vulnerabilities disclosed last week by Google and the Thunderstrike flaw detailed in December by a researcher have been reportedly fixed by Apple in OS X Yosemite 10.10.2 beta.
Up until last week, it was easy for a malicious hacker to gain access to the reservations and personal details of Marriott customers by leveraging a vulnerability in the hotel chain’s official mobile application.
Several security vulnerabilities affecting PHP were addressed last week with the release of versions 5.6.5, 5.5.21 and 5.4.37.

FEATURES, INSIGHTS // Virus & Threats

rss icon

David Holmes's picture
The media was so taken with the idea that Kate Upton nude photos had caused a DDoS attack that they just took the story and ran with it. But what really caused disrupted service across New Zealand’s major ISPs?
Mark Hatton's picture
Without the ability to prioritize in certain situations, you may end up waiting weeks to apply the most important patch. Think of your corporate network like your home. There are probably lots of items on your honey do list, but they can’t all be completed today.
Marc Solomon's picture
Today’s email-based attacks don’t occur at a single point in time and use multiple methods to evade detection. To bolster protection, organizations may turn to a set of disparate products that don’t – and can’t – work together.
Scott Simkin's picture
As more organizations build applications other than Web and corporate email into the course of their business, adversaries are taking note and adjusting their tactics.
Torsten George's picture
It appears that 2014 will be remembered in the IT industry for several severe and wide-reaching server-side vulnerabilities. So what lessons can we learn from these vulnerabilities?
Marc Solomon's picture
Recent high-profile security breaches at major retailers stem from the fact that in-store networks and their components are evolving and spawning a range of attack vectors.
Torsten George's picture
To limit the risk of having drive-by malware attacks planted on their websites, organizations should monitor the payload of their different Internet properties, which for larger organizations can easily become a huge undertaking.
Fahmida Y. Rashid's picture
Opinions vary wildly among experts as to the potential impact of the Shellshock vulnerability. What is known—and agreed upon—at this point, is that Shellshock is a very serious vulnerability because it allows remote code execution and gives the attacker full access to the system.
Jason Polancich's picture
Businesses have more data on hand than they think. They key is crafting a plan to track it and combine it with data from outside their own walls against which the internal data can be analyzed.
Marc Solomon's picture
Malvertising underscores the need for an approach to security that addresses the full attack continuum. With ongoing visibility and control, and intelligent and continuous updates, security professionals can take action to stop the inevitable outbreak.