Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Palo Alto addresses vulnerabilities that could allow an attacker to execute arbitrary JavaScript code in the web console or to execute programs with SYSTEM privileges. [Read More]
The rise in the value of cryptocurrencies has inevitably drawn the eye of criminals, and researchers have detected numerous phishing campaigns against Coinbase users. [Read More]
Ransomware actors are "actively targeting" security defects in its Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x firmware. [Read More]
Kaspersky issues a report on an advanced threat actor that has hit approximately 1,500 entities in Myanmar and the Philippines, including government entities. [Read More]
The German software maker has released patches for a pair of high-severity Netweaver vulnerabilities. [Read More]
Microsoft’s embattled security response unit uses Patch Tuesday to respond to a new set of Windows zero-day attacks. [Read More]
Mozilla has released Firefox 90 with several security improvements, including better protections against cross-origin threats, as well as an advanced tracker blocking mechanism. [Read More]
Adobe urged Windows and macOS users to treat the PDF Reader patch with the utmost priority, because the flaws expose machines to remote code execution and privilege escalation attacks. [Read More]
The deal will give Redmond an automatic entry point into the lucrative attack surface management and third party risk-intelligence space. [Read More]
SolarWinds said a single threat actor exploited flaws in its Serv-U Managed File Transfer and Serv-U Secure FTP products to launch malware attacks against “a limited, targeted set of customers.” [Read More]

FEATURES, INSIGHTS // Phishing

rss icon

Josh Lefkowitz's picture
Even organizations with the most robust defense solutions and advanced automated technologies cannot effectively combat threats such as BEC without the adequate support and nuanced expertise of humans.
Siggi Stefnisson's picture
Even though I've been analyzing malware for the past 20 years, I do understand that internet security is not merely a technical problem, but also a business problem.
Markus Jakobsson's picture
DMARC is an email authentication standard designed to eliminate phishing and other types of attack that use spoofing to misrepresent an email sender identity.
Jack Danahy's picture
Is the appropriate response to blame the victim when increasingly sophisticated attacks and the rise in credential thefts are making any user’s goal of protecting themselves much more difficult?
Simon Crosby's picture
It’s hard keeping criminals from infiltrating networks, much less worrying that users will simply open the door to bad guys by letting their guard down.
Johnnie Konstantas's picture
While most of us aren’t asking for it, chances are high that we, too, have been—or will become—victims of a cyber attack.
Alastair Paterson's picture
While you may understand the risks that come from the use of social media, what options do you have to protect your organization against them?
Bill Sweeney's picture
As data moves online, social engineering techniques have become far more personalized, technologically advanced and ultimately successful.
James Foster's picture
Monitoring social media is a daunting task. Enterprises must have risk management plans in place to monitor, identify, combat and remediate social media-based threats.
Torsten George's picture
For all the benefits that social media networks provide, organizations must recognize that they present a double-edged sword when it comes to security.