Security Experts:

Virus & Threats
long dotted

NEWS & INDUSTRY UPDATES

A vulnerability in fingerprint access controllers made by Chiyu Technology could allow hackers to make it easy to open doors.
Cisco has patched a serious DoS vulnerability in ASR routers. The flaw is related to fragmented IPv4, IPv6 packet processing.
Researchers have demonstrated that Rowhammer attacks can be launched remotely using JavaScript.
The poor signal-to-noise ratio of public bug bounty programs is making invite-only programs more attractive, says Bugcrowd.
Researchers discovered an Android vulnerability that can be exploited via specially crafted MKV files to crash phones.
Almost 2 years after the launch of its bug bounty program, Yahoo says it has paid out more than $1 million so far.
Commercial code is more compliant with OWASP Top 10 and CWE 25 standards compared to open source code.
Shellshock is still actively exploited in multiple campaigns by various threat actors, according to Solutionary’s latest threat report.
BIND has been updates to patch a critical DoS vulnerability that exposes almost all BIND servers.
The cyber espionage group behind the Anthem breach has targeted the energy, aerospace, healthcare and other industries since 2012, says Symantec.

FEATURES, INSIGHTS // Virus & Threats

rss icon

David Holmes's picture
As new SSL vulnerabilities surface, we can use our enterprise-specific categorization to decide if it’s going to be a Godzilla day or a Hello Kitty day.
Mark Hatton's picture
Unfortunately, when it comes to security, what you’ve accomplished means very little. It’s all about where the vulnerabilities still exist.
David Holmes's picture
Is it possible to apply this maxim to global SSL patch rates? Let’s take a look at the most recent SSL vulnerability: POODLE.
David Holmes's picture
The media was so taken with the idea that Kate Upton nude photos had caused a DDoS attack that they just took the story and ran with it. But what really caused disrupted service across New Zealand’s major ISPs?
Mark Hatton's picture
Without the ability to prioritize in certain situations, you may end up waiting weeks to apply the most important patch. Think of your corporate network like your home. There are probably lots of items on your honey do list, but they can’t all be completed today.
Marc Solomon's picture
Today’s email-based attacks don’t occur at a single point in time and use multiple methods to evade detection. To bolster protection, organizations may turn to a set of disparate products that don’t – and can’t – work together.
Scott Simkin's picture
As more organizations build applications other than Web and corporate email into the course of their business, adversaries are taking note and adjusting their tactics.
Torsten George's picture
It appears that 2014 will be remembered in the IT industry for several severe and wide-reaching server-side vulnerabilities. So what lessons can we learn from these vulnerabilities?
Marc Solomon's picture
Recent high-profile security breaches at major retailers stem from the fact that in-store networks and their components are evolving and spawning a range of attack vectors.
Torsten George's picture
To limit the risk of having drive-by malware attacks planted on their websites, organizations should monitor the payload of their different Internet properties, which for larger organizations can easily become a huge undertaking.