Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
Google patches 8 vulnerabilities in Chrome 77, including 5 flaws that have earned researchers $45,000. [Read More]
The National Institute of Standards and Technology (NIST) and Microsoft announced a joint effort aimed at helping enterprises improve their patching strategies. [Read More]
Magecart hackers have been gathering sensitive information from thousands of online shops after compromising top ecommerce platform and service provider Volusion. [Read More]
HP releases update for Touchpoint Analytics service to patch a vulnerability that can be exploited for executing code with elevated privileges and other purposes. [Read More]
The BitPaymer ransomware operators were observed abusing a zero-day vulnerability in Apple’s iTunes for Windows to run code and evade detection. [Read More]
Cisco Talos researchers have discovered nearly a dozen vulnerabilities, including potentially serious flaws, in Schneider Electric Modicon programmable logic controllers. [Read More]
SAP this week released seven new Security Notes as part of the October 2019 Security Patch Day, with two of these notes rated Hot News. [Read More]
Global ransomware attacks are on the decline, but such malicious cyber strikes are getting bolder and homing in on more profitable companies, with data encryption a key target, says Europol. [Read More]
The Iranian state-sponsored threat actor known as Charming Kitten employed new spear-phishing methods in a recent campaign. [Read More]
A security audit funded by Mozilla has led to the discovery of a critical remote command execution vulnerability in the iTerm2 macOS terminal emulator. [Read More]
- 1 of 572
- ››
FEATURES, INSIGHTS // Virus & Threats
Any bug hunter, security analyst, software vendor, or device manufacturer should not rely on CVSS as the pointy end of the stick for prioritizing remediation.
In a world of over-hyped bugs, stunt hacking, and branded vulnerability disclosures, my advice to CISOs is to make security lemonade by finding practical next steps to take.
Architects and IT security teams are looking for technology evolutions to help them manage real problems in endpoint storage and messaging.
Regardless of which framework you use, it’s crucial to operationalize it in the context of your organization’s unique environment and risk factors.
Devon Kerr explains what happened when a municipality inadvertently deployed a brand-new endpoint protection technology across a small part of their production network.
Organizations may not be able to mitigate BEC scams entirely; however, tightening up processes will ensure data exposure is kept to a minimum.
By learning from the past there are many steps we can take to strength our approach to security as attackers continue to turn to email to help accomplish their mission.
“Evasive phishing" is not a term much heard, but we all will—and need to—start talking a lot more about it than we have in the past.
BEC is becoming increasingly profitable for threat actors as organizations are making it easy for adversaries to gain access to the valuable information that sits within these inboxes.
We should be thinking about how users work, what they do and how it affects the security posture of the business, but does security really start with them?
- 1 of 26
- ››
SecurityWeek Daily Briefing
- Click2Mail Informs Users of Data Breach
- Mozilla Hardens Firefox Against Injection Attacks
- California Attorney General Outlines How State Will Enforce Upcoming Privacy Law
- Critical Flaw in Sophos Cyberoam Appliances Allows Remote Code Execution
- Why All Security Disciplines Should Use the Intelligence Cycle
- Alleged Hacker Arraigned on $1.4 Million Cryptocurrency Fraud Charges
- Majority of Simjacker Attacks Aimed at Mobile Phones in Mexico
- Thoma Bravo to Acquire Sophos for $3.9 Billion
- Compromised AWS API Key Allowed Access to Imperva Customer Data
- Amazon Calls for Government Regulation of Facial Recognition Tech
Copyright © 2019 Wired Business Media. All Rights Reserved. Privacy Policy