Security Experts:

Virus & Threats
long dotted

NEWS & INDUSTRY UPDATES

SAP issued five new Security Notes as part of its December 2019 Security Patch Day, to which it also added 2 updates for previously released Security Notes. [Read More]
A newly disclosed attack against Intel processors utilizes voltage modifications to expose data stored using Intel's Secure Guard Extensions (SGX). [Read More]
Security updates released by Apple this week address numerous vulnerabilities in macOS Catalina, iOS and iPadOS, Safari, and other software products. [Read More]
Google releases Chrome 79 with a total of 51 security fixes, including 37 reported by external researchers, two of which are considered critical. [Read More]
Adobe’s Patch Tuesday updates for December 2019 fix vulnerabilities in the company’s Acrobat and Reader, Brackets, Photoshop, and ColdFusion products. [Read More]
Microsoft’s December 2019 Patch Tuesday updates fix 36 vulnerabilities, including a Windows zero-day that has been exploited in Korea-linked attacks alongside a Chrome zero-day. [Read More]
Microsoft announces a new feature in Office 365 Advanced Threat Protection meant to provide more visibility into cyber-attacks targeting organizations via email. [Read More]
A security researcher has analyzed three hardware password vaults and discovered that credentials are stored in plaintext and survive hardware resets. [Read More]
VPN provider NordVPN launches bug bounty program covering its websites, browser extensions and applications. [Read More]
Google releases source code of PathAuditor, a tool designed to help developers identify vulnerabilities related to file access. [Read More]

FEATURES, INSIGHTS // Virus & Threats

rss icon

Gunter Ollmann's picture
With years of bug bounty programs now behind us, it is interesting to see how the information security sector transformed – or didn’t.
Marie Hattar's picture
There are good and bad ways to make vulnerabilities known. A premature “full disclosure” of a previously unknown issue can unleash the forces of evil, and the “black hats” often move faster than vendors or enterprise IT teams.
Gunter Ollmann's picture
Any bug hunter, security analyst, software vendor, or device manufacturer should not rely on CVSS as the pointy end of the stick for prioritizing remediation.
Gunter Ollmann's picture
In a world of over-hyped bugs, stunt hacking, and branded vulnerability disclosures, my advice to CISOs is to make security lemonade by finding practical next steps to take.
David Holmes's picture
Architects and IT security teams are looking for technology evolutions to help them manage real problems in endpoint storage and messaging.
Josh Lefkowitz's picture
Regardless of which framework you use, it’s crucial to operationalize it in the context of your organization’s unique environment and risk factors.
Devon Kerr's picture
Devon Kerr explains what happened when a municipality inadvertently deployed a brand-new endpoint protection technology across a small part of their production network.
Alastair Paterson's picture
Organizations may not be able to mitigate BEC scams entirely; however, tightening up processes will ensure data exposure is kept to a minimum.
Ashley Arbuckle's picture
By learning from the past there are many steps we can take to strength our approach to security as attackers continue to turn to email to help accomplish their mission.
Siggi Stefnisson's picture
“Evasive phishing" is not a term much heard, but we all will—and need to—start talking a lot more about it than we have in the past.