Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Cisco patches a critical vulnerability in an SD-WAN software product but warned that a different high-risk bug in end-of-life small business routers will remain unpatched. [Read More]
NEWS ANALYSIS: Google’s decision to promote Rust for low-level Android programming is another sign that the shelf-life for memory corruption mitigations are no match for the speed of in-the-wild exploit development. [Read More]
Proofpoint warns that attackers are leveraging compromised supplier accounts and supplier impersonation to send malware, steal credentials and perpetrate invoicing fraud. [Read More]
A joint report from SAP and Onapsis warns that advanced threat actors are targeting new vulnerabilities in SAP applications within days after the availability of security patches. [Read More]
Researchers report that a subgroup of the Molerats APT is employing voice changing software in attacks targeting regional adversaries and political opponents. [Read More]
In a new pilot program, the U.S. DoD invites the HackerOne community to remotely test the participating DoD contractors’ assets and report on any identified vulnerabilities. [Read More]
Kaspersky researchers warn that China-linked APT group Cycldek using custom malware in a series of recent attacks targeting government and military entities in Vietnam. [Read More]
The U.S. government's Cybersecurity and Infrastructure Security Agency (CISA) warns that APT actors are exploiting Fortinet FortiOS vulnerabilities in attacks targeting commercial, government, and technology services networks. [Read More]
VMWare fixes a serious URL-handling vulnerability in the Carbon Black administrative interface and warns of authentication bypass and potential code execution risks. [Read More]
A third-party audit financed by the New York Times discovers a high-risk vulnerability but overall gives Securedrop Workstation a positive security bill of health. [Read More]

FEATURES, INSIGHTS // Endpoint Security

rss icon

Torsten George's picture
Understanding not just the tail end of the cyber-attack kill chain, but also focusing on initial attack vectors like endpoints provides a roadmap for aligning preventive measures with today’s threats.
Tim Bandos's picture
While working from home or even while at work for that matter, follow these steps to avoid behaviors that may let the bad guy in.
David Holmes's picture
Architects and IT security teams are looking for technology evolutions to help them manage real problems in endpoint storage and messaging.
Devon Kerr's picture
Devon Kerr explains what happened when a municipality inadvertently deployed a brand-new endpoint protection technology across a small part of their production network.
Torsten George's picture
By implementing these measures organizations can limit their exposure to remote access-based cyber threats, while supporting agile business models such as remote work and outsourced IT.
Siggi Stefnisson's picture
Ninety percent of breaches may begin with an email, but today most of the action happens well after an inbound email has been scanned and delivered.
John Maddison's picture
It is essential to understand exactly what is meant by machine learning so you can quickly differentiate between those solutions that actually provide the technology you need to stay ahead in the cyber war arms race, and those capitalizing on market hype.
Jack Danahy's picture
With all of our collective focus on machine learning, we simply can’t overlook human learning’s critical role in guarding against attack and protecting the organization.
Markus Jakobsson's picture
If a particular product blocks 99% of all threats, that probably means that product fails to detect the most dangerous threat: targeted attacks.
Jack Danahy's picture
Jack Danahy, co-founder and CTO of Barkly, attempts to clarify what is and what is not machine learning in endpoint security