Security Experts:

Virus & Threats
long dotted

NEWS & INDUSTRY UPDATES

USCYBERCOM is advising BIG-IP users to patch CVE-2020-5902, a vulnerability that allows an attacker to take complete control of a system and which has already been exploited in attacks. [Read More]
Recent fires and explosions at Iranian facilities, including the Natanz nuclear site targeted by the notorious Stuxnet malware, may have been caused deliberately as part of an operation that involved cyberattacks. [Read More]
Remote code execution and information disclosure vulnerabilities addressed in Apache Guacamole can be highly useful to threat actors targeting enterprises. [Read More]
ICS-targeting Snake/EKANS ransomware manipulates the firewall to isolate infected systems before initiating the file encryption process. [Read More]
In an alert published this week, CISA and the FBI warned enterprises about the use of Tor in cyberattacks. [Read More]
Cisco Talos has disclosed the details of a remote code execution vulnerability in Chrome and an information disclosure flaw affecting Firefox. [Read More]
Morocco's prime minister has demanded Amnesty International provide evidence to support its allegations that Rabat used spyware to bug a journalist's phone. [Read More]
The Valak information stealer is being distributed in ongoing campaigns aimed at enterprises in North America, South America, Europe and likely other regions. [Read More]
The threat actor behind the Sodinokibi (REvil) ransomware is demanding a $14 million ransom from Brazilian-based electrical energy company Light S.A. [Read More]
Critical and high-severity vulnerabilities discovered by researchers in F5’s BIG-IP application delivery controller allow a remote attacker to take complete control of a targeted system. [Read More]

FEATURES, INSIGHTS // Virus & Threats

rss icon

Alastair Paterson's picture
Organizations may not be able to mitigate BEC scams entirely; however, tightening up processes will ensure data exposure is kept to a minimum.
Ashley Arbuckle's picture
By learning from the past there are many steps we can take to strength our approach to security as attackers continue to turn to email to help accomplish their mission.
Siggi Stefnisson's picture
“Evasive phishing" is not a term much heard, but we all will—and need to—start talking a lot more about it than we have in the past.
Alastair Paterson's picture
BEC is becoming increasingly profitable for threat actors as organizations are making it easy for adversaries to gain access to the valuable information that sits within these inboxes.
Siggi Stefnisson's picture
We should be thinking about how users work, what they do and how it affects the security posture of the business, but does security really start with them?
Torsten George's picture
By implementing these measures organizations can limit their exposure to remote access-based cyber threats, while supporting agile business models such as remote work and outsourced IT.
Marc Solomon's picture
Recalculating and reevaluating priorities based on a continuous flow of new data, learnings and your risk profile, helps to ensure you’re staying focused on what matters in a highly dynamic environment.
Josh Lefkowitz's picture
Proper evaluation of business risk requires insight into the likelihood that a vulnerability will be exploited, and if exploited, how that vulnerability could impact the company on a macro level.
Siggi Stefnisson's picture
Ninety percent of breaches may begin with an email, but today most of the action happens well after an inbound email has been scanned and delivered.
Torsten George's picture
Application Programming Interfaces (APIs) provide hackers with multiple venues to access an organization’s data and can even be used to cause massive business disruptions.