Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
Pwn2Own 2021 has come to an end, with participants earning more than $1.2 million for exploits in the browsers, virtualization, server, enterprise communications and privilege escalation categories. [Read More]
Threat actors are abusing organizations’ reliance on communication services such as Discord and Slack to circumvent network protections and ensure effectiveness of attacks. [Read More]
Cisco patches a critical vulnerability in an SD-WAN software product but warned that a different high-risk bug in end-of-life small business routers will remain unpatched. [Read More]
NEWS ANALYSIS: Google’s decision to promote Rust for low-level Android programming is another sign that the shelf-life for memory corruption mitigations are no match for the speed of in-the-wild exploit development. [Read More]
A new study amplifies a major security concern for open source software supply chain -- managing the hodge-podge of libraries in commercial apps that contain vulnerabilities and are rarely updated. [Read More]
Cring ransomware operators exploit an old vulnerability in the FortiOS SSL VPN web portal to access enterprise networks, including the ones of industrial organisations. [Read More]
Two researchers earned $200,000 on the second day of Pwn2Own 2021 for a Zoom exploit allowing remote code execution without user interaction. [Read More]
An unauthenticated update process vulnerability could be abused for the download and execution of malware on servers. [Read More]
Proofpoint warns that attackers are leveraging compromised supplier accounts and supplier impersonation to send malware, steal credentials and perpetrate invoicing fraud. [Read More]
Researchers have discovered FlixOnline, new Android malware that uses Netflix as its lure and spreads malware via auto-replies to WhatsApp messages. [Read More]
FEATURES, INSIGHTS // Virus & Threats
Architects and IT security teams are looking for technology evolutions to help them manage real problems in endpoint storage and messaging.
Regardless of which framework you use, it’s crucial to operationalize it in the context of your organization’s unique environment and risk factors.
Devon Kerr explains what happened when a municipality inadvertently deployed a brand-new endpoint protection technology across a small part of their production network.
Organizations may not be able to mitigate BEC scams entirely; however, tightening up processes will ensure data exposure is kept to a minimum.
By learning from the past there are many steps we can take to strength our approach to security as attackers continue to turn to email to help accomplish their mission.
“Evasive phishing" is not a term much heard, but we all will—and need to—start talking a lot more about it than we have in the past.
BEC is becoming increasingly profitable for threat actors as organizations are making it easy for adversaries to gain access to the valuable information that sits within these inboxes.
We should be thinking about how users work, what they do and how it affects the security posture of the business, but does security really start with them?
By implementing these measures organizations can limit their exposure to remote access-based cyber threats, while supporting agile business models such as remote work and outsourced IT.
Recalculating and reevaluating priorities based on a continuous flow of new data, learnings and your risk profile, helps to ensure you’re staying focused on what matters in a highly dynamic environment.
Get the Daily Briefing
- Irish Watchdog Opens Another Facebook Probe, Over Data Dump
- Capcom Says Older VPN Device at Heart of Ransomware Attack
- Cybersecurity VC Funding Hit Record in 2020 With $7.8 Billion Invested
- Another Critical Vulnerability Patched in SAP Commerce
- Siemens Releases Several Advisories for 'NAME:WRECK' Vulnerabilities
- FBI Agents Secretly Deleted Web Shells From Hacked Microsoft Exchange Servers
- At Least 100 Million Devices Affected by "NAME:WRECK" DNS Flaws in TCP/IP Stacks
- Google Patches More Under-Attack Chome Zero-days
- Swedish Sports Body Hacked by Russians, Officials Say
- Breaches Detected Faster, But Ransomware Surge a Major Factor: FireEye
Copyright © 2021 Wired Business Media. All Rights Reserved. Privacy Policy