Security Experts:

Virus & Threats
long dotted

NEWS & INDUSTRY UPDATES

French President Emmanuel Macron leads a list of 14 current or former heads of state who may have been targeted for hacking by clients of the notorious Israeli spyware firm NSO Group, Amnesty International said Tuesday. [Read More]
A driver shipped to millions of computers with HP, Samsung and Xerox printers since 2005 is affected by a vulnerability that can be exploited for privilege escalation. [Read More]
Security updates released by Adobe for seven of its products patch a total of 21 vulnerabilities, including many rated critical. [Read More]
An unauthenticated remote attacker could send a specially crafted request to trigger the vulnerability and execute code as root. [Read More]
The U.S. government has attributed several past ICS attacks to Russian, Chinese and Iranian state-sponsored threat actors. [Read More]
A vulnerability affecting Rockwell Automation’s MicroLogix 1100 controllers can be exploited for remote DoS attacks that cause the device to enter a persistent fault condition. [Read More]
Microsoft is ready to offer up to $30,000 to researchers who discover vulnerabilities with high impact on customer privacy and security. [Read More]
Currently, the vulnerability can be exploited to crash the Wi-Fi functionality on any iPhone when connecting to an access point that has a specially crafted SSID. [Read More]
Microsoft secures a court order to take down malicious domains that impersonate legitimate organizations. [Read More]
Networking gear vendor Juniper Networks ships product updates to address critical security vulnerabilities. [Read More]

FEATURES, INSIGHTS // Virus & Threats

rss icon

Joshua Goldfarb's picture
Performing gap analysis well and remediating findings appropriately can help reduce both the number of weak points within your enterprise and your susceptibility to attack at each of them.
John Maddison's picture
Organizations must adopt a holistic approach to securing their distributed networked environment that enables them to see and manage their entire distributed network, including all attack vectors, through a single pane of glass.
Gunter Ollmann's picture
With years of bug bounty programs now behind us, it is interesting to see how the information security sector transformed – or didn’t.
Marie Hattar's picture
There are good and bad ways to make vulnerabilities known. A premature “full disclosure” of a previously unknown issue can unleash the forces of evil, and the “black hats” often move faster than vendors or enterprise IT teams.
Gunter Ollmann's picture
Any bug hunter, security analyst, software vendor, or device manufacturer should not rely on CVSS as the pointy end of the stick for prioritizing remediation.
Gunter Ollmann's picture
In a world of over-hyped bugs, stunt hacking, and branded vulnerability disclosures, my advice to CISOs is to make security lemonade by finding practical next steps to take.
David Holmes's picture
Architects and IT security teams are looking for technology evolutions to help them manage real problems in endpoint storage and messaging.
Josh Lefkowitz's picture
Regardless of which framework you use, it’s crucial to operationalize it in the context of your organization’s unique environment and risk factors.
Devon Kerr's picture
Devon Kerr explains what happened when a municipality inadvertently deployed a brand-new endpoint protection technology across a small part of their production network.
Alastair Paterson's picture
Organizations may not be able to mitigate BEC scams entirely; however, tightening up processes will ensure data exposure is kept to a minimum.