Security Experts:

Virus & Threats
long dotted


Russia-linked threat group Sofacy spotted targeting a European government agency just as the U.S. accused the Kremlin of launching attacks on critical infrastructure [Read More]
A vulnerability exists in MikroTik's RouterOS in versions prior to the latest 6.41.3, released Monday 12 March 2018. Details were discovered February and disclosed by Core Security on Thursday. [Read More]
The prize pool was $2 million, but white hat hackers only earned $267,000 at this year’s Pwn2Own competition for exploits targeting Edge, Safari, VirtualBox and Firefox [Read More]
Microcode patches for Spectre are available for all Intel CPUs launched in the past five years. The company provided more details on future processors that will include protections against these types of attacks [Read More]
As a result of massive backlash from the industry, CTS Labs has provided some clarifications about the AMD processor vulnerabilities and its disclosure method [Read More]
Researchers analyzed several text editors and found that many of them can be exploited for privilege escalation. Affected vendors not planning on releasing patches [Read More]
White hats managed to hack Microsoft Edge, Oracle VirtualBox and Apple Safari on the first day of the Pwn2Own 2018 hacking contest, earning a total of $162,000 [Read More]
A vulnerability patched by Microsoft with its March 2018 security patches can be exploited by an attacker to relay user credentials to execute code on a target system. [Read More]
Microsoft has released additional microcode updates and software patches to address the CPU vulnerabilities known as Spectre and Meltdown [Read More]
AMD is investigating claims of critical flaws in its processors, while the company that found the vulnerabilities faces backlash over its disclosure method [Read More]

FEATURES, INSIGHTS // Virus & Threats

rss icon

Jack Danahy's picture
With all of our collective focus on machine learning, we simply can’t overlook human learning’s critical role in guarding against attack and protecting the organization.
Torsten George's picture
We need to consider whether traditional approaches to vulnerability management are still viable and if just upgrading existing methods or tools is sufficient.
Jalal Bouhdada's picture
Vendors, practitioners and security experts must all work closely together to combat the well-funded actors who pose a threat to medical devices.
Jim Ivers's picture
Why are even the most security-conscious organizations being compromised, and what does it mean for everyone else?
David Holmes's picture
DUHK and ROCA are both implementation-specific vulnerabilities concerning one of my favorite topics, random number generators.
Torsten George's picture
The end user community is at the mercy of security researchers to act responsibly in order to limit the potential for their findings to be used for malicious purposes.
Markus Jakobsson's picture
If a particular product blocks 99% of all threats, that probably means that product fails to detect the most dangerous threat: targeted attacks.
Scott Simkin's picture
Just as there should be consistency across network, endpoint and cloud security, there should be the same consistency in identification, prevention, policy and enforcement of that policy for IoT security.
Alastair Paterson's picture
With greater awareness about POS system attacks, operations against third-party suppliers, and the vulnerabilities of public or semi-public Wi-Fi networks, companies can do a lot to mitigate risk and ensure safer journeys for travelers.
Jack Danahy's picture
Jack Danahy, co-founder and CTO of Barkly, attempts to clarify what is and what is not machine learning in endpoint security