Security Experts:

Virus & Threats
long dotted

NEWS & INDUSTRY UPDATES

Some clues left behind by the hackers that breached Marriott suggest that they were conducting cyber espionage on behalf of the Chinese government, Reuters reports. [Read More]
Google this week announced the release of a new set of security patches for the Android operating system, to address over 50 vulnerabilities in the platform. [Read More]
Apple this week released several security updates to address tens of vulnerabilities impacting the iOS and macOS platforms, the Safari browser, and various Windows applications. [Read More]
Siemens conducted a pilot test for releasing security advisories on the second Tuesday of each month (Patch Tuesday), just like Microsoft, Adobe and SAP. [Read More]
The UK government has shared details on its vulnerability equities process (VEP), which is used to decide whether a government agency should disclose a discovered vulnerability or keep it secret for its own purposes. [Read More]
Ukraine accuses Russian intelligence of launching cyber attacks on the information and telecommunications systems of the country’s judiciary. [Read More]
Flash Player zero-day vulnerability CVE-2018-15982 used to target hospital of the Russian presidential administration. Attack possibly related to the recent Kerch Strait incident involving Russia and Ukraine. [Read More]
Symantec unveils Industrial Control System Protection (ICSP) Neural, a USB scanning station designed to protect industrial and IoT environments against USB-borne malware. [Read More]
Thousands of emails were stolen from the hacked accounts of aides to the National Republican Congressional Committee (NRCC) during the 2018 midterm campaign. [Read More]
There is not enough evidence to attribute a recent wave of spear-phishing emails impersonating personnel at the United States Department of State to Russian hackers, Microsoft says. [Read More]

FEATURES, INSIGHTS // Virus & Threats

rss icon

Josh Lefkowitz's picture
Even organizations with the most robust defense solutions and advanced automated technologies cannot effectively combat threats such as BEC without the adequate support and nuanced expertise of humans.
Jack Danahy's picture
To mitigate the risk of attacks, IT teams should disable unused tools and components, while deploying endpoint protection that doesn’t rely solely on file scanning or whitelisting.
Markus Jakobsson's picture
DMARC is an email authentication standard designed to eliminate phishing and other types of attack that use spoofing to misrepresent an email sender identity.
Ashley Arbuckle's picture
By understanding and easing the cultural shift this entails, you can save time and money and sleep better at night with security occupying a seat at the DevOps table.
Travis Greene's picture
As DevOps and agile development methodologies take greater root in the enterprise, the traditional tools and approaches for eliminating vulnerabilities in code will no longer be able to keep pace.
Dan Cornell's picture
When planning a testing strategy for an application, it is important to evaluate the applicability and likely effectiveness of the various testing approach options.
David Holmes's picture
Several tech vendors have been added to the list of vendors vulnerable to a variation on the Bleichenbacher attack called the ROBOT attack.
Lance Cottrell's picture
Laws to support swift and automatic updates for all devices, and consequence to organizations that fail to ensure their IoT devices are secure, would be a big step forward for IoT security.
Jim Ivers's picture
With a software composition analysis (SCA) tool in place, security teams can quickly scan an information repository and know where vulnerable software is being used.
David Holmes's picture
The "Reaper" IoT botnet is holding itself up as a blinky light in front of our faces, reminding the InfoSec community that we really need to get ahead of IoT madness.