Security Experts:

Virus & Threats
long dotted

NEWS & INDUSTRY UPDATES

One of the zero-day vulnerabilities patched this week by Microsoft has been exploited in attacks by several threat groups, including the ones known as FruityArmor and SandCat. [Read More]
Venezuelan President Nicolas Maduro's government says the massive power outage was caused by a cyberattack launched by the United States, but experts say a breakdown of old equipment is much more likely. [Read More]
Microsoft patches over 60 vulnerabilities, including two Windows zero-day flaws exploited in targeted attacks. [Read More]
Four senators backed by two representatives and several tech giants have reintroduced a bill whose goal is to improve the security of Internet of Things (IoT) devices. [Read More]
Adobe has patched two critical vulnerabilities in Photoshop and Digital Editions, and five flaws in a sandbox service. [Read More]
A white hat hacker earned $10,000 last year for a Facebook Messenger vulnerability that could have allowed an attacker to randomly obtain other users’ images. [Read More]
Vulnerability research firm Crowdfense has launched a new 0-day acquisition program and is promising payouts of up to $3 million for full-chain, previously unreported exploits. [Read More]
Over a dozen vulnerabilities, including ones classified as critical, have been found by researchers in industrial switches from Moxa. Patches and mitigations have been released by the vendor. [Read More]
An Iran-linked threat group tracked as IRIDIUM is said to be behind an attack on software giant Citrix, but some people are not convinced the attribution is accurate. [Read More]
Vulnerabilities in high-end smart alarms for cars exposed millions of vehicles to hacker attacks that could have had serious consequences. [Read More]

FEATURES, INSIGHTS // Virus & Threats

rss icon

Oliver Rochford's picture
We can’t rely on our own governments to practice responsible full disclosure. Full Disclosure is compromised. We can’t really blame them. Either everyone discloses, or no-one does.
Josh Lefkowitz's picture
Even organizations with the most robust defense solutions and advanced automated technologies cannot effectively combat threats such as BEC without the adequate support and nuanced expertise of humans.
Jack Danahy's picture
To mitigate the risk of attacks, IT teams should disable unused tools and components, while deploying endpoint protection that doesn’t rely solely on file scanning or whitelisting.
Markus Jakobsson's picture
DMARC is an email authentication standard designed to eliminate phishing and other types of attack that use spoofing to misrepresent an email sender identity.
Ashley Arbuckle's picture
By understanding and easing the cultural shift this entails, you can save time and money and sleep better at night with security occupying a seat at the DevOps table.
Travis Greene's picture
As DevOps and agile development methodologies take greater root in the enterprise, the traditional tools and approaches for eliminating vulnerabilities in code will no longer be able to keep pace.
Dan Cornell's picture
When planning a testing strategy for an application, it is important to evaluate the applicability and likely effectiveness of the various testing approach options.
David Holmes's picture
Several tech vendors have been added to the list of vendors vulnerable to a variation on the Bleichenbacher attack called the ROBOT attack.
Lance Cottrell's picture
Laws to support swift and automatic updates for all devices, and consequence to organizations that fail to ensure their IoT devices are secure, would be a big step forward for IoT security.
Jim Ivers's picture
With a software composition analysis (SCA) tool in place, security teams can quickly scan an information repository and know where vulnerable software is being used.