Security Experts:

Virus & Threats
long dotted


Microsoft patches 50 vulnerabilities with June 2018 Patch Tuesday updates, including 11 critical remote code execution flaws affecting Windows and web browsers [Read More]
Cryptocurrency miner malware PyRoMineIoT uses NSA-linked exploit to spread and leverages infected machines to scan for vulnerable IoT devices [Read More]
The popularity of cryptocurrency mining malware has been skyrocketing over the past year, and the segment appears to have been highly lucrative for cybercriminals [Read More]
Okta researchers find flaw that allows malicious untrusted code to masquerade as legitimate trusted code and bypass checks by security software. All Mac OSs since 2005 affected, but no patch from Apple [Read More]
Crestron patches critical command injection vulnerability affecting the console service on its Digital Graphics Engine 100 (DGE-100) and other controllers [Read More]
ActiveX zero-day vulnerability discovered recently on the website of a South Korean think tank focused on national security has been abused by North Korea’s Lazarus group [Read More]
VMware patches remote code execution vulnerability in the Android and Windows Mobile agents for the Workspace ONE/AirWatch platform [Read More]
Non-Russian threat group targets service centers in Russia in multi-stage attacks involving spear phishing and malicious documents [Read More]
Several critical vulnerabilities expose door communication systems from ABB to remote hacker attacks. Patches and workarounds are available [Read More]
Bitcoin declines 5% after hackers reportedly steal over $37 million worth of cryptocurrency from South Korean exchange Coinrail [Read More]

FEATURES, INSIGHTS // Virus & Threats

rss icon

Jim Ivers's picture
With a software composition analysis (SCA) tool in place, security teams can quickly scan an information repository and know where vulnerable software is being used.
David Holmes's picture
The "Reaper" IoT botnet is holding itself up as a blinky light in front of our faces, reminding the InfoSec community that we really need to get ahead of IoT madness.
Jack Danahy's picture
With all of our collective focus on machine learning, we simply can’t overlook human learning’s critical role in guarding against attack and protecting the organization.
Torsten George's picture
We need to consider whether traditional approaches to vulnerability management are still viable and if just upgrading existing methods or tools is sufficient.
Jalal Bouhdada's picture
Vendors, practitioners and security experts must all work closely together to combat the well-funded actors who pose a threat to medical devices.
Jim Ivers's picture
Why are even the most security-conscious organizations being compromised, and what does it mean for everyone else?
David Holmes's picture
DUHK and ROCA are both implementation-specific vulnerabilities concerning one of my favorite topics, random number generators.
Torsten George's picture
The end user community is at the mercy of security researchers to act responsibly in order to limit the potential for their findings to be used for malicious purposes.
Markus Jakobsson's picture
If a particular product blocks 99% of all threats, that probably means that product fails to detect the most dangerous threat: targeted attacks.
Scott Simkin's picture
Just as there should be consistency across network, endpoint and cloud security, there should be the same consistency in identification, prevention, policy and enforcement of that policy for IoT security.