Security Experts:

Virus & Threats
long dotted

NEWS & INDUSTRY UPDATES

Vulnerability research firm Crowdfense has launched a new 0-day acquisition program and is promising payouts of up to $3 million for full-chain, previously unreported exploits. [Read More]
Over a dozen vulnerabilities, including ones classified as critical, have been found by researchers in industrial switches from Moxa. Patches and mitigations have been released by the vendor. [Read More]
An Iran-linked threat group tracked as IRIDIUM is said to be behind an attack on software giant Citrix, but some people are not convinced the attribution is accurate. [Read More]
Vulnerabilities in high-end smart alarms for cars exposed millions of vehicles to hacker attacks that could have had serious consequences. [Read More]
New SLUB backdoor, used by threat actors in targeted attacks possibly aimed at South Korean users, abuses GitHub and Slack for C&C communications. [Read More]
Google releases information on a zero-day vulnerability in Windows being actively exploited in targeted attacks alongside a recently fixed Chrome flaw. [Read More]
Exploit acquisition firm Zerodium is offering up to $500,000 for VMware ESXi and Microsoft Hyper-V exploits that allow the attacker to gain full access to the host. [Read More]
Over two dozen high severity vulnerabilities have been found in Cisco’s Nexus switches, including flaws that can be exploited for DoS attacks, code execution and privilege escalation. [Read More]
The products of several industrial automation companies are affected by the recently disclosed vulnerabilities in the WibuKey DRM solution. [Read More]
Iranian hackers working to penetrate systems, businesses and governments around the world have caused hundreds of millions of dollars in damages. [Read More]

FEATURES, INSIGHTS // Virus & Threats

rss icon

David Holmes's picture
The "Reaper" IoT botnet is holding itself up as a blinky light in front of our faces, reminding the InfoSec community that we really need to get ahead of IoT madness.
Jack Danahy's picture
With all of our collective focus on machine learning, we simply can’t overlook human learning’s critical role in guarding against attack and protecting the organization.
Torsten George's picture
We need to consider whether traditional approaches to vulnerability management are still viable and if just upgrading existing methods or tools is sufficient.
Jalal Bouhdada's picture
Vendors, practitioners and security experts must all work closely together to combat the well-funded actors who pose a threat to medical devices.
Jim Ivers's picture
Why are even the most security-conscious organizations being compromised, and what does it mean for everyone else?
David Holmes's picture
DUHK and ROCA are both implementation-specific vulnerabilities concerning one of my favorite topics, random number generators.
Torsten George's picture
The end user community is at the mercy of security researchers to act responsibly in order to limit the potential for their findings to be used for malicious purposes.
Markus Jakobsson's picture
If a particular product blocks 99% of all threats, that probably means that product fails to detect the most dangerous threat: targeted attacks.
Alastair Paterson's picture
With greater awareness about POS system attacks, operations against third-party suppliers, and the vulnerabilities of public or semi-public Wi-Fi networks, companies can do a lot to mitigate risk and ensure safer journeys for travelers.
Jack Danahy's picture
Jack Danahy, co-founder and CTO of Barkly, attempts to clarify what is and what is not machine learning in endpoint security