Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
TA505, the Russian-speaking threat actor known for operating the Dridex Trojan and Locky ransomware, has been using a new remote access Trojan (RAT) in recent attacks. [Read More]
Russia-linked threat actor APT29 has been successfully avoiding detection for the past three years while compromising multiple government targets. [Read More]
A critical vulnerability allows remote, unauthenticated attackers to gain unauthorized access to Cisco Aironet access points with elevated privileges. [Read More]
Researchers have identified what appears to be the first crypto-jacking worm that spreads using Docker containers. [Read More]
Oracle this week announced the release of its last Critical Patch Update of 2019, which includes a total of 219 new security fixes across various product families. [Read More]
Chinese tech giant Huawei said on Wednesday that its revenue for the first nine months of the year grew by almost a quarter despite a US campaign to isolate the company globally. [Read More]
WordPress 5.2.4 patches six vulnerabilities, including XSS, unauthorized access, SSRF, and cache poisoning issues. [Read More]
Facebook announces an expansion to its bug bounty program for third-party apps, as well as a series of bonuses for bugs in native products. [Read More]
An intrusion prevention signature update delivered by Symantec to Endpoint Protection customers has caused many devices to crash and display a BSOD. [Read More]
Adobe patches a total of over 80 vulnerabilities in Experience Manager, Acrobat and Reader, and Download Manager. [Read More]
- 1 of 574
- ››
FEATURES, INSIGHTS // Virus & Threats
Any bug hunter, security analyst, software vendor, or device manufacturer should not rely on CVSS as the pointy end of the stick for prioritizing remediation.
In a world of over-hyped bugs, stunt hacking, and branded vulnerability disclosures, my advice to CISOs is to make security lemonade by finding practical next steps to take.
Architects and IT security teams are looking for technology evolutions to help them manage real problems in endpoint storage and messaging.
Regardless of which framework you use, it’s crucial to operationalize it in the context of your organization’s unique environment and risk factors.
Devon Kerr explains what happened when a municipality inadvertently deployed a brand-new endpoint protection technology across a small part of their production network.
Organizations may not be able to mitigate BEC scams entirely; however, tightening up processes will ensure data exposure is kept to a minimum.
By learning from the past there are many steps we can take to strength our approach to security as attackers continue to turn to email to help accomplish their mission.
“Evasive phishing" is not a term much heard, but we all will—and need to—start talking a lot more about it than we have in the past.
BEC is becoming increasingly profitable for threat actors as organizations are making it easy for adversaries to gain access to the valuable information that sits within these inboxes.
We should be thinking about how users work, what they do and how it affects the security posture of the business, but does security really start with them?
- 1 of 26
- ››
SecurityWeek Daily Briefing
- Ingredients Giant Ingredion Hit by Malware
- Hackers Could Have Hijacked Trump Campaign Email Server: Researchers
- Threat Intelligence Firm Flashpoint Raises $34 Million
- Chinese Hackers Targeted International Aerospace Firms for Years
- Massachusetts Governor Announces New Cybersecurity Program
- Researcher Publishes PoC Exploit for Recent Android Zero-Day
- Under New Ownership, DigiCert Expands into Verified Mark Certificates
- Pitney Bowes Says Disruptions Caused by Ryuk Ransomware
- Indiana Hospital System Notifying Patients After Data Breach
- Russia's Security Service Says Rebuilding Ties With U.S.
Copyright © 2019 Wired Business Media. All Rights Reserved. Privacy Policy