Security Experts:

Virus & Threats
long dotted

NEWS & INDUSTRY UPDATES

While investigating a flaw that exposed phone number country codes and account locking information, Twitter discovered an attack coming from IPs possibly linked to state-sponsored actors. [Read More]
Several Shamoon 3 samples have been identified and there appear to be targets in more sectors than initially believed. Researchers also found some links to Iran. [Read More]
The Irish data watchdog on Friday launched an investigation into Facebook, after the social media titan admitted a "bug" may have exposed unposted photos from up to 6.8 million users. [Read More]
SQLite vulnerability dubbed Magellan can be exploited for remote code execution, information leaks and DoS attacks. Chrome and other popular applications using SQLite are affected. [Read More]
Facebook discovered a vulnerability in the Photo API that could have allowed third-party apps to access all of a user’s photos. Up to 6.8 million users and 1,500 apps are impacted. [Read More]
Siemens SINUMERIK controllers are affected by DoS, privilege escalation and code execution vulnerabilities, including several flaws rated critical. [Read More]
Facebook has paid out over $1.1 million through its bug bounty program in 2018, which brings the total paid by the social media giant since the launch of its program to $7.5 million. [Read More]
A wave of bomb threats emailed to hundreds of schools, businesses and government buildings across the U.S. triggered searches, evacuations and fear — but there were no signs of explosives, and authorities said the scare appeared to be a crude extortion attempt. [Read More]
Italian oil services company Saipem has confirmed that its systems were hit by a new variant of Shamoon, but the malware has also reportedly been used against other energy firms operating in the Middle East. [Read More]
As U.S. President Donald Trump re-imposed harsh economic sanctions on Iran last month, hackers scrambled to break into personal emails of American officials tasked with enforcing them. [Read More]

FEATURES, INSIGHTS // Virus & Threats

rss icon

Alastair Paterson's picture
BEC is becoming increasingly profitable for threat actors as organizations are making it easy for adversaries to gain access to the valuable information that sits within these inboxes.
Siggi Stefnisson's picture
We should be thinking about how users work, what they do and how it affects the security posture of the business, but does security really start with them?
Torsten George's picture
By implementing these measures organizations can limit their exposure to remote access-based cyber threats, while supporting agile business models such as remote work and outsourced IT.
Marc Solomon's picture
Recalculating and reevaluating priorities based on a continuous flow of new data, learnings and your risk profile, helps to ensure you’re staying focused on what matters in a highly dynamic environment.
Josh Lefkowitz's picture
Proper evaluation of business risk requires insight into the likelihood that a vulnerability will be exploited, and if exploited, how that vulnerability could impact the company on a macro level.
Siggi Stefnisson's picture
Ninety percent of breaches may begin with an email, but today most of the action happens well after an inbound email has been scanned and delivered.
Torsten George's picture
Application Programming Interfaces (APIs) provide hackers with multiple venues to access an organization’s data and can even be used to cause massive business disruptions.
John Maddison's picture
It is essential to understand exactly what is meant by machine learning so you can quickly differentiate between those solutions that actually provide the technology you need to stay ahead in the cyber war arms race, and those capitalizing on market hype.
Torsten George's picture
Microservices and containers enable faster application delivery and improved IT efficiency. However, the adoption of these technologies has outpaced security.
Oliver Rochford's picture
We can’t rely on our own governments to practice responsible full disclosure. Full Disclosure is compromised. We can’t really blame them. Either everyone discloses, or no-one does.