Security Experts:

Virus & Threats
long dotted

NEWS & INDUSTRY UPDATES

Microsoft warns users that Windows servers running IIS are vulnerable to DoS attacks that cause CPU usage to spike to 100%. Similar flaw discovered by the same researcher recently in nginx. [Read More]
A vulnerability in WinRAR, the archiver used by over 500 million users worldwide, can be exploited to execute arbitrary code by getting the target to open a specially crafted ACE file. [Read More]
Updates released for the Drupal CMS patch a “highly critical” vulnerability that can be exploited for remote code execution (CVE-2019-6340). [Read More]
Armorblox emerges from stealth mode with a platform that uses natural language understanding to detect threats hidden in emails and documents. The company also announced a $16.5 million Series A funding round. [Read More]
Rockwell Automation is working on patches for two vulnerabilities affecting its Allen-Bradley PowerMonitor 1000 power monitors. Details of the flaws and proof-of-concept (PoC) code are publicly available. [Read More]
A security breach suffered by PoS solutions provider North Country Business Products resulted in the exposure of payment cards used at over 130 restaurants and hotels in the US. [Read More]
After paying out $250,000 in bug bounties in 2018, GitHub has decided to increase rewards and expand the scope of its program. [Read More]
It takes Russian state-sponsored hackers less than 20 minutes to start moving laterally within a network after the initial breach, CrowdStrike says in its latest Global Threat Report. [Read More]
A privilege escalation vulnerability that allows attackers to elevate privileges to SYSTEM has been found in the LG Device Manager application. [Read More]
Proof-of-concept (PoC) code is now publicly available for a recently disclosed container escape vulnerability impacting popular products, including AWS, Google Cloud, and numerous Linux distributions. [Read More]

FEATURES, INSIGHTS // Virus & Threats

rss icon

Siggi Stefnisson's picture
“Evasive phishing" is not a term much heard, but we all will—and need to—start talking a lot more about it than we have in the past.
Alastair Paterson's picture
BEC is becoming increasingly profitable for threat actors as organizations are making it easy for adversaries to gain access to the valuable information that sits within these inboxes.
Siggi Stefnisson's picture
We should be thinking about how users work, what they do and how it affects the security posture of the business, but does security really start with them?
Torsten George's picture
By implementing these measures organizations can limit their exposure to remote access-based cyber threats, while supporting agile business models such as remote work and outsourced IT.
Marc Solomon's picture
Recalculating and reevaluating priorities based on a continuous flow of new data, learnings and your risk profile, helps to ensure you’re staying focused on what matters in a highly dynamic environment.
Josh Lefkowitz's picture
Proper evaluation of business risk requires insight into the likelihood that a vulnerability will be exploited, and if exploited, how that vulnerability could impact the company on a macro level.
Siggi Stefnisson's picture
Ninety percent of breaches may begin with an email, but today most of the action happens well after an inbound email has been scanned and delivered.
Torsten George's picture
Application Programming Interfaces (APIs) provide hackers with multiple venues to access an organization’s data and can even be used to cause massive business disruptions.
John Maddison's picture
It is essential to understand exactly what is meant by machine learning so you can quickly differentiate between those solutions that actually provide the technology you need to stay ahead in the cyber war arms race, and those capitalizing on market hype.
Torsten George's picture
Microservices and containers enable faster application delivery and improved IT efficiency. However, the adoption of these technologies has outpaced security.