Security Experts:

More Security Headlines

Radware has launched a new hybrid solution designed to help enterprise organizations detect and protect against sophisticated and volumetric DDoS attacks.
WordPress 4.0.1 fixes several vulnerabilities, including a critical flaw that could have been exploited to compromise websites.
Siemens has released software updates to address two critical vulnerabilities in its SIMATIC WinCC supervisory control and data acquisition (SCADA) system, one of which could be exploited remotely by an unauthenticated attacker.
Security companies have started detecting attacks that leverage a critical remote code execution (RCE) vulnerability in Windows, which Microsoft patched last week.
NexDefense announced the availability of a new an Industrial Network Anomaly Detection (INAD) system designed to help customers detect and respond to abnormal behavior within their control system environments.
CIA Director John Brennan has ordered a sweeping internal review that could dramatically change how the country's leading spy agency is organized, officials said Thursday.
The Rovnix Trojan has started leveraging macros embedded in innocent-looking Microsoft Word documents to infect computers, researchers at Trend Micro reported.
A new report shows that the number of attacks 10 Gbps and above increased nearly 40 percent during the third quarter of the year.
Drupal 6.34 and Drupal 7.34 were released to address multiple moderately critical vulnerabilities affecting prior versions.
Researchers uncovered three vulnerabilities in digital video recorder devices that can be used to execute code without authentication.

SecurityWeek Experts

rss icon

Scott Gainey's picture
Panic triggers a response that often leads to potentially catastrophic mistakes. Those mistakes come as we grasp for short-term fixes that give us a stronger sense of control, but don’t take long term consequences into account.
James McFarlin's picture
Was the plan by the Securities Industry and Financial Markets Association (SIFMA) to create a new inter-agency working group comprised of data security regulators a reaction to the recent acceleration of nationwide data breaches?
Marc Solomon's picture
While we can’t address security without technology, we also need to consider education. Organizations must also be committed to keeping their IT security staff highly trained on the current threat landscape and advanced approaches to security.
Eddie Garcia's picture
By default, Hadoop is not secure and simply trusts that users are who they say they are. Within real business use cases, especially when confidential and sensitive data sets are involved, restricting access to only authorized users is critical.
Nate Kube's picture
I would like the OT security community to move away from asking what can we do to gain greater adoption of a greenfield IT security model and instead ask how we can gain demonstrable gains in OT security posture more efficiently.
Scott Simkin's picture
As more organizations build applications other than Web and corporate email into the course of their business, adversaries are taking note and adjusting their tactics.
Joshua Goldfarb's picture
Because of the large volume of even the highest priority alerts, analysts are not able to successfully review each event. And with a large number of false positives, analysts become desensitized to alerts and do not take them seriously.
Jason Polancich's picture
Sharing threat information, analysis and expertise within your “extended family” can be very valuable to establishing the kind of early warning system that is the promise of cyber information sharing to begin with - and without most of the risks.
Jon-Louis Heimerl's picture
We all know passwords are not a great solution for securing our accounts and information. But, it is what we have right now, so we might as well make the best of them, eh? Take this quick quiz to see how secure your password is.
Marcus Ranum's picture
To communicate about our metrics, we need ways that we can ground our experience in terms of “normal” for us; Otherwise, we really can't communicate our metrics effectively with anyone who isn't in a similar environment.
view counter