Security Experts:

Virus & Threats
long dotted

NEWS & INDUSTRY UPDATES

An unpatched critical vulnerability impacting DirecTV’s wireless video bridge allows for an attacker to remotely execute code on the vulnerable devices, Zero-Day Initiative researchers reveal. [Read More]
Severe vulnerability found by researchers in Fortinet’s FortiClient endpoint protection product can be exploited to obtain VPN authentication credentials [Read More]
Internet traffic for major tech firms such as Google, Apple, Facebook and Microsoft was briefly rerouted to Russia in a BGP attack [Read More]
Singapore’s Ministry of Defence invites 300 white hat hackers to take part in a two-week bug bounty program with rewards of up to $15,000 [Read More]
Apple this week released security updates for AirPort Base Station firmware to resolve the Key Reinstallation Attacks (KRACK) vulnerabilities in them. [Read More]
Palo Alto Networks patches critical and high severity code execution and command injection vulnerabilities in its PAN-OS security platform [Read More]
Products from F5, Cisco, Citrix and others vulnerable to new version of old crypto attack. Facebook, PayPal and other top websites impacted [Read More]
US President Donald Trump signs National Defense Authorization Act for FY2018, which bans the use of Kaspersky products by government agencies [Read More]
Microsoft patches 19 critical browser vulnerabilities with December 2017 Patch Tuesday updates - none exploited in the wild or publicly disclosed [Read More]
SAP’s Security Patch Day for December 2017 marks a change in the history of SAP patches: it also includes CVE numbers in the titles of the security notes. [Read More]

FEATURES, INSIGHTS // Virus & Threats

rss icon

Jim Ivers's picture
With a software composition analysis (SCA) tool in place, security teams can quickly scan an information repository and know where vulnerable software is being used.
David Holmes's picture
The "Reaper" IoT botnet is holding itself up as a blinky light in front of our faces, reminding the InfoSec community that we really need to get ahead of IoT madness.
Jack Danahy's picture
With all of our collective focus on machine learning, we simply can’t overlook human learning’s critical role in guarding against attack and protecting the organization.
Torsten George's picture
We need to consider whether traditional approaches to vulnerability management are still viable and if just upgrading existing methods or tools is sufficient.
Jalal Bouhdada's picture
Vendors, practitioners and security experts must all work closely together to combat the well-funded actors who pose a threat to medical devices.
Jim Ivers's picture
Why are even the most security-conscious organizations being compromised, and what does it mean for everyone else?
David Holmes's picture
DUHK and ROCA are both implementation-specific vulnerabilities concerning one of my favorite topics, random number generators.
Torsten George's picture
The end user community is at the mercy of security researchers to act responsibly in order to limit the potential for their findings to be used for malicious purposes.
Markus Jakobsson's picture
If a particular product blocks 99% of all threats, that probably means that product fails to detect the most dangerous threat: targeted attacks.
Scott Simkin's picture
Just as there should be consistency across network, endpoint and cloud security, there should be the same consistency in identification, prevention, policy and enforcement of that policy for IoT security.