Security Experts:

Virus & Threats
long dotted

NEWS & INDUSTRY UPDATES

The Iran-linked group tracked as APT33 uses obfuscated botnets for attacks aimed at high-value targets located in the United States, the Middle East and Asia. [Read More]
A vulnerability affecting several McAfee antivirus products could allow an attacker to evade self-defense mechanisms and achieve persistence. [Read More]
Canada's spy agencies are divided over whether or not to ban Chinese technology giant Huawei from fifth generation (5G) networks over security concerns. [Read More]
A vulnerability affecting a powerful and widely used Intel driver can give attackers deep access to a device, firmware security company Eclypsium warns. [Read More]
SAP this week released 11 Notes as part of the November 2019 Security Patch Day, along with four updates to previously released Security Notes. [Read More]
A new variant of the attack dubbed ZombieLoad impacts Intel CPUs that were not affected by the previously disclosed ZombieLoad method. [Read More]
Microsoft’s Patch Tuesday updates for November 2019 fix over 70 vulnerabilities, including an Internet Explorer flaw that has been exploited in attacks. [Read More]
Mexican state-owned oil company Petróleos Mexicanos (Pemex) has suffered a ransomware attack that took down parts of its network. [Read More]
Magento is advising users to apply patches for a remote code execution flaw that could allow unauthenticated attackers to deliver malicious payloads. [Read More]
Adobe has patched a total of 11 vulnerabilities in its Animate, Illustrator, Media Encoder and Bridge products. [Read More]

FEATURES, INSIGHTS // Virus & Threats

rss icon

Gunter Ollmann's picture
Any bug hunter, security analyst, software vendor, or device manufacturer should not rely on CVSS as the pointy end of the stick for prioritizing remediation.
Gunter Ollmann's picture
In a world of over-hyped bugs, stunt hacking, and branded vulnerability disclosures, my advice to CISOs is to make security lemonade by finding practical next steps to take.
David Holmes's picture
Architects and IT security teams are looking for technology evolutions to help them manage real problems in endpoint storage and messaging.
Josh Lefkowitz's picture
Regardless of which framework you use, it’s crucial to operationalize it in the context of your organization’s unique environment and risk factors.
Devon Kerr's picture
Devon Kerr explains what happened when a municipality inadvertently deployed a brand-new endpoint protection technology across a small part of their production network.
Alastair Paterson's picture
Organizations may not be able to mitigate BEC scams entirely; however, tightening up processes will ensure data exposure is kept to a minimum.
Ashley Arbuckle's picture
By learning from the past there are many steps we can take to strength our approach to security as attackers continue to turn to email to help accomplish their mission.
Siggi Stefnisson's picture
“Evasive phishing" is not a term much heard, but we all will—and need to—start talking a lot more about it than we have in the past.
Alastair Paterson's picture
BEC is becoming increasingly profitable for threat actors as organizations are making it easy for adversaries to gain access to the valuable information that sits within these inboxes.
Siggi Stefnisson's picture
We should be thinking about how users work, what they do and how it affects the security posture of the business, but does security really start with them?