Security Experts:

Virus & Threats
long dotted


ABB is working to patch a serious arbitrary code execution vulnerability in its Panel Builder 800 tool. Until a fix becomes available, the company has provided some mitigations [Read More]
Cisco finds and patches critical flaws in Policy Suite, and high severity flaws in SD-WAN, WebEx Network Recording Player, and Nexus 9000 switches [Read More]
A SpiderLabs security researcher has published details of what he considers to be a vulnerability in the RLM web application provided by Reprise Software. Reprise CEO Matt Christiano has told SecurityWeek, it is not a vulnerability. [Read More]
Flashpoint announces new service designed to help organizations respond and prepare for ransomware and other cyber extortion incidents [Read More]
Oracle patched a total of 334 security vulnerabilities with its July 2018 Critical Patch Update (CPU), with 200 of the bugs said to be remotely exploitable without authentication. [Read More]
Microsoft announces new identity bug bounty program, with rewards of up to $100,000 for flaws that can be used to bypass multi-factor authentication and vulnerabilities in the design of OpenID and OAuth 2.0 standards [Read More]
Siemens has updated its Meltdown and Spectre security bulletin to inform customers of the recently discovered variants, specifically LazyFP and Spectre 1.1 [Read More]
Blackgear cyberespionage campaign, known to target Taiwan, South Korea and Japan, resurfaces with improved malware that abuses social media sites (including Facebook) for C&C communications [Read More]
Symantec announces availability of Email Threat Isolation, a new solution designed to protect enterprises against phishing, account hijacking, and other attacks [Read More]
A new series of reconnaissance attacks targeting ActiveX objects has been associated with the North Korean-linked Andariel group, a known branch of the notorious Lazarus Group. [Read More]

FEATURES, INSIGHTS // Virus & Threats

rss icon

Torsten George's picture
Application Programming Interfaces (APIs) provide hackers with multiple venues to access an organization’s data and can even be used to cause massive business disruptions.
John Maddison's picture
It is essential to understand exactly what is meant by machine learning so you can quickly differentiate between those solutions that actually provide the technology you need to stay ahead in the cyber war arms race, and those capitalizing on market hype.
Torsten George's picture
Microservices and containers enable faster application delivery and improved IT efficiency. However, the adoption of these technologies has outpaced security.
Oliver Rochford's picture
We can’t rely on our own governments to practice responsible full disclosure. Full Disclosure is compromised. We can’t really blame them. Either everyone discloses, or no-one does.
Josh Lefkowitz's picture
Even organizations with the most robust defense solutions and advanced automated technologies cannot effectively combat threats such as BEC without the adequate support and nuanced expertise of humans.
Jack Danahy's picture
To mitigate the risk of attacks, IT teams should disable unused tools and components, while deploying endpoint protection that doesn’t rely solely on file scanning or whitelisting.
Markus Jakobsson's picture
DMARC is an email authentication standard designed to eliminate phishing and other types of attack that use spoofing to misrepresent an email sender identity.
Ashley Arbuckle's picture
By understanding and easing the cultural shift this entails, you can save time and money and sleep better at night with security occupying a seat at the DevOps table.
Travis Greene's picture
As DevOps and agile development methodologies take greater root in the enterprise, the traditional tools and approaches for eliminating vulnerabilities in code will no longer be able to keep pace.
Dan Cornell's picture
When planning a testing strategy for an application, it is important to evaluate the applicability and likely effectiveness of the various testing approach options.