Security Experts:

Virus & Threats
long dotted

NEWS & INDUSTRY UPDATES

While Facebook’s bug bounty program does not typically cover DoS vulnerabilities, the social media giant has decided to award $10,000 for a serious flaw affecting its open source TLS library Fizz. [Read More]
Nearly 20 vulnerabilities have been found by researchers in Oracle’s Java Card technology, which is used for smart cards and SIMs. Oracle says the technology is deployed on nearly six billion devices each year. [Read More]
A serious DoS vulnerability has been found in Schneider Electric’s Triconex TriStation Emulator software. No patch is available, but the vendor says it does not pose a risk to operating safety controllers. [Read More]
Apple Safari, Oracle VirtualBox and VMware Workstation were hacked on the first day of the Pwn2Own 2019 hacking competition, earning researchers a total of $240,000 in cash. [Read More]
Firefox 66 includes support for Windows Hello for Web Authentication on Windows 10, and brings patches for 21 vulnerabilities. [Read More]
Vulnerabilities recently addressed by CUJO AI in the CUJO Smart Firewall could be exploited to take over the device, Cisco Talos security researchers reveal. [Read More]
Security researchers found that SoftNAS Cloud Enterprise customers with openly exposed SoftNAS StorageCenter ports directly to the internet are vulnerable to an authenticated bypass. [Read More]
A vulnerability in Ghidra, the generic disassembler and decompiler released by the National Security Agency (NSA) in early March, could be exploited to execute code remotely, researchers say. [Read More]
Google has patched a vulnerability in its Photos service that could have been exploited via browser-based timing attacks to track users. [Read More]
Norwegian metals and energy giant Norsk Hydro is working on restoring systems after being hit by ransomware, but the company says it does not plan on paying the hackers. [Read More]

FEATURES, INSIGHTS // Virus & Threats

rss icon

Ashley Arbuckle's picture
By learning from the past there are many steps we can take to strength our approach to security as attackers continue to turn to email to help accomplish their mission.
Siggi Stefnisson's picture
“Evasive phishing" is not a term much heard, but we all will—and need to—start talking a lot more about it than we have in the past.
Alastair Paterson's picture
BEC is becoming increasingly profitable for threat actors as organizations are making it easy for adversaries to gain access to the valuable information that sits within these inboxes.
Siggi Stefnisson's picture
We should be thinking about how users work, what they do and how it affects the security posture of the business, but does security really start with them?
Torsten George's picture
By implementing these measures organizations can limit their exposure to remote access-based cyber threats, while supporting agile business models such as remote work and outsourced IT.
Marc Solomon's picture
Recalculating and reevaluating priorities based on a continuous flow of new data, learnings and your risk profile, helps to ensure you’re staying focused on what matters in a highly dynamic environment.
Josh Lefkowitz's picture
Proper evaluation of business risk requires insight into the likelihood that a vulnerability will be exploited, and if exploited, how that vulnerability could impact the company on a macro level.
Siggi Stefnisson's picture
Ninety percent of breaches may begin with an email, but today most of the action happens well after an inbound email has been scanned and delivered.
Torsten George's picture
Application Programming Interfaces (APIs) provide hackers with multiple venues to access an organization’s data and can even be used to cause massive business disruptions.
John Maddison's picture
It is essential to understand exactly what is meant by machine learning so you can quickly differentiate between those solutions that actually provide the technology you need to stay ahead in the cyber war arms race, and those capitalizing on market hype.