Security Experts:

Virus & Threats
long dotted

NEWS & INDUSTRY UPDATES

A vulnerability in the AMD ATI Radeon ATIDXX64.DLL driver could be triggered from within a VMware guest to execute code on the host. [Read More]
Australia reportedly determined that China hacked its parliament and political parties, but decided not to make public accusations to avoid disrupting trade relations. [Read More]
Researchers discover 125 vulnerabilities across 13 SOHO routers and NAS devices as part of a research project dubbed SOHOpelessly Broken 2.0. [Read More]
InnfiRAT RAT can steal various types of data from infected machines, including personal data and cryptocurrency wallet information. [Read More]
A vulnerability recently addressed in LastPass could be abused by attackers to expose the last site credentials filled by LastPass. [Read More]
Several critical and high-severity vulnerabilities that can be exploited remotely have been found recently in widely used CODESYS industrial products. [Read More]
Members of the Tor community have raised $86,081 as part of an initiative aimed at securing funds to find and squash bugs in the popular browser. [Read More]
The US Treasury on Friday placed sanctions on three North Korea government-sponsored hacking operations which it said were behind the theft of possibly hundreds of millions of dollars and destructive cyber-attacks on infrastructure. [Read More]
A dropped, dubbed WiryJMPer and disguised as a virtual coin wallet, has been using heavy obfuscation in attacks delivering Netwire. [Read More]
Sophos has made its Sandboxie sandbox software free and plans on making it open source. [Read More]

FEATURES, INSIGHTS // Virus & Threats

rss icon

Gunter Ollmann's picture
Any bug hunter, security analyst, software vendor, or device manufacturer should not rely on CVSS as the pointy end of the stick for prioritizing remediation.
Gunter Ollmann's picture
In a world of over-hyped bugs, stunt hacking, and branded vulnerability disclosures, my advice to CISOs is to make security lemonade by finding practical next steps to take.
David Holmes's picture
Architects and IT security teams are looking for technology evolutions to help them manage real problems in endpoint storage and messaging.
Josh Lefkowitz's picture
Regardless of which framework you use, it’s crucial to operationalize it in the context of your organization’s unique environment and risk factors.
Devon Kerr's picture
Devon Kerr explains what happened when a municipality inadvertently deployed a brand-new endpoint protection technology across a small part of their production network.
Alastair Paterson's picture
Organizations may not be able to mitigate BEC scams entirely; however, tightening up processes will ensure data exposure is kept to a minimum.
Ashley Arbuckle's picture
By learning from the past there are many steps we can take to strength our approach to security as attackers continue to turn to email to help accomplish their mission.
Siggi Stefnisson's picture
“Evasive phishing" is not a term much heard, but we all will—and need to—start talking a lot more about it than we have in the past.
Alastair Paterson's picture
BEC is becoming increasingly profitable for threat actors as organizations are making it easy for adversaries to gain access to the valuable information that sits within these inboxes.
Siggi Stefnisson's picture
We should be thinking about how users work, what they do and how it affects the security posture of the business, but does security really start with them?