During the past year, you may have noticed a shift in the way IT and security professionals talk about cyber security.
Historically, firewalls, DLP, antivirus, SIEM and other technical point solutions have been the centerpiece of security conversations, but the mindset is slowly shifting from technology to risk.
read more
Rakos Malware Takes Over Embedded Linux Devices
A recently observed piece of malware targeting embedded Linux systems can provide attackers with full control over the infected devices, ESET security researchers warn.
read more
Cybersecurity Industry Remains Concerned Over Wassenaar Arrangement
The Wassenaar Arrangement is a multilateral export control regime designed to prevent the trans-national proliferation of weapons. There are 41 participating states, including 26 independent members of the European Union (plus the UK). The EU, per se, does not participate.
read more
New “Alice” Malware Drains All Cash from ATMs
A newly discovered family of malware targeting ATMs (automated teller machines) has been designed with the sole purpose of emptying cash from the safes of the self-serve machines, Trend Micro security researchers warn.
read more
Spam “Hailstorms” Deliver Variety of Threats
Spam campaigns have evolved from sending a low number of messages for long periods of time to sending a high volume of emails over a short time span, which improves delivery rates before protection mechanisms can be triggered, Cisco Talos researchers warn.
read more
Vulnerabilities Found in Siemens Desigo PX, SIMATIC Products
Siemens has made available workarounds and patches that address medium and high severity vulnerabilities found in the company’s Desigo PX and SIMATIC automation products.
read more
Thinking Beyond the Network Layer: Why the Entire Attack Surface Counts
As New Technologies Infiltrate the Enterprise, Security Practitioners Must Apply a More Holistic Approach to Enterprise Risk Management
read more
VMware Patches VDP, ESXi Vulnerabilities
VMware has released patches that address important and critical vulnerabilities affecting the company’s vSphere Data Protection (VDP) and ESXi products.
The critical flaw was discovered by Marc Ströbel (phroxvs) of HvS-Consulting in VDP, a piece of software designed for creating image-level backups of virtual machines, virtual servers and databases.
read more
Google Releases Crypto Library Testing Tool
Google this week announced the availability of Project Wycheproof, an open source tool designed for finding known vulnerabilities in popular cryptographic software libraries.
read more
Rapid7 Appointed CVE Numbering Authority
Rapid7 has been designated as a Common Vulnerability and Exposures (CVE) Numbering Authority (CNA), which enables the security firm to assign CVE identifiers to flaws acknowledged by affected vendors.
read more
