Clam AntiVirus is an anti-virus toolkit, designed especially for e-mail scanning on mail gateways. It provides a multi-threaded daemon, a command line scanner, and an advanced tool for automatic database updating via Internet. The ClamAV engine can be reliably used to detect several kinds of files. In particular, some phishing emails can be detected using [...]
A newly discovered vulnerability lets attackers take advantage of single sign-on (SSO) systems relying on Security Assertion Markup Language (SAML) and authenticate as another user without knowing his or her password. Step one of SSO authentication is via the Identity Provider (IdP), which checks usernames and passwords, verifies account status, and prompts two-factor authentication. The [...]
Ransomware, banking malware, and other threats aimed at smartphones increased sharply in volume last year and will pose a growing threat to organizations and individuals in 2018 and beyond. Report Trend Micro found 30,000 more malicious applications published on Google Play last year than it did in 2016. The threats were harder to detect because [...]
The number of attacks like the recent one against Equifax have risen dramatically in the last few years, resulting in the exposure of hundreds of millions of private records. Almost without exception there has been some fundamental flaw related to configuration or patching of systems. This trend will continue without systems designed to automatically identify, [...]
Given the constant and connected nature of software driven businesses, customers and users have grown to be less forgiving and more fickle with their attention. An outage in a single service can impact all of its users. An outage in a multi-tenant platform has an exponential impact as it impacts the users of all the [...]
Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. Security researchers working for Google’s Project Zero group, along with other research groups and academic institutions, have discovered a series of far-ranging security risks involving speculative execution. Speculative execution is one [...]
How does renting computing horsepower sound. Rather than taking the complications of designing and managing cloud architecture, some CIOs are going “serverless.” With serverless computing, cloud instances are no longer allocated, only to sit idle until called upon to fuel applications and other functions. Rather, resources are provisioned only when a specific event occurs. When [...]
Despite all the attention that massive hacks and other breaches have attracted in recent years, organizations everywhere still struggle to comprehend the scale of and manage emerging cyber-risks. Of the more than 9,500 senior executives in 122 countries who participated in PricewaterhouseCoopers' Global State of Information Security Survey (GSISS) 2018, only 39% say they are [...]
The WannaCry and NotPetya ransomware epidemics demonstrated how quickly malware can spread across the globe and cripple businesses. Their impact extended beyond traditional IT infrastructure into operational systems used to control industrial, manufacturing, and critical infrastructures. The scale of these incidents is forcing organizations to consider the financial impact and business exposure associated with cyber [...]
Cloud computing continues to transform the way organizations use, store, and share data, applications, and workloads. It has also introduced a host of new security threats and challenges. With so much data going into the cloud—and into public cloud services in particular—these resources become natural targets for bad actors. Contrary to what many might think, [...]