Network Security

  • Most Topular Stories

  • The Three Best Ways to Prevent a Data Breach

    Feed: Blogs
    George Chetcuti
    25 Jun 2015 | 5:27 am
    Netwrix introduces best practice advice for understanding what’s happening in your IT environment to combat cybercrime.
  • Lessons to Learn from the OPM Breach

    Tenable Network Security Blog
    Cris Thomas
    25 Jun 2015 | 8:00 am
  • Improving Security and Compliance in Higher Education

    Tenable Network Security Blog
    Manish Patel
    29 Jun 2015 | 6:17 am
  • Nearly half of 1,000 Leading Websites Fail Online Security and Privacy Assessment Tests

    HOTforSecurity
    Razvan Muresan
    26 Jun 2015 | 2:31 am
    Some 46% of leading global websites have been found vulnerable to existing online security threats, according to Online Trust Alliance’s (OTA) annual audit of nearly 1,000 sites including leading banks, retailers, social, media, news, government and IoT sites. Nearly half of the Top 1,000 websites don’t adequately protect consumers from phishing and other social engineering threats and have insufficient privacy policies and poor disclosure notices, in comparison to last year’s 30%. Internet of Things and media sites fare worst, with fail rates over 75%, while Twitter scores as most…
  • Product Review: Netwrix Auditor v7.0

    Feed: Articles & Tutorials
    Richard Hicks
    16 Jun 2015 | 1:56 am
    In this article the author reviews Netwrix Auditor v7.0.
 
 
 
  • add this feed to my.Alltop

    TaoSecurity

  • Hearing Witness Doesn't Understand CDM

    27 Jun 2015 | 8:50 am
    This post is a follow up to this post on CDM. Since that post I have been watching hearings on the OPM breach.On Wednesday 24 June a Subcommittee of the House Committee on Homeland Security held a hearing titled DHS’ Efforts to Secure .Gov.A second panel (starts in the Webcast around 2 hours 20 minutes) featured Dr. Daniel M. Gerstein, a former DHS official now with RAND, as its sole witness.During his opening statement, and in his written testimony, he made the following comments:"The two foundational programs of DHS’s cybersecurity program are EINSTEIN (also…
  • The Tragedy of the Bloomberg Code Issue

    20 Jun 2015 | 6:13 am
    Last week I Tweeted about the Bloomberg "code" issue. I said I didn't know how to think about it. The issue is a 28,000+ word document, enough to qualify as a book, that's been covered by news outlets like the Huffington Post.I approached the document with an open mind. When I opened my mail box last week, I didn't expect to get a 112 page magazine devoted to explaining the importance of software to non-technical people. It was a welcome surprise.This morning I decided to try to read some of the issue. (It's been a busy week.) I opened the table of contents, shown at left. It took me a…
  • Air Force Enlisted Ratings Remain Dysfunctional

    19 Jun 2015 | 5:08 pm
    I just read Firewall 5s are history: Quotas for top ratings announced in Air Force Times. It describes an effort to eliminate the so-called "firewall 5" policy with a new "forced distribution" approach:The Air Force's old enlisted promotion system was heavily criticized by airmen for out-of-control grade inflation that came with its five-point numerical rating system. There were no limits on how many airmen could get the maximum: five out of five points [aka "firewall 5"]. As a result nearly everyone got a 5 rating.As more and more raters gave their airmen 5s on their EPR [ Enlisted…
  • Redefining Breach Recovery

    13 Jun 2015 | 1:56 pm
    For too long, the definition of "breach recovery" has focused on returning information systems to a trustworthy state. The purpose of an incident response operation was to scope the extent of a compromise, remove the intruder if still present, and return the business information systems to pre-breach status. This is completely acceptable from the point of view of the computing architecture.During the last ten years we have witnessed an evolution in thinking about the likelihood of breaches. When I published my first book in 2004, critics complained that my "assumption of breach" paradigm was…
  • My Federal Government Security Crash Program

    10 Jun 2015 | 4:52 pm
    In the wake of recent intrusions into government systems, multiple parties have been asking for my recommended courses of action.In 2007, following public reporting on the 2006 State Department breach, I blogged When FISMA Bites, Initial Thoughts on Digital Security Hearing. and What Should the Feds Do. These posts captured my thoughts on the government's response to the State Department intrusion.The situation then mirrors the current one well: outrage over an intrusion affecting government systems, China suspected as the culprit, and questions regarding why the government's approach to…
 
  • add this feed to my.Alltop

    Spyware news

  • Oracle has decided to displace Ask with Yahoo! in Java updates

    29 Jun 2015 | 4:53 am
    For many years, Oracle has been blamed for filling crucial Java updates with Ask Toolbar. This way, Ask search provider has been increasing the number of its users on a daily basis. If you have never heard about ‘bundling’ before, then, of course, you are a lucky person because you haven’t encountered with a deceptive […]
  • WhatsApp is the worst at protecting users’ privacy

    19 Jun 2015 | 6:15 am
    If you are looking for an app that is could track you, could collect specific data and then could share it according to its needs, you should download WhatsApp. In fact, we believe that the biggest part of those who will read this article are among those 800 million active users who have already downloaded it […]
  • How much cash could cybercriminals make from viruses?

    9 Jun 2015 | 5:32 am
    As you can imagine, viruses as invented for making the money. However, have you ever tried to figure out how much money can these bad guys, who are responsible for creating them, make? According to the new study of a well known security company Trustwave, hackers can earn as much as 1,500% after investing in ransomware. Keep in mind […]
  • Adwares and browser hijackers are now in the second place among malwares

    27 May 2015 | 6:48 am
    The first half of 2015 can be called the time of adwares and browser hijackers. Security experts have already revealed that adware and hijackers have become the second among malwares, while in the end of 2013 they were only in the fifth place and in the end of 2012 – in the seventh! Trojans can still be called the most popular threats […]
  • A new wave of Cryptolocker has just showed up!

    14 May 2015 | 7:54 am
    As the latest announcement of PC security experts claims, people should expect a new wave of Cryptolocker. At the moment of writing, you are at the biggest risk of getting infected with this threat (or other its variants) if you live in Australia and Europe. However, even if you live in USA or Far East countries, you should […]
  • add this feed to my.Alltop

    Uncommon Sense Security

  • Packing up and moving

    24 Jun 2015 | 8:41 am
    No, not a real blog post, just a quick note.Yes, I feel guilty about that.I'm changing domain registrars and will inevitably miss a simple step and knock myself  offline, but I'll be back here if I disappear.Jack
  • IEMs, In Ear Monitors

    18 Apr 2015 | 1:27 pm
    I’m old. My hearing sucks.  Years of power tools, especially air tools, a few concerts with the volume cranked to 11, and age have combined with male selective hearing to leave me with a bit of hearing loss.  Not bad mind you, but I know I’ve lost a lot of hearing range.  But I recently gambled on an inexpensive pair of IEMs, and was amazed at how much better they are than any earbuds I’ve ever tried.  Even the bottom end of the Shure IEM line lets me hear things in music that I haven’t heard in years.  I’m not likely to get much value from high-end IEMs,…
  • Software Stockholm Syndrome

    9 Mar 2015 | 8:53 am
    Q: Why do you use that software? It’s horrible! A: Because it’s what I know, and once you get used to it it isn’t so bad. Sound familiar?  It’s what I like to call “Software Stockholm Syndrome”, and we’re all victims. Take the application I’m using to write this post, Windows Live Writer.  Writer used to be a sweet little WYSIWYG blog editor, lightweight and versatile.  Sure, a little light on features, but a great little app.  Microsoft put their stamp on the app they acquired with the Onfolio acquisition until it had a few more features and a stunning…
  • We need to talk about attribution.

    10 Feb 2015 | 7:09 pm
    One of the InfoSec community’s greatest distractions lately has been attribution, both specifically and generically. Let’s start with the Sony fiasco and the FBI’s pinning the attribution tail on the North Korean donkey.  Many people have beaten this to death, there has even been name calling over it.  And I don’t care.  There are certainly questions unanswered, but I’m not opposed to the idea that it was North Korea, I’m just not convinced “beyond a reasonable doubt”.  The argument is lost in the greater public, everyone believes it, just like they believe…
  • But Jack, community and stuff…

    30 Jan 2015 | 4:40 am
    A few folks have asked me about my roles on the advisory board for Intelligent Defence and as a judge for RSA’s new crowdsourced track.  I’m often thought of as “Mr. BSides”, which is unfair to a lot of people who do a lot more than I do to build and sustain the Security BSides movement and community, and unfair to the thousands of organizers, volunteers, speakers, sponsors, and participants who make BSides what it is.  This also overlooks the fact that I have long been engaged with a variety of groups and events, and I work in the security industry. The short version of the…
  • add this feed to my.Alltop

    Schneier on Security

  • TEMPEST Attack

    schneier
    29 Jun 2015 | 11:38 am
    There's a new paper on a low-cost TEMPEST attack against PC cryptography: We demonstrate the extraction of secret decryption keys from laptop computers, by nonintrusively measuring electromagnetic emanations for a few seconds from a distance of 50 cm. The attack can be executed using cheap and readily-available equipment: a consumer-grade radio receiver or a Software Defined Radio USB dongle. The setup is compact and can operate untethered; it can be easily concealed, e.g., inside pita bread. Common laptops, and popular implementations of RSA and ElGamal encryptions, are vulnerable to this…
  • Migrating from SHA-1 to SHA-2

    schneier
    29 Jun 2015 | 4:05 am
    Here's a comprehensive document on migrating from SHA-1 to SHA-2 in Active Directory certificates.
  • Friday Squid Blogging: Classic Gary Larson Squid Cartoon

    schneier
    26 Jun 2015 | 2:32 pm
    I have always liked this one. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
  • Other GCHQ News from Snowden

    schneier
    26 Jun 2015 | 10:12 am
    There are two other Snowden stories this week about GCHQ: one about its hacking practices, and the other about its propaganda and psychology research. The second is particularly disturbing: While some of the unit's activities are focused on the claimed areas, JTRIG also appears to be intimately involved in traditional law enforcement areas and U.K.-specific activity, as previously unpublished documents demonstrate. An August 2009 JTRIG memo entitled "Operational Highlights" boasts of "GCHQ's first serious crime effects operation" against a website that was identifying police informants and…
  • NSA and GCHQ Attacked Antivirus Companies

    schneier
    26 Jun 2015 | 4:59 am
    On Monday, the Intercept published a new story from the Snowden documents: The spy agencies have reverse engineered software products, sometimes under questionable legal authority, and monitored web and email traffic in order to discreetly thwart anti-virus software and obtain intelligence from companies about security software and users of such software. One security software maker repeatedly singled out in the documents is Moscow-based Kaspersky Lab, which has a holding registered in the U.K., claims more than 270,000 corporate clients, and says it protects more than 400 million people with…
 
  • add this feed to my.Alltop

    Infosec Events

  • Information Security Events For July

    sheila
    26 Jun 2015 | 8:41 pm
    Here are information security events in North America this month:   SANS DFIR Summit 2015 : July 7 to 8 in Austin, TX, USA   ShakaCon 7 : Juny 8 and 9 in Honolulu, Hawai, USA   Converge Information Security Conference 2015 : July 16 to 17 in Detroit, MI, USA   TakeDownCon Alabama 2015 : July 20 to 21 in Huntsville, AL, USA   International Conference on Security and Management (SAM’15) : July 27 to 30 in Las Vegas, NV, USA And here are the information security events in the other parts of the world:   14th European Conference on Cyber Warfare and Security…
  • Week 25 In Review – 2015

    md
    22 Jun 2015 | 11:17 am
    Resources Circle City Con 2015 Videos – irongeek.com These are the Circle City Con videos. You can watch and download the videos from here. LastPass Security Notice – blog.lastpass.com LastPass want to assure their users that their cyberattack response worked as designed. They have received many questions so they want to take a moment and provide additional clarifications. CVE-2015-1328: incorrect permission checks in overlayfs, ubuntu local root – seclists.org This is CVE-2015-1328 which allows a local root privilege escalation in the default configuration on all currently supported…
  • Week 24 In Review – 2015

    md
    16 Jun 2015 | 3:32 pm
    Resources HackerOne Connects Hackers With Companies, and Hopes for a Win-Win – nytimes.com HackerOne is a San Francisco tech start-up that aims to become a mediator between companies with cybersecurity issues and hackers who are looking to solve problems rather than cause them. They hope their outfit can persuade other hackers to responsibly report security flaws, rather than exploit them, and connect those “white hats” with companies willing to pay a bounty for their finds. A DBIR Attack Graph Web App! – securityblog.verizonenterprise.com The DBIR Attack Graph Web App is meant to…
  • Week 23 In Review – 2015

    md
    8 Jun 2015 | 12:02 pm
    Events Related BSidesLondon 2015 Wrap-Up – blog.rootshell.be Here is a quick wrap-up of the BSidesLondon 2015 by Xavier. This year, they moved to a new location close to Earls Court where is organized InfoSec Europe at the same time. WAF Bypass at Positive Hack Days V – blog.ptsecurity.com Though the contest WAF configuration allowed bypassing, uncommon solutions were also presented. This was actually the goal of the contest: participants had the opportunity to try themselves in bypassing protection mechanisms, while Positive Research can improve their product due to the results.
  • Week 22 In Review – 2015

    md
    1 Jun 2015 | 12:48 pm
    Events Related HITB Amsterdam Wrap-Up Day #1 – blog.rootshell.be The HITB crew is back in the beautiful city of Amsterdam for a new edition of their security conference. Here is Xavier’s wrap-up for the first day! HITB Amsterdam Wrap-Up Day #2 -blog.rootshell.be This is Xavier’s quick wrap-up for the second day of Hack in the Box! Resources New Research: Some Tough Questions for ‘Security Questions’ – googleonlinesecurity.blogspot.ca Elie Bursztein and his research team analyzed hundreds of millions of secret questions and answers that had been used for millions of…
  • add this feed to my.Alltop

    Security Blog

  • Weekly Intelligence Summary Lead Paragraph: 2015-06-26

    dkennedy
    29 Jun 2015 | 12:36 pm
    The developments in InfoSec risk this week that almost certainly had the greatest impact on Verizon Enterprise clients were zero-day attacks on a new vulnerability in Adobe Flash Player and release of a security bulletin by Adobe.  A Cisco security advisory for Virtual WSA, ESA, and SMA products because they ship with a common default SSH key for the remote support functionality in the products. Neither Cisco nor the VCIC are aware of threat activity, but security infrastructure vulnerabilities are in a class by themselves for update management. Incomplete or absent strong authentication was…
  • Weekly Intelligence Summary Lead Paragraph: 2015-06-19

    ssimpson
    20 Jun 2015 | 12:18 pm
    Palo Alto Networks’ Unit 42 may have been one of the most active security teams in the InfoSec space this week after it published reports on the Lotus Blossom campaign targeting Southeast Asian governments, Evilgrab malware being distributed via a strategic web compromise in Myanmar, and the KeyBase keylogger family of malware. Kaspersky also published some of its intel on Lotus Blossom, though it calls the actors responsible Spring Dragon. Media reports continued to surface regarding the Office of Personnel Management breach and both Brian Krebs and Nextgov published timelines of key…
  • Mitigations Aren’t Effective After the First Six (A DBIR Attack Graph Analysis)

    Gabe Bassett
    18 Jun 2015 | 8:51 am
    IntroductionSo that title, right?  A bit inflammatory.  Before I explain myself, let me step back and review what we’re doing.If you haven’t, watch the first 2 minutes of this video or read about the DBIR attack graph here.Now, our job as defenders is to make the paths attackers have available to them as long as possible.  The longer the path, the more expensive/harder/time consuming the attack is.  Some attackers won’t be able to do the attack any more. Others will look for easier targets.  (DBIR data shows most attacks are opportunistic.)  Or, if the do attack,…
  • Weekly Intelligence Summary Lead Paragraph: 2015-06-12

    dkennedy
    13 Jun 2015 | 4:25 pm
    InfoSec intelligence collections this week were driven predominantly by targeted attacks, and fortunately some included actionable observables.  But the targeted attack on the Office of Personnel Management (OPM) reported last week is not among those with new actionable intelligence that the VCIC has high confidence is related to that breach. We did collect quality intelligence about OPM, especially from ThreatConnect’s follow-up to last week’s OPM-focused assessment which was drawn from intelligence they published in February as related to the Anthem breach. A new variant of an old foe,…
  • The DBIR Attack Graph: Redux!

    Gabe Bassett
    8 Jun 2015 | 7:51 am
    In this blog I previously introduced the idea of building an attack graph from the Verizon Data Breach Investigation Report data.  The wheels of industry did not stop with the blog post and we have updates!You may want to review the previous blog to get an idea of what’s going on.  The basic idea is to use VERIS data from the DBIR to build an attack graph showing us what attacker actions lead to compromise of which confidentiality, integrity, and availability attributes.  Nodes in the graph represent either the various action or attribute enumerations within VERIS. MethodologyFirst,…
 
  • add this feed to my.Alltop

    Optimal Security

  • Infosec Haiku

    Chris Merritt
    27 Jun 2015 | 2:01 pm
    Anata no joho sekyuritei konshu no haiku Middle Management: Easy Prey for Phishing Scams – Think Before You Click!   ### Notes ### * Thanks to Ms. Etsuko vdH for the translation. * Thanks to everyone who’ve contributed their haikus … watch this space to see if yours is published. * Submit Your Own … if yours is published, I’ll send you a $20 Starbux card. Please DM me at infosec-haiku@lumension.com. Contest Rules: all rulings by the judge (me) are final, blah blah blah.
  • Mystery surrounds “hack” that grounded 1400 air passengers – Updated

    Graham Cluley
    23 Jun 2015 | 8:37 am
    So, here is what we know. On Sunday afternoon, LOT Polish Airlines had a serious problem with its computer system, which resulted in it being unable to file flight plans. As a result, ten flights from Poland’s busiest airport were cancelled, and some 1400 air passengers were left stranded in Warsaw. In a brief statement for the press, posted on its website, referred to the incident as an “IT attack”: Today afternoon LOT encountered IT attack, that affected our ground operation systems. As a result we’re not able to create flight plans and outbound flights from Warsaw are…
  • Ransomware – To Pay or Not To Pay?

    Orion
    22 Jun 2015 | 6:30 am
    Let me paint a scene for you. You’re sitting at your desk between meetings. You’re working on a PowerPoint for a customer meeting tomorrow, and you’re waiting for an email back from a co-worker. You have another meeting in an hour, which gives you just enough time to hone this presentation. It’s been 15 well-crafted slides since you last saved. Your hard drive whirs, your computer stops responding for a second, and then BAM! Image source: fbi.gov You see this. Only this. Aaarrgghh! You want to scream, maybe you do. Now what? You call IT, it takes 10 minutes to find…
  • Infosec Haiku

    Chris Merritt
    20 Jun 2015 | 12:19 pm
    Anata no joho sekyuritei konshu no haiku Zero-Day Exploit Means OS X / iOS Passwords at Risk Now!   ### Notes ### * Thanks to Ms. Etsuko vdH for the translation. * Thanks to everyone who’ve contributed their haikus … watch this space to see if yours is published. * Submit Your Own … if yours is published, I’ll send you a $20 Starbux card. Please DM me at infosec-haiku@lumension.com. Contest Rules: all rulings by the judge (me) are final, blah blah blah.
  • LinkedIn trumpets the success of its private bug bounty

    Graham Cluley
    19 Jun 2015 | 6:30 am
    It’s all very well having a bug bounty program, argues LinkedIn, but how is your organisation going to cope if it is bombarded with hundreds of meaningless and useless reports, that your security team cannot act upon? That seems to be the message being made by Cory Scott, director of information security at LinkedIn in a blog post published this week. Scott has gone public with details of LinkedIn’s bug bounty program – and it has a fundamental difference from those run by many other technology companies. Unlike other bug bounties run by the likes of Facebook, Yahoo,…
 
  • add this feed to my.Alltop

    TRUSTe Blog

  • Privacy Ecosystem Map Highlights Evolving Market to Address Growing Challenges

    kfreeman
    25 Jun 2015 | 9:00 am
    By Dave Deasy, VP, Marketing at TRUSTe There are many players in the privacy ecosystem. From regulatory agencies to law firms to technology companies – and each entity plays an essential role in managing the balance between business use of data and consumer data protection. Over the past few years the privacy ecosystem has grown … Continue reading » The post Privacy Ecosystem Map Highlights Evolving Market to Address Growing Challenges appeared first on TRUSTe Blog.
  • Meet TRUSTe: Chris Babel, CEO

    kfreeman
    24 Jun 2015 | 9:00 am
    Over the past six months we have given you an inside look at the talented, knowledgeable and friendly people who work at TRUSTe. This week we conclude the series with our CEO Chris Babel. How long have you worked at TRUSTe? It will be 6 years this December. Tell us about your role at TRUSTe. As CEO, I’m … Continue reading » The post Meet TRUSTe: Chris Babel, CEO appeared first on TRUSTe Blog.
  • Can Self-Regulation Meet Privacy Challenges of IoT?

    kfreeman
    23 Jun 2015 | 2:58 pm
    By Matthew E.S. Coleman, JD, CIPP/US, Enterprise Privacy Solutions Manager at TRUSTe Regulators are struggling. They are struggling to find a paradigm to protect consumer privacy in the face of rapid technological change. This sentiment kicked off a panel titled, “Can Self-Regulation Meet Privacy Challenges of IoT?” at TRUSTe’s Internet of Things (IoT) Privacy Summit … Continue reading » The post Can Self-Regulation Meet Privacy Challenges of IoT? appeared first on TRUSTe Blog.
  • 2015 IoT Privacy Summit Recap [PICS]

    kfreeman
    17 Jun 2015 | 10:15 pm
    Here’s an interesting thought: If you buy a home 10, 20 or 30 years from now and the home contains a smart fridge and other smart appliances — who will own that data? The buyer or the seller? This is just one of the many thought-provoking scenarios shared at this year’s IoT Privacy Summit. The … Continue reading » The post 2015 IoT Privacy Summit Recap [PICS] appeared first on TRUSTe Blog.
  • Meet TRUSTe: Mikhail Nikitin, Director, Business Development, EMEA

    kfreeman
    17 Jun 2015 | 9:00 am
    Each week we give you an inside look at the talented, knowledgeable and friendly people who work at TRUSTe. Name: Mikhail Nikitin Job Title: Director, Business Development, EMEA How long have you worked at TRUSTe? 4.5 years. Tell us about your role at TRUSTe. I run Business Development and Sales efforts for TRUSTe in Europe. We opened a London office several years … Continue reading » The post Meet TRUSTe: Mikhail Nikitin, Director, Business Development, EMEA appeared first on TRUSTe Blog.
  • add this feed to my.Alltop

    Networking

  • Add Free OTA Programming to Your Streaming Entertainment

    26 Jun 2015 | 5:51 am
    I've been having a blast adding a couple technologies that you may not be familiar with to my home environment where I put an emphasis on cutting the cable for TV.
  • Even the Pros Have Their Wi-Fi Frustrations

    22 Jun 2015 | 6:01 am
    Business Wi-Fi is complicated. From the balancing act of getting the RF right when lots of APs are in use to keeping up with industry evolution to onboarding users securely, there are enough thorny parts of modern wireless to go around. Even the the professionals are not immune!
  • Tanaza Is A Whole Different Cloud-Managed WLAN Paradigm

    14 Jun 2015 | 2:28 pm
    If you have even a casual interest in the wireless networking industry, you know that cloud-managed Wi-Fi is big business. Whether discussing pure-cloud vendors like Meraki, Aerohive, or AirTight, or controller-based vendors that have cloud options, this way of “doing” business Wi-Fi has...
  • VANET- A Different Kind of Wireless Networking

    1 Jun 2015 | 1:11 pm
    What's happening at the NJ Institute of Technology isn't traditional Wi-Fi, but it's really cool.
  • Kicking Tires on a 5 GHz Outdoor AP From StarTech

    23 May 2015 | 7:42 am
    Low cost, solid build and, interesting mix of features define StarTech's outddoor 5 GHz access point.
 
  • add this feed to my.Alltop

    Free IT - Security Magazines and Downloads from alltop.tradepub.com

  • NetApp Is Accelerating Your Data Protection Strategy to the Clouds

    29 Jun 2015 | 12:00 am
    This 10 page white paper, written by Enterprise Strategy Group Senior Analyst, Jason Buffingtonn, and Research Analyst Monya Keanes, explores how organizations are using the cloud for backup and recovery and how AltaVault fits into that ecosystem.Request Free!
  • The Essentials of Information Security Kit: Includes a Free PC Security Handbook - 2nd Edition eBook

    28 Jun 2015 | 7:20 am
    The Essentials of Information Security brings together the latest in information, coverage of important developments, and expert commentary to help with your Information Security related decisions.The following kit contents will help you get the most out of your Information Security research:PC Security Handbook - 2nd EditionSSL 101: A Guide to Fundamental Website SecurityWanted: Guardians to Keep Sensitive Data Safe & ProtectedIDC Executive Brief: Modernizing Data Protection With Backup AppliancesRequest Free!
  • Data-Driven Security: Analysis, Visualization and Dashboards ($40.99 Value) FREE for a limited time!

    26 Jun 2015 | 12:00 am
    Security professionals need all the tools at their disposal to increase their visibility in order to prevent security breaches and attacks. You'll soon understand how to harness and wield data, from collection and storage to management and analysis as well as visualization and presentation. Using a hands-on approach with real-world examples, this book shows you how to gather feedback, measure the effectiveness of your security methods, and make better decisions. Everything in this book will have practical application for information security professionals.Helps IT and security professionals…
  • The Big Shift to Cloud-Based Security

    24 Jun 2015 | 6:20 pm
    As a mid-sized or smaller organization, there is a lure of feeling safety in obscurity. The truth is your company doesn't have to be a giant global corporation to be in the cross hairs of an attack. Automated exploits of common vulnerabilities can equally sweep up victims on any Internet-facing network. As for targeted attacks, smaller companies are often hit first precisely because cybercriminals know these organizations have weak security – and may be a stepping stone to connected business partners or a large parent company. The good news is you don't need to hire a crew of security…
  • Web Application Security for Dummies

    24 Jun 2015 | 6:20 pm
    Web applications have become the Achilles heel of IT security. Web application vulnerabilities are now the most prevalent at more than 55 per cent of all server vulnerability disclosures. This figure doesn't include vulnerabilities in custom-developed web applications, so it may be just the tip of the iceberg. This eBook is all about understanding how to quickly find and fix vulnerabilities in web applications. The goal is to prevent attackers from gaining control over the application and obtaining easy access to the server, database, and other back-end IT resources.Request Free!
  • add this feed to my.Alltop

    IT-Security

  • Is the Council Trying to Kill the QSA Program?

    Branden Williams
    23 Jun 2015 | 7:22 am
    If you can believe, it has been nearly seven years since the last update to the Qualification Requirements for Qualified Security Assessors (QSAs). This document is the guide that assessors use in their business dealings with the Council. It explains how a firm can become a QSA Company, who is qualified to be a QSA employee, and how the ecosystem works around that whole group. Christina Aguilera on the PCI Ecosystem The changes are quite substantial, as evidenced by the change log. The last entry, for 1.2, simply stated alignment issues with PCI DSS v1.2. This version has nineteen entries,…
  • May 2015 Roundup

    Branden Williams
    1 Jun 2015 | 5:54 am
    Stay Classy, San Diego! It finally happened last month. In May, North Texas set a record for being the wettest may on record. For those of you who have been watching from afar, check out this great infographic that shows how much 35 trillion gallons of water will cover. In other news, we had a major breach that is having bigger impacts than many realize, we are seeing the first reports and fall-out from PCI DSS 3.1, and key provisions of the Patriot Act expired. Here’s what you folks liked the most last month: The Only Customer Service Script You Will Ever Need. Maybe the economy is…
  • Why the Adult Friend Finder Breach Should Concern You

    Branden Williams
    26 May 2015 | 7:11 am
    Check out this great post by Dave Lewis over at CSO who reports on one of those face-palm realizations that many folks are having today. Adult Friend Finder is a social hookup site that fell victim to a breach with all kinds of data on its members now disclosed to the public. Why is that a big deal? Because an alarming number of users on that site signed up for the service using their corporate email accounts. Hands on: “MacBook Air” HR nightmare aside, there is a ton of really great information now available to an attacker. If you use the service, you may have your own issues…
  • March-April 2015 Roundup

    Branden Williams
    4 May 2015 | 11:34 am
    Stay Classy, San Diego! Shush it. I know it’s been a little slow around here. There are some major things in the works! I started a new gig, for one, which is consuming the bulk of my time. I’m also working on a 3.1 addendum to our book, which should be out by the summer. March and April were some busy months for many of us. Three major shows (MAC, ETA, and RSA Conference) all happened in those months. PCI DSS 3.1 was released. You paid your taxes (hopefully). Here’s what you folks liked the most last month: The Only Customer Service Script You Will Ever Need. Maybe the…
  • Verizon Report should be a Wake Up Call for the PCI SSC

    Branden Williams
    24 Mar 2015 | 7:05 am
    Streeter Seidell, Comedian, by Zach Klein Verizon recently released their annual state of PCI Compliance Report, which attempts to give a snapshot of current issues in the space as well as trending data over previous years. To summarize the report, the state of PCI Compliance is “not good.” It’s now 2015, more than 10 years after the first release of the standard, and we continue to struggle with compliance rates. In a Computer Weekly article, the GM of the Council says that “wake-up call for every business that cares about payment security.”…
 
  • add this feed to my.Alltop

    Threatpost | The first stop for security news

  • Five Arrested in Zeus, SpyEye Group Takedown

    Chris Brook
    29 Jun 2015 | 12:33 pm
    Authorities in six different countries worked together last week to take down a cybercrime ring which ultimately infected tens of thousands of computers with Zeus and SpyEye malware and made off with roughly $2.25 M dollars from banks in the process.
  • Researcher Says LG App Update Mechanism Doesn’t Verify SSL Cert

    Dennis Fisher
    29 Jun 2015 | 12:01 pm
    Many smartphones manufactured by LG contain a vulnerability that can allow an attacker to replace an APK file with a malicious file of his choice. The problem is the result of several conditions on LG phones. Like other manufacturers, LG includes custom apps on its handsets, which are not available through the normal Google Play […]
  • Amazon Patches Certificate Vulnerabilities in Fire Phones

    Michael Mimoso
    29 Jun 2015 | 10:31 am
    Amazon patched three vulnerabilities in its Fire Phone, two of which allow for silent certificate installations.
  • Searches for Pirated Content Lead to Pain and Little Gain

    Dennis Fisher
    29 Jun 2015 | 7:07 am
    People love to try and get something for nothing, especially on the Internet where there’s all kinds of things available for nothing. But a lot of those free things are illegal and attackers have become very adept at taking advantage of users’ desire for free episodes of Gilmore Girls or bonus Dragon Ball Z content. Researchers […]
  • Magnitude Kit Exploiting Flash Zero Day, Dropping Cryptowall

    Michael Mimoso
    29 Jun 2015 | 6:53 am
    Exploits for the recently patched Adobe Flash Player zero-day have appeared in the Magnitude Exploit Kit and are leading to Cryptowall ransomware infections.
  • add this feed to my.Alltop

    PC1News.com

  • Desktop Search Removal

    admin
    9 Jun 2015 | 12:53 am
    Desktop Search is a tool which offers to help you facilitate your searches by conducting them directly from your desktop. It is marketed as a convenient plugin which you can use on Google Chrome, Mozilla Firefox or Internet Explorer. However, the program carries out activities which are not part of its promoted services and which may be risky for your system's security. Desktop Search displays commercial ads in the forms of coupons, price comparisons, discounts, and other enticing promotional offers. It can also observe your activity on the web. Due to these functions, the software is…
  • Deals Cabin Removal

    admin
    9 Jun 2015 | 12:49 am
    Deals Cabin is an adware program which offers bargain deals on the web. The tool is mostly directed at finding discounts. The offers are made either through coupons or by a percentile discount. The products Deals Cabin offers are of wide range. The most featured categories are technological gadgets, cosmetics and fashion accessories. Deals Cabin has offers up on its website and the ones you see directly displayed to your screen will be much like them. The adware shows its ads on top of all your browser windows without asking for your permission to display any content. Deals Cabin uses third…
  • NavRight Removal

    admin
    9 Jun 2015 | 12:44 am
    NavRight is another browser hijacker and in case it has gained access to your browser, you will notice its presence immediately. The extension generates manu pop-up ads and notifications. As a result of them being displayed, there is a constant risk for the user of being taken to unknown websites and third-party pages full with compromised files or even computer viruses and harmful system attackers. In case that you notice such popping up ads, it is really important to get rid of these ads and notifications, as well as stop the unwanted redirects to third-party sites. To do that, you will…
  • 4Shared Removal

    admin
    9 Jun 2015 | 12:37 am
    4Shared is an adware program, associated to a file sharing site. The program is not marketed on the website, though. The 4Shared.com platform is developed for file sharing purposes. Nothing is mentioned about a program, associated to this platform. However, there is such an application which distributes advertising content. You will see ads, flagged with 4Shared's name, indicating its existence. They will offer you various shopping discounts and bargain deals which you may find tempting. The problem is that none of them are guaranteed to be legitimate. Adware tools do not take the user's…
  • 1-888-834-1353 Removal

    admin
    9 Jun 2015 | 12:21 am
    1-888-834-1353 is a bogus PC help hot line. You will see fake security messages, stating that your computer is at a risk. The security warnings will be displayed to convince you that you need to take measures. The hot line will be offered as a solution to your problems. You will supposedly receive technical support over the phone for free. Please, be warned that there is no merit to this statement. The real purpose of the pop-up alerts is to get you to contact an illegitimate technical support agent. The person you will talk to will provide no real help, but he may try to swindle you into…
 
  • add this feed to my.Alltop

    Pivot Point Security

  • Pivot Point Security Adds ISO 22301 Certified Lead Implementer; Expands Business Continuity Services

    Scott
    23 Jun 2015 | 4:00 am
    For the original version on PRWeb visit:http://www.prweb.com/releases/2015/06/prweb12800496.htm Pivot Point Security, a leading information security consulting firm, specializing in helping companies of all sizes and types achieve ISO 27001 certification, announces its expansion into ISO 22301 – an international standard for Business Continuity Management (BCM). To solidify its commitment to ISO standards, Pivot Point has attained an ISO 22301 Lead Implementer Certification. Like the Lead Implementer certification for ISO 27001 (Pivot Point has 10 consultants holding that distinguished…
  • What is a Reasonable Cost/Scope for an ISO 27001 Internal Audit?

    John
    23 Jun 2015 | 4:00 am
    We recently bid on an ISMS Internal Audit (ISMS IA) for an existing client at around $8,000, and were very surprised when the client let me know via email that they had decided to use another “qualified” firm that bid the project “at a cost that is less than half your proposal.” We bid the project at a fixed price, figuring that it would require roughly five days’ worth of work: One day for planning (review previous internal audits, review certification audit, review most recent risk assessment reports, work with client to understand other areas of concerns, develop audit plan, gain…
  • Are VoIP Security Threats on Your Do-Not-Call List?

    David Newman
    16 Jun 2015 | 4:00 am
    More and more organizations in every sector are implementing Voice over IP (VoIP) and unified communications (UC) solutions to cut communication costs and eliminate the need to manage voice and data separately. Businesses moving to VoIP are typically very concerned about quality of service issues like latency and voice quality. But what about information security? Many businesses seem to be unaware of—or are overlooking—the significant and growing security risks associated with VoIP. And hackers have been quick to capitalize on these vulnerabilities. Here are some of the exploits…
  • Scary Advances in Password Cracking Render “Traditional” Password Protection Ineffective

    Mike
    9 Jun 2015 | 4:00 am
    As part of Pivot Point Security’s penetration testing service, while we’re on a client’s network we often employ a nifty little tool that steals passwords. It listens for the automatic proxy requests that come from web browsers. (Most browsers have a setting to “Automatically choose proxy” or “Auto-detect proxy settings.”) When our tool intercepts these requests, it responds by telling the browser something like: “Yep, I’m your proxy so please authenticate.” Many times laptop and desktop systems will then send us the user’s credentials, which will enable us to capture…
  • Is Your Organization Susceptible to BIOS Hacking?

    Bob
    28 May 2015 | 4:00 am
    A recent article on WIRED.com got us talking about how we might help our customers determine their susceptibility to BIOS vulnerabilities. A proof-of-concept attack just presented at the CanSecWest conference in Vancouver showed how hackers could remotely infect the BIOS of multiple systems using an array of vulnerabilities that are common to nearly all PCs. If an attacker can gain physical access to a computer, such as through social engineering, they could potentially install malware into the BIOS in as little as two minutes. This new class of malware, dubbed incursion vulnerabilities,…
  • add this feed to my.Alltop

    HOTforSecurity

  • Samsung says it will update updater that disabled Windows Update

    Graham Cluley
    29 Jun 2015 | 4:24 am
    Talk about a right royal mess. Last week, it was discovered that software pre-installed on Samsung computers had the undesirable (but surprisingly deliberate) side effect of disabling Windows Update, Microsoft’s way of automatically keeping your Windows computer secured with the latest patches including security updates. As a consequence, the onus was put on Samsung computer owners to update their devices manually with security updates… and we all know how well that works. :( The technology press found out about Samsung’s crippling of Windows Update, which meant users had to…
  • Europol Arrests Alleged Creators of Banking Trojans Zeus and SpyEye

    Razvan Muresan
    29 Jun 2015 | 2:38 am
    Authorities from six European countries have taken down a major cybercriminal group in Ukraine suspected of developing, exploiting and distributing well-known banking Trojans Zeus and SpyEye, according to Europol. Police arrested five suspects between June 18 and 19. The cybercriminals used malware to attack online banking systems in Europe and elsewhere, adapting their sophisticated banking Trojans over time to defeat security measures implemented by the banks, authorities say. Each cybercriminal had a specialty, and the group was involved in creating malware, infecting machines, harvesting…
  • Nearly half of 1,000 Leading Websites Fail Online Security and Privacy Assessment Tests

    Razvan Muresan
    26 Jun 2015 | 2:31 am
    Some 46% of leading global websites have been found vulnerable to existing online security threats, according to Online Trust Alliance’s (OTA) annual audit of nearly 1,000 sites including leading banks, retailers, social, media, news, government and IoT sites. Nearly half of the Top 1,000 websites don’t adequately protect consumers from phishing and other social engineering threats and have insufficient privacy policies and poor disclosure notices, in comparison to last year’s 30%. Internet of Things and media sites fare worst, with fail rates over 75%, while Twitter scores as most…
  • 57 month prison sentence for hacker who created Blackshades RAT

    Graham Cluley
    25 Jun 2015 | 7:08 am
    Alex Yücel, the Swedish co-creator of the Blackshades RAT, has been sentenced to 57 months in a US Federal prison. In May 2014, the European Union’s Judicial Cooperation Unit, announced that almost 100 people worldwide had been arrested, in an operation targeting the developers and users of Blackshades, a malware toolkit sold online for as little as $40. Source: newsfiber.com Those arrested included 25-year-old Yücel, the co-creator of the Blackshades Remote Access Tool (RAT), which provides an easy way for hackers to recruit computers into a botnet, silently take control of…
  • Travel Scams Are Back, Expedia Customers Victims of Phishing

    Alexandra Gheorghe
    25 Jun 2015 | 6:56 am
    It’s that time of the year — scammers are taking advantage of people looking to book a room over the holidays. Expedia, one of the largest travel sites in the world, warns about a phishing scam targeting unsuspecting customers, according to news reports. Source: expedia.com Some Expedia customers have been emailed and called from someone pretending to work at the reputable company, after a breach at a third party disclosed their names, phone numbers, email addresses and travel bookings. We are aware of a scenario involving fraudulent communications to a proportion of consumers who…
  • add this feed to my.Alltop

    Video Surveillance Blog

  • Is Your Parking Lot Secure?

    23 Jun 2015 | 10:27 am
    Parking lots are a key area to monitor, and shouldn't be overlooked. If you run a business or oversee a facility where there's a parking lot, then it's important to keep tabs on what vehicles enter and exit the parking lot in case there's an accident, vandalism, or even car theft. Another benefit of parking lot video surveillance is that it can help identify vehicles that do not pay their parking fees if there's a charge to utilize the parking lot. High-definition video surveillance systems are especially recommended because of their ability to see clear detail that makes license recognition…
  • How does motion detection work?

    11 Jun 2015 | 3:28 pm
    Motion detection is an important tool for securing your business or building. It alerts you when someone is on your property that isn't authorized. Understanding how this technology helps you set up better motion detection regions and alerts, but do you actually know how motion detection works? To understand motion detection, you first need to understand how a camera works. Inside the camera is an image sensor, which the camera lens directs light to - when light hits the image sensor each individual pixel records how much light it's getting. That pattern of light and dark areas on the pixels…
  • When Surveillance Works - Portland Boutique Captures Shoplifter

    11 Jun 2015 | 11:18 am
    Here at VideoSurveillance.com we often stress the importance of video surveillance systems in helping stores capture shoplifters and other criminals. Last week a Portland, Oregon store owner was able to do just that, capturing a shoplifter on camera. Sarah Bibb owns Folly, a clothing boutique in Portland. After noticing an empty hanger, Bibb reviewed her store's surveillance video and found clear video of the theft happening. Bibb contacted police and then, hoping that someone would recognize the woman, shared the video on Facebook. You can see the original post on Bibb's Facebook page.
  • What Does an IP Camera System Include?

    10 Jun 2015 | 9:42 am
    If you're thinking of switching from analog to IP video, or are investing in a video surveillance system for the first time, it's important to know what equipment you'll need to deploy your new IP cameras. IP video provides a scalable solution for your long-term security needs so you can expand upon the number of security cameras in the future. VideoSurveillance.com offers pre-configured IP security camera systems with everything you need to get started. We can also customize an IP camera system for you if you have special requirements. Our IP security camera systems are assembled to include…
  • Deadline for VideoSurveillance.com Scholarship is Fast Approaching

    4 Jun 2015 | 12:05 pm
    Graduation season is in full swing, but it's also the time for graduating high school seniors to focus on the upcoming start of college. Has the student in your life applied for the VideoSurveillance.com scholarship yet? This is your third year running a scholarship program, and we love the opportunity it gives to interact with bright, young motivated students. Open to graduating high school seniors and students enrolled in undergrad and graduate college programs, this scholarship will award $1,000 to help one student with tuition this fall. To enter, applicants must write a 250-300 word…
 
  • add this feed to my.Alltop

    Seculert Blog on Breach Detection

  • Network Breached? Ask Yourself these 3 Questions within the First 48 Hours

    Liora R. Herman
    23 Jun 2015 | 5:36 am
    In an article for Bankingtech.com, Peter Cheney, the director of cybersecurity at independent global risk and strategic consulting firm Control Risks, has identified three essential questions that he believes enterprises must ask within the first 48 hours after a network breach: 1. What is the specific nature of the breach? Enterprises must quickly and accurately […] The post Network Breached? Ask Yourself these 3 Questions within the First 48 Hours appeared first on Seculert Blog on Breach Detection. [[Read more...]]
  • Cybersecurity’s Weakest Link? Employees

    Liora R. Herman
    18 Jun 2015 | 4:50 am
    About 15 years ago, a game show took public humiliation to new heights (or depths, depending on one’s perspective) by branding unsuccessful contestants as the weakest link in the group. They were then ushered offstage to the tune of the most soul-crushing “goodbye” in television history by the host. Well, that game show is now […] The post Cybersecurity’s Weakest Link? Employees appeared first on Seculert Blog on Breach Detection. [[Read more...]]
  • Cyber Attacks Beating 54% of Organizations Says Survey

    Liora R. Herman
    16 Jun 2015 | 1:37 am
    A survey of 500 IT decision-makers in UK enterprises (250+ employees) has revealed that 54% lack the knowledge and capacity required to thwart sophisticated cyber attacks. The survey, which was conducted by Symantec and Deloitte, also found that: 66% of respondents don’t think it’s necessary to regularly train employees on cyber security policies and practices […] The post Cyber Attacks Beating 54% of Organizations Says Survey appeared first on Seculert Blog on Breach Detection. [[Read more...]]
  • Malware Slips by Prevention-Based Security Software

    Liora R. Herman
    10 Jun 2015 | 4:31 am
    An automated and independent malware testing service has taken a quick break from analyzing malware such as worms, information stealers, and rootkits so that it can crunch some numbers — and the news isn’t good for enterprises that rely exclusively on prevention-based security software packages. As reported by David Braue of CSO Online, the aggregated […] The post Malware Slips by Prevention-Based Security Software appeared first on Seculert Blog on Breach Detection. [[Read more...]]
  • Seculert API: Improved Integration [Product Update]

    Liora R. Herman
    9 Jun 2015 | 4:25 am
    Seculert provides alerts on confirmed incidents of malware actively communicating or exfiltrating information from users’ devices. Seculert can even detect incidents relating to partners and/or customers. These alerts provide actionable and accurate information that identifies the infected device. A just released, updated version of the Seculert API makes it easier to integrate all the insights […] The post Seculert API: Improved Integration [Product Update] appeared first on Seculert Blog on Breach Detection. [[Read more...]]
  • add this feed to my.Alltop

    Managed File Transfer and Network Solutions

  • Comparing Load Balancing Algorithms

    John Carl Villanueva
    28 Jun 2015 | 6:55 pm
    Overview So your load balancer supports multiple load balancing algorithms but you don't know which one to pick? You will in a minute. 
  • Active-Active vs Active-Passive High Availability Cluster

    John Carl Villanueva
    23 Jun 2015 | 5:59 pm
    Overview The two most commonly used high availability (HA) cluster configurations are active-active and active-passive. What's the difference between the two? This article gives a straightforward explanation.
  • Configuring A High Availability Cluster for Various TCP/UDP Services

    John Carl Villanueva
    19 Jun 2015 | 12:18 am
    Overview When your server downtimes start becoming more frequent, that probably means it's time for some major changes. One option would be to set up a high availability cluster. If you want to know how to do that, you've landed on the right place. In this tutorial, we'll guide you in setting up a high availability cluster for FTP, HTTP, SFTP, SMTP, and other TCP/UDP services. 
  • 5 Questions Every CEO Should Ask About Company File Transfers

    John Carl Villanueva
    16 Jun 2015 | 7:29 am
    Overview Most chief executive officers would have no time to scrutinize their organization's file transfer activities. That's bound to change once they start asking these 5 simple questions.  
  • How To Set Up SSL Client Authentication on an HTTPS and FTPS Server

    John Carl Villanueva
    5 Jun 2015 | 8:32 pm
    Overview People who use SSL/TLS to secure their online transactions/file transfers are mostly only familiar with two of its security functions: 1. That it can encrypt data in transit and 2. That it can enable clients to authenticate the server. They're likely not making use of another feature that can greatly enhance SSL security even more - client certificate authentication. If you've been following our posts, you know that client certificate authentication has been the subject of our discussion lately. However, we've never been able to talk about how to enable it on the server side.
  • add this feed to my.Alltop

    Radware Blog

  • How Application Delivery Can Simplify Enterprise Challenges

    Prakash Sinha
    24 Jun 2015 | 8:40 am
    In enterprise environments it is common for an application to be hosted by a pool of servers, either physical or virtual.  Over time these applications also go through a lifecycle that consists of security patches, maintenance, upgrades to update capabilities, and changes to keep up with trends such as virtualization, consolidation and deployment in a hybrid cloud environment.  For scalability, additional servers may also be deployed. IT is needed to deliver consistent availability and an optimized user experience for these applications all while delivering the Service Level Agreement…
  • What Do You Know About DDoS Attacks? Here’s The Ultimate Guide

    Ben Desjardins
    22 Jun 2015 | 2:41 am
    Every good hero needs a trusty guide. Sherlock Holmes had his Watson. Bruce Wayne had Alfred. Captain Kirk? He had Spock. Today’s information security professionals are no different. They work in the trenches to protect networks and applications and they are the modern day heroes of our digital lives. And thus, a guide for keeping up with the fast evolving cyber-threat landscape is valuable when supporting combat. Today at Radware, we’re pleased to provide a new tool to this community with the release of our newly updated DDoS Handbook. The handbook is subtitled ‘The Ultimate Guide to…
  • The NFV Carrier Opportunity – Takeaways from Light Reading’s Big Telecom Event

    Mike O'Malley
    16 Jun 2015 | 9:03 am
    On Tuesday June 9th, I presented at Light Reading’s Big Telecom Event and spoke about NFV in the mobile network. The event hosted a few thousand attendees for several hot Chicago days by the Lake and the NFV session was well attended. NFV is a hot topic in the Carrier industry. According to Heavy Reading, nearly 50% of the Carriers said that they are currently testing NFV solutions in their networks and the other 50% claimed they are in active study on the topic.  Carriers clearly see the value of the technology and its potential to both lower their costs by reducing their…
  • 5 Reasons Why Virtual Machine Security Could Become a Larger Threat

    David Hobbs
    10 Jun 2015 | 10:02 am
    The recent Venom Vulnerability has been open since 2004. The ShellShock Vulnerability released last year was open for 25 years! What is happening now that is causing us to just get around to finding out about these flaws? What is happening is the evolution of virtual machines (VMs). VMs are operating systems or application environments installed on software that are meant to imitate dedicated hardware. Essentially, these machines aim to offer the end user the same experience virtually as they would have on dedicated hardware. These virtual machines are managed by a hypervisor, a program that…
  • Radware and Cisco Sign OEM Agreement As DDoS Mitigation Becomes a SP Imperative

    Ron Meyran
    8 Jun 2015 | 2:40 am
    DDoS attacks are no longer just a nuisance and they can cause lasting damage.  Organizations that ignore this threat often learn the high costs involved in the damage from these attacks – ranging from mild service degradation and to extended service outage. According to Aberdeen Group research, the cost of a one second delay in website load time can translate to a 7% reduction in conversion rate and up to $2.5 million in losses per year.  The cost of outage?  That can reach nearly half a million dollars per hour. Attacks have evolved in multiple dimensions: Attack motivation. Cybercrime…
 
  • add this feed to my.Alltop

    pfSense Setup HQ

  • BREAKING NEWS: pfSense 2.2.3 Released

    maximumdx
    26 Jun 2015 | 5:32 am
    pfSense 2.2.2 has been released, containing 2 low-risk security updates. I will update the links on the downloads page ASAP. You can read all about the newest version at the official pfSense blog. The page also has links to the download mirrors, although, per usual, it’s easier to update pfSense from within the web GUI. The post BREAKING NEWS: pfSense 2.2.3 Released appeared first on pfSense Setup HQ.
  • BREAKING NEWS: pfSense 2.2.2 Released

    maximumdx
    15 Apr 2015 | 2:25 pm
    pfSense 2.2.2 has been released, containing 2 low-risk security updates. I will update the links on the downloads page ASAP. You can read all about the newest version at the official pfSense blog. The page also has links to the download mirrors, although it’s easier to update pfSense from within the web GUI. The post BREAKING NEWS: pfSense 2.2.2 Released appeared first on pfSense Setup HQ.
  • Siproxd: Part One

    maximumdx
    23 Jan 2015 | 4:00 pm
    Siproxd is a proxy/masquerading daemon for the SIP protocol. It handles registrations of SIP clients on a private IP network and performs rewriting of the SIP message bodies to make SIP connections work via a masquerading firewall (NAT). It allows SIP software clients or SIP hardware clients to work behind an IP masquerading firewall or NAT router. SIP, or Session Initiation Protocol, is a standardized set of formats for communicating messages used to initiate, control, and terminate interactive Unicast or Multicast user sessions with multimedia services such as Internet telephone calls,…
  • Reader’s Mailbag: 1-7-2015

    maximumdx
    7 Jan 2015 | 4:00 am
    I received an e-mail from a reader stating that even though he had an internet connection, he could not access the internet through his pfSense firewall. It occurred to me that there might be several reasons why this might be the case: pfSense’s WAN interface isn’t connected to the uplink/modem. The local network isn’t connected to pfSense’s LAN interface. The WAN and LAN interfaces are set up correctly, but there may be another configuration issue (e.g., traffic between the WAN and LAN is blocked). I am assuming the user’s setup (when functioning) looks…
  • Nagios Installation and Configuration: Part Two

    maximumdx
    9 Dec 2014 | 2:00 pm
    In the previous article, we introduced Nagios and began covering installation. In this article, we will continue our look at Nagios, covering configuration and installation of plugins. Nagios Configuration Now that Nagios has been installed, it’s time to configure it. Sample configuration files have been installed in the /usr/local/nagios/etc directory. For the most part, the settings in the sample files should work fine for getting started with Nagios. You should, however change the e-mail address associated with the nagiosadmin contact definition to the address you’d like to use…
  • add this feed to my.Alltop

    blackstratus.com

  • How to Overcome Security Issues in Cloud Computing

    Don Carfagno
    18 Jun 2015 | 6:13 am
    There’s a strain of conservatism among certain IT professionals — the enthusiasm for all things new and innovative is tempered by skepticism about security challenges and other issues. Part of this is simply the nature of our industry. After all, it’s our job to anticipate risks and develop creative ways to mitigate them. However, this type of caution also leads to the kind of broad thinking and blanket statements that ultimately do little to address individual security challenges on an organizational level. Broad skepticism is particularly prominent when comparing cloud security vs.
  • On-Demand Passwords Vs. Two Factor Authentication

    Don Carfagno
    17 Jun 2015 | 4:00 am
    Two factor authentication has long been considered one of the best ways to prevent fraud and protect sensitive information against intrusion. In March 2015, however, Yahoo generated a lot of press with the introduction of its on-demand password system, supposedly a more convenient, easier-to-use alternative to two factor authentication that nevertheless provides a high level of protection against threats. Will Yahoo’s competitors start to adopt similar security on-demand intrusion protection, or will the technology fail to build on its initial promise? Let’s look beyond the hype and take…
  • The Clinton Email Scandal: A Wakeup Call for Network Security Professionals

    Rich Murphy
    1 Jun 2015 | 2:00 am
    Pollsters and journalists alike have been describing Hillary Clinton’s path to the Democratic nomination for president in 2016 to be inevitable, but that doesn’t mean there haven’t been some bumps along the road. To date, the most significant roadblock has been the recent revelations that Clinton used a private email account and server to send and receive messages while she was Secretary of State between 2009 and 2013. While only time will tell whether or not the scandal has an impact on Clinton’s quest to become the first female president of the United States, it highlights many…
  • Preventing Credit Card Hacks Through Integrity Monitoring

    Don Carfagno
    27 May 2015 | 4:00 am
    Recent high-profile hacks against Target, Home Depot and other major retailers have drawn attention to the vulnerability of credit card data both online and off. In the wake of this, several methods have been suggested for reducing the likelihood of future attacks. There’s no question that greater consumer awareness, as well as the adoption of smart card technology, will play a role in keeping credit card data secure in the future. But what can be done to prevent security breaches at the infrastructural level? What Is File Integrity Monitoring? File integrity monitoring (FIM) is already a…
  • Efficiency-Boosting Strategies for Managing Enterprise Data

    Rich Murphy
    20 May 2015 | 4:00 am
    The task of managing and monitoring enterprise data is an increasingly time- and resource-consuming one. In 2012, IBM estimated that over 2.5 exabytes of data was generated every day — a number that has only increased in the years since. While there is a growing market for enterprise network monitoring software, the sheer amount of data being produced means that effective management must begin at the organizational level. In this article, we’ll look at some strategies for managing enterprise data that organizations of any size can use to streamline their processes and make the best use of…
  • add this feed to my.Alltop

    Milton Security

  • Polish Airline Shut Down For a Few Hours by Hackers

    Milton Security Group
    22 Jun 2015 | 10:53 am
    Polish airline, LOT, was forced to cancel multiple flights Sunday after hackers attacked, and successfully froze, their computer network. Flights to Munich, Hamburg, Copenhagen, Dusseldorf, and Stockholm were all cancelled after the airline discovered that they could not process passengers, or create flight plans at Warsaw’s Frederic Chopin airport on Sunday afternoon. “LOT encountered an IT attack that affected our ground operation systems. As a result we’re not able to create flight plans, and outbound flights from Warsaw are not able to depart,” the airline said in a…
  • UC Irvine Medical Center Data Breach

    Milton Security Group
    19 Jun 2015 | 10:41 am
    UC Irvine Medical Center announced Thursday that they had discovered a four-year long data breach of their records. From June 2011 to March 2015, an employee of UC Irvine Medical viewed the medical records of 4,859 patients without a work related purpose.  Sensitive information that was viewed included patient names, birthdays, heights and weights, medical record numbers, home addresses, diagnoses, test orders and results, medications and employment status. Hospital officials were tipped off by unnamed source about the employees behavior, and immediately reviewed his actions.  They notified…
  • Chip and PIN, or EMV Cards: Are They The Answer?

    Bethany Nolan
    17 Jun 2015 | 9:19 am
    In an attempt to combat the epidemic of data breaches, and to save themselves from liability, most of the credit card industry will be moving to the Chip and PIN card, also known as the EMV card, by October of this year.  But will this really have any effect on our personal data security? The new cards will have embedded microchips in them that will identify them as legitimate, authorized bank cards.  The chip will contain the data that used to be stored in the old magnetic strip.  Every time a consumer makes a purchase, a one-time-only transaction code will be generated and…
  • MLB Cardinals Get Data Breach Vengeance

    Milton Security Group
    16 Jun 2015 | 9:18 am
    MLB baseball teams hacking the competition? Apparently, some teams will do ANYTHING to gain an edge!  At least that appears to be the case with the St. Louis Cardinals. According to the New York Times, investigators from the FBI and the Justice Department have discovered evidence that leads them to believe that the front-office staff of the St. Louis Cardinals has been hacking into competing teams’ internal networks in order to obtain personal information about other players. Evidence suggests that that the Cardinals officials were successful in their attempts to break into the Houston…
  • Kaspersky Discovers Attack, Says A Government Is Responsible

    Milton Security Group
    10 Jun 2015 | 10:05 am
    So what would be a smart thing to do if you are a virus or malware author?  Spy on the security researchers of course! Kaspersky Labs recently discovered attacks on their own systems that looked incredibly familiar.  Back in 2011, Kasperksy did an in-depth analysis of command-and-control servers used for the Duqu attacks, a variant on the Stuxnet malware.  They found the Duqu attacks to be some of the most sophisticated the world had ever seen.  They also discovered that servers used in the attacks were spread across over 5 different countries. The new attacks, dubbed Duqu 2.0, continue…
 
  • add this feed to my.Alltop

    Cyberoam : Securing You

  • Trojan.Win32.Qudamah.Gen.24 Targets the Windows Platform

    Cyberoam Threat Research Labs
    8 Jun 2015 | 2:12 am
    The Windows platform is in the firing line of Trojan.Win32.Qudamah.Gen.24. This backdoor contacts a remote server, identifies itself, and accepts commands from the remote server. After receiving commands from the attacker, the malware can be used to perform several non-agreeable activities including but not limited to gathering system information, executing arbitrary files, deleting files, stealing file contents, uploading files to the remote server, taking screen shots and obtaining a listing of processes. FILE Details: File name: zender1.exe md5sum: 40f42b2e11e29d34f625da992cd545cf SHA256:…
  • Third Party Vendors – The Weak Links in Network Security

    Cyberoam
    5 Jun 2015 | 3:30 am
    “Your cybersecurity is only as good or bad as that of your vendors.” By 2019, the cyber security market will be worth a mammoth $155.74 billion. The market for next generation security appliances like firewalls could be worth between $15 billion to $20 billion over the next three years. These big numbers reflect the dawning realization on businesses about the need to fortify their mission critical systems from cyber threats. The cost of recovery from cyber fraud or data breaches is going up every year. According to Ponemon Institute’s 2014 Cost of Data Breach Study: Global…
  • Moose might mess up your Home Router!

    Cyberoam Threat Research Labs
    28 May 2015 | 4:19 am
    A new malware infecting series of Home based routers/modems running on MIPS and ARM architecture has been spotted. The said malware family specifically targets consumer devices based on Linux systems, and spreads by infecting other Linux based embedded systems in its path. The compromised devices are used to sniff unencrypted traffic and render proxy services to botnet operator. Key Capabilities of the Moose Malware The malware specifically targets Home routers The malware is capable of sniffing the traffic and sending the capture packets to remote C&C. Any devices generating network…
  • Backdoor.MSIL.Kazybot Enters Windows

    Cyberoam Threat Research Labs
    25 May 2015 | 11:16 pm
    The Windows platform is at the crosshairs of Backdoor.MSIL.Kazybot. The Bot agent and Backdoor contacts remote servers, identifies itself and sends system information to the remote server. After receiving its instructions, the Bot is known to perform several activities of unagreeable nature such as initiating DoS attacks on specified targets, picking up clipboard data, downloading files and executing shell commands. FILE Details: File name: setup_530.exe md5sum: 5148911d0281375e86f4201352bf473f04ffcfb4 SHA256: 04d36471db5668cc7972a3c986c46a5da8420d94186e138d134f7fa381e76e45 One can download…
  • SSL/TLS protocols hit by LogJam Vulnerability

    Cyberoam Threat Research Labs
    22 May 2015 | 4:52 am
    SSL/TLS protocols are becoming an ungainly spectacle, yet again. Researchers at the University of Michigan and the French research institute Inria have together unveiled a new hidden vulnerability in the encryption procedures used in keeping communication secure for internet users. It is major flaw as it affects more than 8 percent of the Alexa top one million HTTPS domains, raising questions about the methods used for keeping user information safe on Internet. The vulnerability is present in the way browsers communicate with web or email servers. Browsers usually rely on SSL or TLS protocols…
  • add this feed to my.Alltop

    blackstratus.com

  • How to Overcome Security Issues in Cloud Computing

    Don Carfagno
    18 Jun 2015 | 6:13 am
    There’s a strain of conservatism among certain IT professionals — the enthusiasm for all things new and innovative is tempered by skepticism about security challenges and other issues. Part of this is simply the nature of our industry. After all, it’s our job to anticipate risks and develop creative ways to mitigate them. However, this type of caution also leads to the kind of broad thinking and blanket statements that ultimately do little to address individual security challenges on an organizational level. Broad skepticism is particularly prominent when comparing cloud security vs.
  • On-Demand Passwords Vs. Two Factor Authentication

    Don Carfagno
    17 Jun 2015 | 4:00 am
    Two factor authentication has long been considered one of the best ways to prevent fraud and protect sensitive information against intrusion. In March 2015, however, Yahoo generated a lot of press with the introduction of its on-demand password system, supposedly a more convenient, easier-to-use alternative to two factor authentication that nevertheless provides a high level of protection against threats. Will Yahoo’s competitors start to adopt similar security on-demand intrusion protection, or will the technology fail to build on its initial promise? Let’s look beyond the hype and take…
  • The Clinton Email Scandal: A Wakeup Call for Network Security Professionals

    Rich Murphy
    1 Jun 2015 | 2:00 am
    Pollsters and journalists alike have been describing Hillary Clinton’s path to the Democratic nomination for president in 2016 to be inevitable, but that doesn’t mean there haven’t been some bumps along the road. To date, the most significant roadblock has been the recent revelations that Clinton used a private email account and server to send and receive messages while she was Secretary of State between 2009 and 2013. While only time will tell whether or not the scandal has an impact on Clinton’s quest to become the first female president of the United States, it highlights many…
  • Preventing Credit Card Hacks Through Integrity Monitoring

    Don Carfagno
    27 May 2015 | 4:00 am
    Recent high-profile hacks against Target, Home Depot and other major retailers have drawn attention to the vulnerability of credit card data both online and off. In the wake of this, several methods have been suggested for reducing the likelihood of future attacks. There’s no question that greater consumer awareness, as well as the adoption of smart card technology, will play a role in keeping credit card data secure in the future. But what can be done to prevent security breaches at the infrastructural level? What Is File Integrity Monitoring? File integrity monitoring (FIM) is already a…
  • Efficiency-Boosting Strategies for Managing Enterprise Data

    Rich Murphy
    20 May 2015 | 4:00 am
    The task of managing and monitoring enterprise data is an increasingly time- and resource-consuming one. In 2012, IBM estimated that over 2.5 exabytes of data was generated every day — a number that has only increased in the years since. While there is a growing market for enterprise network monitoring software, the sheer amount of data being produced means that effective management must begin at the organizational level. In this article, we’ll look at some strategies for managing enterprise data that organizations of any size can use to streamline their processes and make the best use of…
  • add this feed to my.Alltop

    Cognoscape, LLC

  • The Latest in Military Technology

    Cognoscape
    25 Jun 2015 | 1:30 am
    The military has the best toys – things we could only imagine in our wildest dreams. The military creates, tests and deploys technology toys, from lucrative spy planes to robotic companions, the military is making astonishing advancements. Check out the latest in military technology we know about so far, and remember, these are only what they allow us to see. Self-Steering Ammunition Remember the days of Looney Tunes when the bullets maneuvered around corners to find their intended targets? Well, the military has employed a similar technology. Military snipers in war zones face…
  • Dropbox Isn’t As Secure As You Think

    Cognoscape
    11 Jun 2015 | 1:30 am
    Shocking, right? Where does such a bold claim come from? Dropbox services over 100,000 businesses and 300,000,000 users. The company reports users upload over 1 billion files every 24 hours, and 97% of Fortune 500 companies utilize some form of the service. What do the millions of users need to know about Dropbox? Dropbox is not as secure as you think. Let’s Talk About the Issues Claims about security lapses are nothing new to Dropbox. A “potential” security lapse occurred in 2011 when users could access other accounts without passwords, followed by a handful of ambiguous statements…
  • Benefits of Network Security

    Cognoscape
    14 May 2015 | 1:30 am
    You’ve spent countless hours, days, months, maybe even years building your business…what if everything you had worked for was ruined because of a security breach? All it takes is one bad security breach and you’re out of business. This is why your company needs CognoSecurity. Let’s look at the benefits of network security. Reduced Stress With CognoSecurity you will never lose sleep over stressing about your business’ security. We will handle everything so that you don’t have to. Now you have more time to focus on making your business even more successful, because you know it’s…
  • How Technology Makes For Safe Smartguns

    Cognoscape
    23 Apr 2015 | 2:00 am
    There is a great divide when it comes to guns. After the devastating Newtown massacre that left 20 elementary students dead, the debate over gun control became heated, with a call for more safety. Gun enthusiasts argue that firearms are safe when the owner is properly trained, while those opposed feel we need stricter laws. Whether you’re anti-gun or a card carrying member of the NRA, there is one thing everyone can agree on: guns in the wrong hands make them exponentially more dangerous. It could be a child or criminal that makes the gun turn even more deadly because of lack of…
  • 10 Tips To Keep Your Data Safe From a Phishing Attack

    Cognoscape
    9 Apr 2015 | 9:10 am
    Any IT consultant will tell you, hackers keep finding new ways to steal our personal information. As technology becomes more advanced, these criminals have to find better ways to trick unsuspecting computer users into getting their passwords and other confidential information. “Phishing” has become an epidemic and it usually takes places in the form of pop-ups, spam, fraudulent emails and contacts through social media. Don’t become a victim of this scheme and read our 10 tips to keep your data safe from a phishing attack.   1. Recognize Suspicious Emails Phishing emails have…
 
  • add this feed to my.Alltop

    TutorialsLodge

  • Protecting Yourself From FTP Violations And Vulnerabilities

    Uche Gozie
    28 Jun 2015 | 4:19 am
    In my previous article I wrote about FTP why you need a secured FTP service and dangers affecting an unsecured FTP service. Today I’ll be showing you in practice, how we can actually secure an FTP server in steps. I will be using the FTP services capabilities of Internet Information Services (IIS) that comes with… Read More »The post Protecting Yourself From FTP Violations And Vulnerabilities appeared first on TutorialsLodge.
  • Networking And You

    haysoft
    26 Jun 2015 | 7:49 am
    Hi, I am cisco. I would be uploading series of tutorials right here on tutorialslodge that would actually help you to improve more on your networking skill as a beginner and also enlighten network experts on various networking implementation by reviewing a real-world network scenario, problems and how likely to by-pass them. This section offers… Read More »The post Networking And You appeared first on TutorialsLodge.
  • Why You Need A Secured FTP Service

    Uche Gozie
    23 Jun 2015 | 4:39 pm
    FTP has become a popular means by which files are transferred to customers, clients and even other business partners. However ftp is natively insecure therefore imposing it to be secured is a very important thing in overall secure networking environment. First and foremost you want to harden the server or the system that host your… Read More »The post Why You Need A Secured FTP Service appeared first on TutorialsLodge.
  • JavaScript For Learners – JavaScript For In Loop

    Enyinnaya Chimezie
    21 Jun 2015 | 6:07 am
    Today, we’ll be looking at The For In Loop. This episode is going to be practical oriented episode because I’ll be showing you how The For In Loop is used in code by example. The For In loop works primarily with arrays, and it can also work with something called objects (we will cover object later… Read More »The post JavaScript For Learners – JavaScript For In Loop appeared first on TutorialsLodge.
  • Paginating Database Results

    Enyinnaya Chimezie
    12 Jun 2015 | 9:58 am
    Sometime ago, I showed you how to create a simple CRUD application. Today we will be extending that CRUD application by adding pagination to it. In case you missed the tutorial on CRUD, you can check it out by visiting Simple CRUD Application In PHP And MySQL. Why Do We Have To Paginate Our Database… Read More »The post Paginating Database Results appeared first on TutorialsLodge.
  • add this feed to my.Alltop

    Trend Micro Simply Security

  • Cloud App Security: the Answer to Advanced Office 365 Threats

    Chris Taylor
    29 Jun 2015 | 8:07 am
    Cloud computing has fundamentally changed the way we do business, for the better. The software-as-a-service industry alone has matured at an astonishing rate over the past few years to the point where it’s no longer only those risk-taking early adopters signing up – businesses of all shapes and sizes are jumping on board. But while the benefits of taking that cloud journey are familiar to us all, so are the risks. And top of those risks, the number one barrier in the eyes of U.S. businesses, is security. That’s why, as of June 25, we’re delighted to announce the general availability…
  • Compare and Contrast: The Connected World in Europe, Japan and the U.S.

    Jon Clay
    29 Jun 2015 | 6:00 am
    Today’s continuously connected society is changing many aspects of daily life, yet the majority of respondents in our survey “Privacy and Security in a Connected Life” have not become more concerned overall about the security of their personal data. However, certain aspects of the increased connectivity have made consumers more hesitant across the board. Data breaches, the sharing of medical records, and the increased use of mobile and social devices are a universal concern among consumers everywhere. Same concerns, Different causes Despite general similarities between consumers in the…
  • Food for Thought: Restaurant Technology Becoming More Advanced

    Noah Gamer
    29 Jun 2015 | 2:51 am
    The restaurant industry has had a rough couple of years. In the wake of several large-scale breaches at chain organizations, the sector has begun to introduce new, advanced technologies into its infrastructures. These systems aren’t just aimed at improving data protection, but at offering a better experience for customers as well. Today, we’ll examine the changing face of the restaurant industry, the types of attacks some businesses have suffered and how new technologies are improving processes across the sector. Restaurant data breaches: Compromised customer information Data…
  • A Data Loss-fuelled Plane Crash, and What That Means for the Cyber Sphere

    Noah Gamer
    26 Jun 2015 | 12:09 pm
    It was going to be a typical pre-test flight, nothing out of the ordinary. For the crew of the Airbus A400M in Seville, Spain, the flight was totally routine. It was May 9, and the six crew members piloted the plane for its inaugural flight. The A400M is a big, powerful military plane. On its website, Airbus states that it’s “the ideal airlifter to fulfill the most varied requirements of any nation.” Yet on May 9, things for the Seville crew quickly took a turn for the worse. Mere minutes into the flight, the plane crashed, and four of the crew members were dead. Amid…
  • This Week in Security News

    Gavin Donovan
    26 Jun 2015 | 6:00 am
    Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!   We Spent 2 Years Crawling the Deep Web and…Guess what we Found Our research paper gives you a better understanding of what truly goes on in the Deep Web and darknets, and the effects these could have in the real world. A hack of U.S.
  • add this feed to my.Alltop

    Effect Hacking

  • LG's Update Center App Vulnerable To Man-In-The-Middle Cyberattacks

    Gokul G
    29 Jun 2015 | 10:35 pm
    Owning a LG android device? You might be at great risk! A security vulnerability found in the LG's Update Center android application could be exploited by an attacker to perform man in the middle attacks. An attacker who is able to put himself/herself in a position to intercept traffic from the vulnerable device can push malicious apps to users without raising suspicions. <!-- adsense -
  • Ransomware Alert: Patch Your Flash Player Now

    Gokul G
    29 Jun 2015 | 3:22 am
    The magnitude exploit kit has been successfully exploiting a recent dangerous Adobe Flash Player vulnerability (CVE-2015-3113) on IE11 in Windows 7 since Saturday, malware researcher Kafeine warns. <!-- adsense --> The vulnerability was patched four days ago. If you are using Adobe Flash Player 18.0.0.160, update it as soon as possible. Kafeine says Magnitude attackers are using the
  • Brazilian Musician Christiano Araujo's Tragic Death Used To Spread Banking Malware

    Gokul G
    27 Jun 2015 | 3:56 am
    Cyber criminals spare no incident to target as many victims as possible, and this time they are using Brazilian musician Christiano Araujo's tragic death to spread a banking malware. Following Cristiano Araújo's death, security firm Symantec observed malicious spam emails promising to offer footage of the accident being sent out to users in Brazil and Venezuela. <!-- adsense -->
  • Vulnerabilities In Cisco Security Appliances Allows Unauthorised Root Login

    Gokul G
    26 Jun 2015 | 3:54 am
    Networking hardware manufacturer Cisco has found default SSH key vulnerabilities in all of it's Web Security Virtual Appliances, Email Security Virtual Appliances, and Content Security Management Virtual Appliances.  The vulnerabilities can allow an attacker to connect to an appliance and gain full control over the device. That is, anyone who is able to discover the default SSH keys can
  • Hackers Use Adf.ly To Deliver a New Tinba Variant

    Gokul G
    25 Jun 2015 | 11:31 pm
    If you visit adf.ly links often, there is a huge chance that you are infected with a new variant of Tinba banking malware. Researchers at security firm Malwarebytes have observed the Timba variant being distributed via the HanJuan Exploit Kit as part of a malvertising attack that involves advertising and URL shortening service Adf.ly. When a user visits a malvertised Adf.ly link,
 
  • add this feed to my.Alltop

    Bishop Fox » Blog

  • Bishop Fox is Still a Top Place to Work

    Bishop Fox
    29 Jun 2015 | 10:15 am
    Well, this feels a little like déjà vu, doesn’t it? Last year, we proudly announced that we were named by CareerBuilder as a Top Company to Work For in Arizona. This year, the same is true once again. Time Flies Since we wrote about last year’s accomplishment, there have been some changes here at Bishop Fox – for starters, we’ve moved our Tempe office and hired a few new Foxes. Yet as much as things change, they stay the same – we’re still excited to head into the office around 10 AM, we still (try to) work from home on Fridays, and we still celebrate Taco Tuesday. We also still…
  • ISO 27018: The Long-Awaited Cloud Privacy Standard

    Birgit Thorup Mullen
    20 May 2015 | 11:24 am
    ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) released a new privacy standard for public cloud computing environments in August of 2014. This new standard, ISO 27018, joins the family of standards supporting the ISO 27001 standard for establishing and operating an Information Security Management System (ISMS). The standard takes into consideration other compliance requirements for privacy, so it can be used as an agnostic and uniform tool for evaluating privacy controls. What Is It? The main ISO 27018 standard lists the ISO…
  • Rethinking & Repackaging iOS Apps: Part 2

    Carl Livitt
    4 May 2015 | 12:38 pm
    In the first part of our series, we looked at how to modify an iOS application binary by inserting load commands to inject custom dynamic libraries. In Part 2, we take this a step further by introducing a toolchain designed to make some of our favorite iOS application hacking tools available on non-jailbroken devices. To facilitate this, we forked the fantastic Theos project by DHowett. For the uninitiated, Theos is basically a build environment that allows you to (among other things) easily write, build, and deploy Cydia Substrate tweaks for apps on jailbroken devices. Theos takes care of…
  • Security Should Be Application-Specific

    Brenda Larcom
    27 Apr 2015 | 11:06 am
    I’m looking for the perfect pants. They’re brown. They’re sturdy. They’re business casual. They have many huge pockets, artfully arranged so that I don’t look like a pack rat even after I stash my stuff in them. They don’t cost a fortune. And of course, they fit me perfectly. I have never met these pants. But if I did, I certainly wouldn’t give them to my cousins, who wish for black leather and pajama jeans respectively, or my friend from college, who is into purple cargo pants, or my brother, who is a good five inches taller than I am, even though every one of these…
  • Vulnerable by Design: Understanding Server-Side Request Forgery

    Mike Brooks
    17 Apr 2015 | 11:55 pm
    Sometimes, walls get in the way, and when that happens, we need a door. A door needs a proper lock, or a security vulnerability may result. Server-side request forgery (SSRF) vulnerabilities can manifest in a number of ways, but usually it’s because a door was installed without a lock. The same-origin policy (SOP) is a wall every browser uses to keep users safe. If this wall didn’t exist, then while you are reading this blog post, JavaScript on this page would be allowed to interact with arbitrary domains. For example, malicious JavaScript could make a request to https://gmail.com, and…
Log in