Network Security

  • Most Topular Stories

  • The best 5 secure browsers 2015

    Latest Security Articles from Techworld
    John E Dunn
    28 Aug 2015 | 4:30 am
    All browsers claim to be secure these days, so is there any point in using one that majors on its security?
  • 10 Best Practices for BYOD Policy

    Feed: Blogs
    Debra Shinder
    31 Aug 2015 | 10:21 am
    BYOD is a user's delight and the bane of IT admins' existence, but it doesn't have to put your organization's security on the line.
  • My Prediction for Top Gun 2 Plot

    TaoSecurity
    30 Jun 2015 | 8:01 am
    We've known for about a year that Tom Cruise is returning to his iconic "Maverick" role from Top Gun, and that drone warfare would be involved. A few days ago we heard a few more details in this Collider story:[Producer David Ellison]: There is an amazing role for Maverick in the movie and there is no Top Gun without Maverick, and it is going to be Maverick playing Maverick. It is I don’t think what people are going to expect, and we are very, very hopeful that we get to make the movie very soon. But like all things, it all comes down to the script, and Justin is writing as we…
  • 84% want to eliminate passwords

    Feed: Blogs
    Debra Shinder
    26 Aug 2015 | 11:01 am
    Belief is growing that password authentication is no longer capable of meeting modern security demands
  • Video: Recover Deleted Active Directory Objects Without the Recycle Bin: FREE

    Feed: Articles & Tutorials
    Derek Melber
    2 Sep 2015 | 2:56 am
    This video demonstrates recovering deleted Active Directory Objects
  • add this feed to my.Alltop

    Network Security Blog

  • Interview, Keren Elazari, Researcher and Analyst

    netsecpodcast@mckeay.net (Martin McKeay)
    27 Aug 2015 | 6:33 am
    I was able to catch up with Keren Elazari at Black Hat.  We talked about her presentation at BSides (Hack the Future) and what it means to us as security professionals.  Keren highlights how bits are controlling atoms more and more every day and how the next 20 years are going to make the changes of the last 20 look like child’s play. NSPMicrocast-BlackHat2015-Elazari
  • Interview, Author and trouble-maker, Jason E. Street

    netsecpodcast@mckeay.net (Martin McKeay)
    20 Aug 2015 | 5:53 am
    I had a chance to catch up with my friend, Jason E. Street at Black Hat in order to talk to him about a few of the projects he has going on.  In addition to full time employment he’s an author, he’s working to revitalize Defcon Groups and he’s helping to publicize the efforts by hackers at Def Con to donate blood every year.  Busy guy. Dissecting the Hack:  The V3rb0t3n Network Defcon Groups Interview with Jason E. Street
  • Interview, Paul Kurtz, CEO of TruSTAR

    netsecpodcast@mckeay.net (Martin McKeay)
    19 Aug 2015 | 3:03 am
    I got to catch up with Paul Kurtz, CEO of TruSTAR Technology and former advisor to the White House on cybersecurity.  Paul and I talk about his work under a President and a President Elect, information sharing and the OPM hack.  This was one of the more interesting interviews I did at Black Hat, at least for me.  Hope you enjoy it too. Interview with Paul Kurtz, CEO of TruSTAR Technologies
  • Interview, Dr. Engin Kirda

    netsecpodcast@mckeay.net (Martin McKeay)
    16 Aug 2015 | 4:09 am
    I sat down for a few minutes to talk to Dr. Engin Kirda, Chief Architect at Lastline and professor at Northeastern University in Boston.  We discussed the next generation of security professionals and his BH talk about the sophistication (or lack thereof) in modern ransomeware.  And, as with all interviews this conference, I asked about the OPM hack and retribution. Interview with Dr. Engin Kirda, Lastline
  • Spying pressure mounting worldwide

    netsecpodcast@mckeay.net (Martin McKeay)
    11 May 2015 | 12:30 am
    It’s been an interesting ride ever since Edward Snowden came out with the revelations about NSA spying efforts two years ago.  There was a huge public outcry at first, both from the side who believes spying on your own citizens is necessary and from the side who believes spying on your own citizens is a vital tool in protecting them.  Both sides of the argument have been trying to sway public opinion, with varying degrees of success, but it’s been the spy organizations that have been getting their way as judges and lawmakers side with them for the most part.  But that’s…
 
 
 
 
  • add this feed to my.Alltop

    TaoSecurity

  • Top Ten Books Policymakers Should Read on Cyber Security

    14 Aug 2015 | 12:28 pm
    I've been meeting with policymakers of all ages and levels of responsibility during the last few months. Frequently they ask "what can I read to better understand cyber security?" I decided to answer them collectively in this quick blog post.By posting these, I am not endorsing everything they say (with the exception of the last book). On balance, however, I think they provide a great introduction to current topics in digital security.Cybersecurity and Cyberwar: What Everyone Needs to Know by Peter W. Singer and Allan FriedmanCountdown to Zero Day: Stuxnet and the Launch of the World's First…
  • Effect of Hacking on Stock Price, Or Not?

    7 Aug 2015 | 5:19 pm
    I read Brian Krebs story Tech Firm Ubiquiti Suffers $46M Cyberheist just now. He writes:Ubiquiti, a San Jose based maker of networking technology for service providers and enterprises, disclosed the attack in a quarterly financial report filed this week [6 August; RMB] with the U.S. Securities and Exchange Commission (SEC). The company said it discovered the fraud on June 5, 2015, and that the incident involved employee impersonation and fraudulent requests from an outside entity targeting the company’s finance department.“This fraud resulted in transfers of funds…
  • Going Too Far to Prove a Point

    21 Jul 2015 | 6:45 am
    I just read Hackers Remotely Kill a Jeep on the Highway - With Me in It by Andy Greenberg. It includes the following:"I was driving 70 mph on the edge of downtown St. Louis when the exploit began to take hold...To better simulate the experience of driving a vehicle while it’s being hijacked by an invisible, virtual force, Miller and Valasek refused to tell me ahead of time what kinds of attacks they planned to launch from Miller’s laptop in his house 10 miles west. Instead, they merely assured me that they wouldn’t do anything life-threatening. Then they told me to drive the Jeep…
  • My Security Strategy: The "Third Way"

    30 Jun 2015 | 12:23 pm
    Over the last two weeks I listened to and watched all of the hearings related to the OPM breach. During the exchanges between the witnesses and legislators, I noticed several themes. One presented the situation facing OPM (and other Federal agencies) as confronting the following choice:You can either 1) "secure your network," which is very difficult and going to "take years," due to "years of insufficient investment," or 2) suffer intrusions and breaches, which is what happened to OPM.This struck me as an odd dichotomy. The reasoning appeared to be that because OPM did not make "sufficient…
  • My Prediction for Top Gun 2 Plot

    30 Jun 2015 | 8:01 am
    We've known for about a year that Tom Cruise is returning to his iconic "Maverick" role from Top Gun, and that drone warfare would be involved. A few days ago we heard a few more details in this Collider story:[Producer David Ellison]: There is an amazing role for Maverick in the movie and there is no Top Gun without Maverick, and it is going to be Maverick playing Maverick. It is I don’t think what people are going to expect, and we are very, very hopeful that we get to make the movie very soon. But like all things, it all comes down to the script, and Justin is writing as we…
  • add this feed to my.Alltop

    Spyware news

  • Spotify says sorry for its new and controversial privacy policy

    2-spyware.com
    26 Aug 2015 | 11:50 pm
    It has been revealed that the new policy of Spotify enables them to collect information like your location, get your photos and even go through your contacts. What is more, it might even transfer some of the information you provide to third parties. However, Spotify, which has 75 million users, has issued a blog post […]
  • Beware of the first ransomware pretending to be Windows 10 Upgrade

    2-spyware.com
    13 Aug 2015 | 12:55 am
    With almost everyone looking forward to upgrading their Windows 10, cybercriminals are also taking advantage of this hype. They are using they nasty old tricks to distribute ransomware disguised as Windows 10 upgrades through emails. According to Bitdefender Antispam Labs, cybercriminals have started distributing CTB Locker through emails disguised as Windows 10 installation packs. These […]
  • Yahoo deals with massive malvertising attack

    2-spyware.com
    4 Aug 2015 | 3:57 am
    On Monday, Yahoo has announced that it had eliminated malware from its advertising network. Apparently, this malware has stayed there undetected for the minimum of six days. The credit goes to Malwarebytes security specialists who found these ads on Yahoo’s network and reported their findings to Yahoo on Sunday. According to Jerome Segura, a senior […]
  • The threat of the year: Cryptolocker

    28 Jul 2015 | 6:27 am
    It seems that its time to announce the threat of the year! Virus that can be found in almost every security forum or a virus-related website is Cryptolocker. According to the data of the last 14 months, the FBI’s Internet Crime Complain Center (IC3) received 992 Cryptolocker-related complaints from affected companies and PC users. According to […]
  • iPad and iPhone users are tricked by fake warning that locks their Safari and asks $80 for fix

    16 Jul 2015 | 4:29 am
    If you are the owner of an iPad and iPhone, please read this story very carefully. We want to warn you about the latest scam, which has been spreading in the US and Great Britain for some time. The main thing that you have to do for protecting yourself is to ignore the misleading warning […]
 
  • add this feed to my.Alltop

    Schneier on Security

  • History of the L0pht

    schneier
    2 Sep 2015 | 5:04 am
    This Washington Post article uses the history of the L0pht to talk about the broader issues of Internet security.
  • What Can you Learn from Metadata?

    schneier
    1 Sep 2015 | 4:36 am
    An Australian reporter for the ABC, Will Ockenden published a bunch of his metadata, and asked people to derive various elements of his life. They did pretty well, even though they were amateurs, which should give you some idea what professionals can do.
  • Using Samsung's Internet-Enabled Refrigerator for Man-in-the-Middle Attacks

    schneier
    31 Aug 2015 | 11:56 am
    This is interesting research:: Whilst the fridge implements SSL, it FAILS to validate SSL certificates, thereby enabling man-in-the-middle attacks against most connections. This includes those made to Google's servers to download Gmail calendar information for the on-screen display. So, MITM the victim's fridge from next door, or on the road outside and you can potentially steal their Google credentials. The notable exception to the rule above is when the terminal connects to the update server -- we were able to isolate the URL https://www.samsungotn.net which is the same used by TVs, etc. We…
  • Friday Squid Blogging: Cephalopod Anatomy Class

    schneier
    28 Aug 2015 | 2:33 pm
    Beautiful diorama. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
  • Mickens on Security

    schneier
    28 Aug 2015 | 1:58 pm
    James Mickens, for your amusement. A somewhat random sample: My point is that security people need to get their priorities straight. The "threat model" section of a security paper resembles the script for a telenovela that was written by a paranoid schizophrenic: there are elaborate narratives and grand conspiracy theories, and there are heroes and villains with fantastic (yet oddly constrained) powers that necessitate a grinding battle of emotional and technical attrition. In the real world, threat models are much simpler (see Figure 1). Basically, you're either dealing with Mossad or…
  • add this feed to my.Alltop

    Infosec Events

  • Information Security Events For September

    sheila
    1 Sep 2015 | 5:02 am
    Here are information security events in North America this month:   HP Protect 2015 : September 2 to 4 in Fort Washington, MD, USA   ArchCON 2015 : September 8 to 11 in St Louis, MO, USA   BSides Cape Breton 2015 : September 11 in Cape Breton, NB, Canada   BSides Augusta 2015 : September 12 in Augusta, GA, USA   EnergySec 2015 : September 14 to 16 in Washington, DC, USA   SecureWorld Detroit 2015 : September 16 to 17 in MI, USA   Hacker Halted USA 2015 : September 17 to 18 in Atlanta, GA, USA   6th Annual Billington Cybersecurity Summit : September 17…
  • Week 35 In Review – 2015

    christine
    30 Aug 2015 | 7:53 pm
    Resources Black Hat 2015 Wrap Up – Part I – nettitude.co.uk This year, Black Hat (BH) 2015 came, as it usually does, with major security flaws and some “dojos” aside from the major android vulnerabilities we were exposed to and other types of security issues that are much less talked about, but still expose serious problems. Tools Funtenna – www.funtenna.org Software which intentionally causes compromising emanation. It’s Surprisingly Simple to Hack a Satellite – motherboard.vice.com At the Chaos Communication Camp, held in Zehdenick, Germany last week, the…
  • Week 34 In Review – 2015

    christine
    23 Aug 2015 | 5:20 am
    Events Related DEFCON This year marked the 23rd DefCon, the hacker conference that began as an informal gathering for hackers to meet in person and party in the desert. Imploding Barrels and Other Highlights From Hackfest DefCon – www.wired.com I spent the week with over 20,000 hackers in Las Vegas — here’s what I saw – www.techinsider.io Here is how you learn to hack a car – www.washingtonpost.com The End of the Internet Dream – medium.com In 20 years, the Web might complete its shift from liberator to oppressor. It’s up to us to prevent that. Resources…
  • Week 33 In Review – 2015

    christine
    16 Aug 2015 | 12:51 am
    Events Related Kaminsky Creates Clickjacking-Killer – www.darkreading.com Renowned security expert Dan Kaminsky here this week unveiled his latest project: a solution to eradicate so-called clickjacking attacks that plague the Web. 9th USENIX Workshop on Offensive Technologies – www.usenix.org Black Hat USA 2015 Highlights – www.tripwire.com The 18th annual Black Hat USA conference gathered thousands of professionals, researchers and enthusiasts to discuss not only the industry’s current trends and threats but also what we, as a community, can do to improve the security…
  • Week 32 In Review – 2015

    christine
    9 Aug 2015 | 10:32 pm
    Events Related Black Hat USA 2015 From The Black Hat Keynote Stage: Jennifer Granick – www.darkreading.com Recap of Black Hat 2015, Day 1 – www.webroot.com DEF CON 23 (2015) DEFCON Talk Slides – colinoflynn.com DEF CON 23 presentations/Speaker & Workshop Materials – media.defcon.org Resources Certifi-gate: Hundreds of Millions of Android Devices Could Be Pwned – blog.checkpoint.com Check Point today released details about Certifi-gate, a previously unknown vulnerability in the architecture of popular mobile Remote Support Tools (RSTs) used by virtually every…
  • add this feed to my.Alltop

    Dr Anton Chuvakin Blog PERSONAL Blog

  • Monthly Blog Round-Up – August 2015

    1 Sep 2015 | 9:16 am
    Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month: “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? Well, you be the judge.  Current popularity of open source log search tools, BTW, does not break the logic of that post. Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. That – and developing a SIEM is much harder than most people think  [274 pageviews] “Simple Log Review Checklist Released!” is often at the top of this list – the…
  • Links for 2015-08-25 [del.icio.us]

    Anton Chuvakin
    26 Aug 2015 | 12:00 am
    Even 'super hackers' leave entries in logs, so prepare to drown in data • The Register
  • Monthly Blog Round-Up – July 2015

    3 Aug 2015 | 7:40 am
    Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month: “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? Well, you be the judge.  Current popularity of open source log search tools, BTW, does not break the logic of that post. Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. That – and developing a SIEM is much harder than most people think  [291 pageviews] “Top 10 Criteria for a SIEM?” came from one of my last projects I did when running…
  • Monthly Blog Round-Up – June 2015

    1 Jul 2015 | 8:09 am
    Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month: “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? Well, you be the judge.  Current popularity of open source log search tools, BTW, does not break the logic of that post. Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. That – and developing a SIEM is much harder than most people think  [278 pageviews] “Top 10 Criteria for a SIEM?” came from one of my last projects I did when running…
  • Monthly Blog Round-Up – May 2015

    1 Jun 2015 | 8:03 am
    Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month:“Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? Well, you be the judge.  Current emergence of open source log search tools, BTW, does not break the logic of that post. SIEM requires a lot of work, whether you paid for the software, or not. [179 pageviews] “Simple Log Review Checklist Released!” is often at the top of this list – the checklist is still a very useful tool for many people. “On Free Log Management Tools” is a…
 
  • add this feed to my.Alltop

    Security Blog

  • Weekly Intelligence Summary Lead Paragraph: 2015-08-28

    dkennedy
    31 Aug 2015 | 9:10 am
    Multiple reports of malvertisements are the risk intelligence collections pertinent to most of our clients this week.  Almost all Verizon Enterprise clients were likely to have users exposed to malvertisements by visiting MSN sites or Telstra’s home page and perhaps even dating site PlentyofFish.com. Cyphort published a special report: The Rise of Malvertising (reg. req’d.) that found the growth in malvertising for the last year was 325%. Symantec reported the Sundown Exploit Kit (EK) began offering an exploit for CVE-2015-2444. This is the first vulnerability of the 13 patched last week…
  • Inside (r) Job

    admin_sec
    25 Aug 2015 | 2:44 pm
    By Mark Rasch, Chief Security Evangelist, Verizon Enterprise SolutionsIn 1981, R. Foster Winans was a reporter for the Wall Street Journal, writing the “Heard it on the Street” column.  As a diligent reporter, he would find out information about companies, and then publish this information in the Journal.  He wasn’t an “insider” of any company except the company that owned the Journal.  When Winans traded on the basis of the information he learned (actually, on the fact that the Journal was going to publish that information) and made profits, the SEC came down on him hard,…
  • Weekly Intelligence Summary Lead Paragraph: 2015-08-21

    dkennedy
    22 Aug 2015 | 5:21 pm
    Microsoft released MS15-093, a second out-of-cycle security bulletin in as many months to mitigate attacks exploiting a remote code execution vulnerability in all supported versions of Internet Explorer.  Symantec and Heimdal reported, with a couple indicators of compromise (IOC), sites with re-directs leading to an exploit for the new vulnerability that results in infection with the PlugX RAT a.k.a. Korplug Trojan. The VCIC collected several other reports of attacks this week including reports, with IOC, from Cyphort and Malwarebytes of yet another malvertising campaign affecting the…
  • Encryption as Protection? Maybe Not

    admin_sec
    18 Aug 2015 | 3:24 pm
    By Mark Rasch, Chief Security Evangelist, Verizon Enterprise SolutionsA recent espionage prosecution in West Palm Beach, Florida demonstrates that encryption may not be the panacea that organizations think it is.  So rather than relying on encryption alone, companies need to adopt and maintain strategies which continue to provide layered security.After every data breach, we hear the same mantra, “If only the data were encrypted!”  As if encryption of data, is the answer to data breaches.   Now don’t get me wrong, appropriate encryption of data at rest and in transit is critically…
  • Weekly Intelligence Summary Lead Paragraph: 2015-08-14

    dkennedy
    17 Aug 2015 | 6:10 pm
    In August’s patching bonanza, we’re all part of an ex vivo experiment to see if “third time’s the charm” applies to Microsoft’s efforts to mitigate the risk from the .LNK files first observed in the Stuxnet worm.  In August 2010 MS10-046 fixed it, but then again so did MS15-020 last March.  Miscreants have already attacked an Office vulnerability among the 58 CVEs patched in 14 MS security bulletins.  The Verizon Cyber Intelligence Center (VCIC) has collected no reports of attacks on any of the 34 vulnerabilities patched by Adobe in Flash Player and AIR by APSB15-19; yet.
  • add this feed to my.Alltop

    symantec.com

  • Jailbreak iOS Trojan KeyRaider used as part of free apps scam

    Symantec Security Response
    31 Aug 2015 | 7:50 am
    Attackers claim to offer premium apps to iOS devices for free by using stolen Apple ID accounts. Twitter Card Style:  summary read more
  • Scammers quick to capitalize on Ashley Madison breach

    Dick O'Brien
    27 Aug 2015 | 8:21 am
    Symantec telemetry shows surge in spam messages mentioning Ashley Madison megabreach. Twitter Card Style:  summary read more
  • Regin: Further unravelling the mysteries of a cyberespionage threat

    Symantec Security Response
    27 Aug 2015 | 5:57 am
    Symantec’s investigation uncovers additional modules for the Regin spying tool and finds advanced infrastructure supporting it. Twitter Card Style:  summary Symantec’s continuing investigation into the Regin Trojan has cast new light on the cyberespionage tool, revealing a wider range of capabilities and a complex infrastructure supporting the threat.  read more
  • Sundown exploit kit adds Internet Explorer exploit before any other kit

    Ankit Singh
    24 Aug 2015 | 11:00 am
    The Sundown exploit kit has been the first to integrate an exploit for the CVE 2015-2444 bug, using it in a recent watering-hole attack. Twitter Card Style:  summary While tracking exploit activity, Symantec found that the Sundown exploit kit (EK) has started to take advantage of a recent Internet Explorer vulnerability known as CVE-2015-2444. read more
  • Android ransomware: Tricks of the trade

    Dinesh Venkatesan
    24 Aug 2015 | 5:56 am
    A look at some of the detection-evasion and anti-analysis tactics employed by Android ransomware. Twitter Card Style:  summary read more
 
  • add this feed to my.Alltop

    Optimal Security

  • Do Android Flaws Have You Looking for Alternatives?

    Orion
    31 Aug 2015 | 8:13 am
    Android security flaws have become more frequent in the news lately. At least one of them, Stagefright, has been quite severe. The worst part is now that these vulnerabilities have publicly disclosed, everyone including cybercriminals are aware of them. The details needed to compromise devices have been published by every level of media, from Black Hat Conference presentations to respected news organizations to blogs. These proverbial cats are no longer in their proverbial bags. And now it’s a race between cybercriminals and patch-providers. But it’s not a fair race. For…
  • Infosec Haiku

    Chris Merritt
    29 Aug 2015 | 3:11 pm
    Anata no joho sekyuritei konshu no haiku Google, Firefox, Facebook, Amazon – All Say NO to Flash – Jobs Wins!   ### Notes ### * Thanks to Ms. Etsuko vdH for the translation. * Thanks to everyone who’ve contributed their haikus … watch this space to see if yours is published. * Submit Your Own … if yours is published, I’ll send you a $20 Starbux card. Please DM me at infosec-haiku@lumension.com. Contest Rules: all rulings by the judge (me) are final, blah blah blah.
  • PayPal XSS flaw could have let hackers steal your unencrypted credit card details

    Graham Cluley
    26 Aug 2015 | 4:48 pm
    A cross-site scripting (XSS) flaw on PayPal’s website could have been used by hackers to phish for your login credentials, and even steal your unencrypted card details. But thankfully the vulnerability was found by a responsible researcher, who informed PayPal about the problem and helped the web’s most popular payment service from being embarrassed by a massive security gaffe. Ebrahim Hegazy, an Egyptian vulnerability hunter, has made a name for himself finding security holes on websites belonging to some of the world’s biggest technology names – including Google, Yahoo,…
  • Infosec Haiku

    Chris Merritt
    22 Aug 2015 | 5:27 pm
    Anata no joho sekyuritei konshu no haiku Thousand of moldy WS2k3 Servers In Use – Please Protect!   ### Notes ### * Thanks to Ms. Etsuko vdH for the translation. * Thanks to everyone who’ve contributed their haikus … watch this space to see if yours is published. * Submit Your Own … if yours is published, I’ll send you a $20 Starbux card. Please DM me at infosec-haiku@lumension.com. Contest Rules: all rulings by the judge (me) are final, blah blah blah.
  • Sysadmins who fail to change default configurations, leave petabytes of data at risk

    Graham Cluley
    17 Aug 2015 | 11:38 am
    Here’s a very important lesson for system administrators and developers who don’t want data to fall into the wrong hands: change the default settings, or risk leaving your organisation’s servers open to access by unauthorised, external parties. A study by researchers at Swiss security firm BinaryEdge has scanned the internet on various ports, to see which servers would answer and take a close look at the technologies being used. Specifically, the researchers were looking for servers running the popular enterprise technologies Elasticsearch, Redis, MongoDB, and Memcache, and…
 
  • add this feed to my.Alltop

    TRUSTe Blog

  • Registration Now Open for ‘EU Data Protection 2015 – Regulation Meets Innovation’

    kfreeman
    2 Sep 2015 | 10:00 am
    Today, registration opens for “EU Data Protection 2015 – Regulation Meets Innovation,” which will take place in San Francisco on Dec. 8. Check out details on the new event website and book your seat today at www.truste.com/eudatap. The conference brings together thought leaders in privacy, security and regulation to address the changes in the proposed … Continue reading » The post Registration Now Open for ‘EU Data Protection 2015 – Regulation Meets Innovation’ appeared first on TRUSTe Blog.
  • September Spotlight: Live Demos, Privacy Webinars, IAPP Privacy. Security. Risk. 2015

    kfreeman
    1 Sep 2015 | 9:59 am
    September 10, 10-10:30 a.m., PDT Live Demo: Ads Privacy Compliance Technology Enforcement of DAA principles on interest-based advertising over desktop has been in force for a while now, but mobile enforcement starts Sept. 1. If you leverage interest-based advertising, you’ll need to have the following in place for both desktop and mobile environments across all … Continue reading » The post September Spotlight: Live Demos, Privacy Webinars, IAPP Privacy. Security. Risk. 2015 appeared first on TRUSTe Blog.
  • End-of-Month Recap: What You May Have Missed [August]

    kfreeman
    31 Aug 2015 | 1:45 pm
    At the end of each month we’ll compile a list featuring some of the most informative and interesting privacy blog posts to let you know what topics are driving the privacy agenda this month. This month on the blog we covered data breaches, ‘Right to be Forgotten,’ and the new IoT Trust Framework, among other … Continue reading » The post End-of-Month Recap: What You May Have Missed [August] appeared first on TRUSTe Blog.
  • Survey Compares American and British Opinions on the ‘Right to be Forgotten’

    kfreeman
    27 Aug 2015 | 7:00 am
    It can be a thin line between censorship and human rights – at least, according to the opinions of online Americans and British Internet users in a recent survey about the ‘Right to be Forgotten’ ruling. The ‘Right to be Forgotten’ ruling stipulates that “individuals have the right, under certain conditions, to ask search engines … Continue reading » The post Survey Compares American and British Opinions on the ‘Right to be Forgotten’ appeared first on TRUSTe Blog.
  • TRUSTe Hosted Reception for APEC’s Data Privacy Subgroup

    kfreeman
    26 Aug 2015 | 2:25 pm
    On August 26th, TRUSTe hosted a welcome reception for the Asia Pacific Economic Cooperation’s (APEC) Data Privacy Subgroup (DPS) at the Marco Polo Hotel in Cebu, Philippines. The semi-annual meeting of the DPS is taking place on the margins of APEC’s Third Senior Officials meeting during the Philippines APEC host year. APEC is a regional economic … Continue reading » The post TRUSTe Hosted Reception for APEC’s Data Privacy Subgroup appeared first on TRUSTe Blog.
  • add this feed to my.Alltop

    Networking

  • What Does Cisco-Apple Bromance Really Amount To?

    2 Sep 2015 | 8:50 am
    Cisco and Apple recently announced a partnership, and many of us that support Cisco networks wonder what it will ultimately mean. On the one hand, Cisco’s own announcement just promises a lot of vague promises of better mobility! While Apple’s PR promises an equally vague FAST LANE for i...
  • Starting to Explore Cucumber Tony, an Affordable Cloud Managed Wi-Fi Platform

    24 Aug 2015 | 1:37 pm
    One of the more interesting developments in the business WLAN space is capability to manage and monitor Wi-Fi environments from the cloud.  To be able to ditch both the controller and to negate the feeding and upkeep of the Network Management System are huge gains under the right circumstances....
  • Three Must-Follow Blogs

    16 Aug 2015 | 4:02 am
    There are a lot of excellent IT blogs out there to follow, and everyone has their favorites. It’s easy to suffer “blog overwhelm”, as the more you seek the more you find. At the same time, the really good ones stand out. You see them on others’ blog roles frequently, and you ...
  • Udemy Presents: The History of the Android OS

    10 Aug 2015 | 12:27 pm
    If you have even if a passing interest in the Android operating system, there’s a particularly great place to review its evolution. Sure, just doing a search on Android versions will turn up decent enough articles like this one, but the good folks at Udemy have put together an excellent infogr...
  • A Beginner's Primer on Wi-Fi Antennas

    2 Aug 2015 | 8:43 am
    When it comes to the RF part of wireless networking, no single component has as much impact on signal delivery than the antenna. At the same time, even people working in Wi-Fi don’t always understand the importance of antennas on how the output of the access point is shaped. Here, we’ll ...
  • add this feed to my.Alltop

    Enterprise Drm

  • DNA Tests für Menschen und Tiere

    Star
    15 Aug 2015 | 6:52 am
    DNA Tests sind die Antwort der Menschen auf die Frage nach ihrer Herkunft oder ihren Genen. Sie bieten uns die Möglichkeit mehr über uns selbst oder unsere Familie oder auch unsere Tiere herauszufinden. Es sind verschiedene DNA Tests vorhanden, die gezielt, je nach Bedürfnis, unterschiedliche Bereiche der DNA untersuchen. Es gibt die unterschiedlichsten Gründe, warum jemand einen DNA Test durchführen lassen möchte. Meistens ist der Grund eine unerwartete oder neue Begebenheit, in der man seine Neugier stillen möchte. Einen dieser Fälle kann eine werdende Mutter darstellen.
  • Wieso ich hier über DNA Tests schreibe

    Star
    27 Jul 2015 | 6:50 am
    Es liegt in der Natur des Menschen, neugierig zu sein. Diese Neugier zeichnet uns aus und treibt uns voran. Auch ich habe von den DNA Tests gehört und nachgeforscht und die Informationen, die man dazu bekommt sind unglaublich. Den eigenen Wissensdurst stillen Wieso sollte man die Möglichkeit, etwas über sich selbst oder sein Haustier zu erfahren, denn nicht nutzen? Genau diese Frage steht im Raum und eröffnet einen bisher unbekannten Blickwinkel. Würde ein Mensch sein Leben anders Leben und es ganz neu strukturieren, wenn er wüsste, dass er sehr bald schwer erkranken wird? Mit…
 
  • add this feed to my.Alltop

    SecurityWeek RSS Feed

  • Iran-Linked Espionage Group Continues Attacks on Middle East

    Eduard Kovacs
    2 Sep 2015 | 9:31 am
    Despite the fact that its activities have been exposed by security researchers, the Iran-linked threat group dubbed “Rocket Kitten” continues to target individuals and organizations, particularly in the Middle East. read more
  • Siemens Patches Vulnerability in RUGGEDCOM Switches

    Eduard Kovacs
    2 Sep 2015 | 7:05 am
    Siemens has released a firmware update to address a vulnerability affecting RUGGEDCOM switches, devices designed to operate in harsh environments. read more
  • The "Executive" IT Security Problem - Lessons Learned from Hillary Clinton

    Travis Greene
    2 Sep 2015 | 6:35 am
    read more
  • The Real Inhibitors of Risk Management

    Torsten George
    2 Sep 2015 | 5:36 am
    Over the past two years, risk management has gained a lot of attention in the media and among practitioners. Even though it has been proven to optimize business performance and lead to better investment decisions, many organizations have still not adopted a pro-active approach to addressing risks. What are the inhibitors to risk management and how can companies overcome them? read more
  • Mobile Gambling Apps Expose Enterprise Data: Report

    SecurityWeek News
    2 Sep 2015 | 5:09 am
    The number of gambling applications installed on mobile devices used in corporate environments is on the rise, which creates an increasingly favorable environment for data theft and other types of cyberattacks, a recent report from enterprise security company Veracode shows. read more
  • add this feed to my.Alltop

    Free IT - Security Magazines and Downloads from alltop.tradepub.com

  • Web Commerce Security: Design and Development (A $39.99 Value) Free For A Limited Time

    1 Sep 2015 | 12:20 am
    Whether it's online banking or ordering merchandise using your cell phone, the world of online commerce requires a high degree of security to protect you during transactions. This book not only explores all critical security issues associated with both e-commerce and mobile commerce (m-commerce), it is also a technical manual for how to create a secure system. Covering all the technical bases, this book provides the detail that developers, system architects, and system integrators need to design and implement secure, user-friendly, online commerce systems.Co-authored by Hadi Nahari, one of…
  • 2015 IT Security Kit (a $50.00 value) FREE for a limited time!

    31 Aug 2015 | 11:20 am
    You'll get down- to-earth information about how to defend the seven most popular database servers, recognize vulnerabilities peculiar to each database, and find out what attackers already know.Download this exclusive kit to discover how buffer overflow exploitation, privilege escalation through SQL, stored procedure or trigger abuse, and SQL injection enable hacker access. Use this knowledge to protect yourself and your business, today!The following kit contents will help you continue your research on IT Security:The Database Hacker's Handbook: Defending Database ServersEndpoint Security for…
  • The Essentials of Information Security Kit: Includes a Free PC Security Handbook - 2nd Edition eBook

    31 Aug 2015 | 6:20 am
    The Essentials of Information Security brings together the latest in information, coverage of important developments, and expert commentary to help with your Information Security related decisions.The following kit contents will help you get the most out of your Information Security research:PC Security Handbook - 2nd EditionStep Out of the Bull's-Eye: Protect Your Organization Against Advanced Threats and Targeted CyberattacksImplement A Proactive Strategy For Data Security: Data Security And Privacy Are Critical Business Imperatives In The Data EconomyRequest Free!
  • Detecting DDoS: Attacks with Infrastructure Monitoring

    31 Aug 2015 | 12:00 am
    In recent years, hacking has evolved from single-source Denial of Service (DoS) attacks to Distributed Denial of Services (DDoS) attacks, which strike from thousands of unique IPs. These disturbances can be created cheaply and easily and can take a service offline or shut a business down completely. According to an industry report conducted by Compare the Cloud:36% of all IT professionals are not confident in their current DDoS protectionA DDoS attack could cost your business $40,000 per hour43% of IT professionals cite loss of consumer trust as an outcome of DDoS attacksDon't just be another…
  • Online Penetration Testing and Ethical Hacking - FREE Video Training Course

    28 Aug 2015 | 12:00 am
    No longer will money have dominion over our ability to learn. Anyone who wants to become a penetration tester, now has the opportunity to learn to do so with this free course.The need for capable ethical hackers is a global need. Ethical hackers are “white-hat” hackers (aka the good guys) that penetrate secured systems to highlight flaws and weaknesses in a system. They help government agencies, private businesses and public organizations identify what is secure and what needs to be fixed. If the idea of hacking as a career excites you, you'll benefit greatly from completing Penetration…
  • add this feed to my.Alltop

    IT-Security

  • August 2015 Roundup

    Branden Williams
    1 Sep 2015 | 6:04 am
    Stay Classy, San Diego! Phew, summer is almost over. The kids are all going back to school and we’re getting back into our normal traffic patterns around our homes, schools, and favorite coffee shops. I got to do something extremely cool last month. I went to Space Camp—yes, the very same in Huntsville that every single kid who grew up in the 80s and was fascinated with rockets begged their parents to go to. It was amazing. If you get the opportunity to go as an adult for the weekend or as a family, take it! Even though the Shuttle is no longer in operation, it was so cool to sit…
  • Pleeeeze Stop Exposing Weaknesses in my Code!

    Branden Williams
    11 Aug 2015 | 8:08 am
    In the latest round of “I just don’t get it” moments from Mary Ann Davidson of Oracle, a blog post escaped the PR department that just explains how ridiculous her views on information security are. Thankfully, the Internet never forgets. Before going any further, go read that post. Fight Club, by Polina Sergeeva Then when you are done, enjoy this previous gem where she insults anyone who has ever performed an audit function. And here are my comments from 2011. Davidson really wants to be considered a security person. She reminds me of Jerry Jones wanting to be…
  • June-July 2015 Roundup

    Branden Williams
    4 Aug 2015 | 7:18 am
    Stay Classy, San Diego! It finally happened last month. In May, North Texas set a record for being the wettest may on record. For those of you who have been watching from afar, check out this great infographic that shows how much 35 trillion gallons of water will cover. In other news, we had a major breach that is having bigger impacts than many realize, we are seeing the first reports and fall-out from PCI DSS 3.1, and key provisions of the Patriot Act expired. Here’s what you folks liked the most last month: The Only Customer Service Script You Will Ever Need. Maybe the economy is…
  • The 50-Minute MBA for Sec Pros, Part Deux

    Branden Williams
    28 Jul 2015 | 7:21 am
    Encrypted stories, by FeatheredTar James Adamson & I recently followed up our 50-Minute MBA for Information Security Professionals RSA session with a webcast to describe how to apply the concepts. The entire session was recorded and is available on-demand. We’re currently exploring more ways we can take this message to information security professionals. Would you all be interested in “office hours” every other week to call in and ask questions? How about smaller group sessions with lots of 1:1 interaction? Let us know in the comments below! Possibly Related Posts: May…
  • Is the Council Trying to Kill the QSA Program?

    Branden Williams
    23 Jun 2015 | 7:22 am
    If you can believe, it has been nearly seven years since the last update to the Qualification Requirements for Qualified Security Assessors (QSAs). This document is the guide that assessors use in their business dealings with the Council. It explains how a firm can become a QSA Company, who is qualified to be a QSA employee, and how the ecosystem works around that whole group. Christina Aguilera on the PCI Ecosystem The changes are quite substantial, as evidenced by the change log. The last entry, for 1.2, simply stated alignment issues with PCI DSS v1.2. This version has nineteen entries,…
 
  • add this feed to my.Alltop

    best sump pumps

  • Sump Pump Problems - Preventing the Occurrence

    Rafik
    1 Sep 2015 | 4:03 am
    The importance of having a sump pump in the basement cannot be underestimated as it is responsible for keeping the home flood free. However, there are many sump pump problems that can occur, leaving the system vulnerable and opened to the possibility of not operating correctly. Some Common Sump Pump Problems One of the most common sump pump problems has to do with the float
  • Sump Pump Pit - Importance Of Having A Good Drainage System

    Rafik
    1 Sep 2015 | 3:53 am
    Due to the fact that flooding occurs occasionally due to bad weather and natural disasters, having a good sump pump drainage system in the basement has now become a necessity. With a reliable drainage system in place, you can avoid the occurrence of flooding which usually cause unnecessary financial expenses and mental anguish to everyone in the family. A sump pump pit is part of the
  • Wayne Sump Pumps - A Wide Range of Advantages

    Rafik
    25 Aug 2015 | 4:52 am
    Wayne sump pumps have been serving customers in the drainage system industry over the past 70 odd years. These sump pumps are durable and they protect many homes from the damage caused by flooding. There is a long line in the variety of Wayne sump pumps; from thermoplastic and cast iron to pedestal, backup and primary pump sumps to a combination of both. A Wide Range of
  • Sump Pump Drainage - For More than Just Flooding

    Rafik
    25 Aug 2015 | 4:39 am
    If you have spoken to homeowners who have had trouble with flooding and dampness in their basement, or mildew and rot in their home, they would tell you that so many costly messes could have been avoided by having a sump pump installed in the basement. The cost of sump pump drainage system is definitely cheaper than cleaning up after water and moisture has done its damage to your home
  • Zoeller Sump Pumps - A Quality Brand That Many Rely On

    Rafik
    18 Aug 2015 | 4:25 am
    Zoeller sump pumps is a well known brand of pumps designed to keep your property dry and protect it from water damage. When the rain pours heavily, are you one of those people who rush to the basement, worried that you would find it flooded? This is a common problem among many homeowners especially those living in flat terrains where water has nowhere else to go to. Do not despair
  • add this feed to my.Alltop

    Pcthreat.com

  • FutureGames

    1 Sep 2015 | 8:29 pm
    Although FutureGames should provide you with access to online games, it does that using advertising, which is why you should not consider this program to be beneficial or reliable. Our researchers have found...
  • PC Optimizer Pro

    1 Sep 2015 | 8:29 pm
    Despite the best efforts of the online security industry to secure the exact opposite, many of its consumers continue to fall into the trap set by malicious rogue security tools like PC Optimizer Pro. This...
  • Qone8.com

    1 Sep 2015 | 8:29 pm
    Qone8.com is a search engine which returns search results from Google Search. The search engine is owned by Taiwan Shui Mu Chih Ching Technology Limited, and it very similar to such browser hijackers as...
  • Oh My Coupons

    1 Sep 2015 | 8:29 pm
    You cannot browse the Internet in peace because you are constantly assaulted by annoying pop-ups? Perhaps you have recently installed Oh My Coupons on your computer, and so this adware program generates...
  • V9 Redirect Virus

    1 Sep 2015 | 8:29 pm
    V9 Redirect Virus is a malicious browser hijacker which infects the system while you are browsing insecure websites or when you download spam email attachments. Once the infection gets in the system, the...
 
  • add this feed to my.Alltop

    Pivot Point Security

  • Should Penetration Testing Be Part of Your SOC1 (or SOC2 or PCI) Scope?

    John
    2 Sep 2015 | 4:00 am
    Recently I’ve noticed that a longstanding trend in security attestation is taking on a new twist. For some time, CPA firms, qualified security assessors (QSAs) and similar entities that focus on security attestation have been including penetration testing as part of their attestation work. I believe that you can make a strong argument for this as a means of substantiating the net effectiveness of the security controls. (A more cynical person might also add that penetration testing in this context is also a means for the attestation firm to increase its revenue.) The new trend we’re…
  • Yes, Even Application that Operate Over SSL Should Set the “Secure” Flag on Cookies

    Bob
    25 Aug 2015 | 4:00 am
    Securing cookies is one of many application security topics that doesn’t get the attention it deserves. If a hacker can hijack a user’s authentication cookie, he or she can potentially impersonate that user. Web application developers need to do everything they can to protect users’ cookies. That’s why even applications that operate over SSL connections should have the “secure” flag set on cookies—especially cookies that contain session data. Here’s why: Let’s say I’m an attacker and I’m trying to steal your session ID by intercepting your session traffic. (If I’m able…
  • Clickjacking—The Most Widely Overlooked Web App Vulnerability?

    Bhaumik Shah
    20 Aug 2015 | 4:00 am
    Clickjacking, also sometimes called a UI redress attack, deceives website visitors and directs their clicks to the attacker’s choice of elements on another website. I find this longstanding vulnerability in almost every web application I test. (I even found it recently on Amazon.com.) Yet few developers I talk to seem to be aware of how prevalent these vulnerabilities are—or how easy they are to mitigate. Clickjacking is frequently used to hijack accounts for spamming purposes or propagate links to malicious websites on Facebook. But it can also be used to trick website visitors into…
  • New Android Vulnerabilities Highlight the Need for a Robust Mobile Device Management Policy

    Andrew Shumate
    18 Aug 2015 | 4:00 am
    With the recent discovery of the huge Android vulnerability dubbed Stagefright, now is a good time to consider the security ramifications of your company’s mobile device management policy. Stagefright allows attackers to take over nearly any Android phone with just a text message. Google was quick to issue patches for this vulnerability, but that doesn’t necessarily mean your users’ phones are patched. The convoluted nature of the Android ecosystem makes patching a potentially slow and hit-or-miss process. Once Google issues a patch or update, it has to trickle down to the device…
  • Information Security Begins at Home

    Ed Kaminski
    11 Aug 2015 | 4:00 am
    Information Security begins at home.  Yes, I mean that literally. It’s been my user training mantra for years and I can assure you it’s highly effective. Developing good InfoSec awareness should be like learning manners: start at home and practice until it becomes second nature. If businesses give employees worthwhile cybersecurity tips that they can use at home, they will gradually include them in their daily digital lives. The benefit transfers directly back to the workplace. When I started my first IT leadership role with the Federal Bureau of Prisons, we had multiple intrusion and…
  • add this feed to my.Alltop

    HOTforSecurity

  • Multiple Vulnerabilities in Belkin Router Could Allow DNS Spoofing and Credentials Theft

    Liviu Arsene
    2 Sep 2015 | 2:05 am
    Five zero-day vulnerabilities in Belkin N600 DB Wireless Dual Band N+ routers could have allowed attackers to grab credentials in clear text and spoof DNS requests, according to security researcher Joel Land. The affected mode is F9K1102 v2 with firmware version 2.10.17, possibly earlier versions and models susceptible to the five found vulnerabilities as well. By successfully exploiting the firmware vulnerabilities in the SOHO router, Joel believes attackers could have either pointed home users to crafted websites that might have delivered malware or towards phishing websites designed to…
  • U.K. National Crime Agency under DDOS Attack as Protest from Lizard Squad

    Liviu Arsene
    1 Sep 2015 | 6:52 am
    A massive Distributed Denial of Service attack by hacker group Lizard Squad has affected daily operations of the U.K.’s National Crime Agency website. The hackers posted on Twitter the message “Stressed out” and a URL to the agency’s website. The attack was likely triggered by the arrest of six teenagers, days earlier, on accusations of using denial of service tools to perform similar attacks on various websites. In an operation codenamed Vivarium, the teenagers were charged with using Lizard Stresser – a tool developed by Lizard team – to bombard websites with bogus traffic.
  • US Parents Concerned About Student Data Security

    Razvan Muresan
    1 Sep 2015 | 6:40 am
    Some 87% of US parents are concerned about student data privacy and security in America’s K-12 schools, according to a survey by The Future of Privacy Forum. Source: Wikimedia American parents worry that their child’s electronic education records could be hacked or stolen, the study shows. Consequently, 85% of parents said that their willingness to support the use of student data and technology in education must be coupled with efforts to ensure security. When asked if they are “comfortable with a properly protected electronic education record being created for my child,” 71% replied…
  • Ashley Madison Scams: Extremely Convincing and Dangerous

    Alexandra Gheorghe
    28 Aug 2015 | 6:22 am
    37 million people were registered to online dating site Ashley Madison before it got hacked. Intimate details about millions of users were exposed to the world. Embarrassment, million-dollar lawsuits, bounties on hacker heads and alleged suicides soon followed.   The media took full advantage of the juicy story, of course. But journalists aren’t the only ones. Scammers also paid attention, targeting those impacted by the breach with alarming and impressively coherent scam messages, Bitdefender antispam researchers found. Beware of extortion attempts, don’t exchange your security and…
  • Team Poison hacker believed killed by US drone strike

    Graham Cluley
    28 Aug 2015 | 4:45 am
    It is reported that a notorious British-born hacker has been killed by a US drone strike near the city of Raqqa in Syria. 21-year-old Junaid Hussain was a prominent member of the Islamic State group, and believed to be the leader of the CyberCaliphate hacking group, known for its antics defacing websites and hijacking social media accounts to spread propaganda. Source: Twitter Hussain, who referred to himself as Abu Hussain Al Britani, was a key target for the US military fighting the Islamic State group, reportedly being listed as the third most important target in the Pentagon’s…
 
  • add this feed to my.Alltop

    Video Surveillance Blog

  • The Ultimate IT Guide to Video Surveillance is here

    26 Aug 2015 | 11:57 am
    In a first-of-its kind whitepaper, VideoSurveillance has authored an 18 page guide to video surveillance systems for Information Technology professionals. Whether your department has been asked to design a system from scratch, to improve a current system, or take over data management, this guide has the information you need. We cover a wide range of topics, including: Where to start if you've inherited a system Design tips & common mistakes to avoid How to avoid overwhelming your network's bandwidth Keeping your network secure with an IP system Steps for ongoing system maintenance…
  • VideoSurveillance.com Scholarship Winner Announced!

    24 Aug 2015 | 12:08 pm
    Congratulations to all the students who entered this year's VideoSurveillance.com college scholarship - we had some amazing essays, and great ideas! However, only one student could win the $1,000 scholarship and this year's winner is Melissa from Pennsylvania State University. Melissa's essay, "Video Surveillance: Revolutionizing the Future of College Campus Security" touched on her work as a graduate student strong Homeland Security, focusing on the challenges of 24/7 security. This was the third year for the VideoSurveillance.com scholarship, which awards $1,000 for college tuition to an…
  • A Quick Primer on Tamper Detection

    14 Aug 2015 | 10:08 am
    What exactly is tamper detection? Read below to have a better understanding of this built-in feature: The tamper detection feature is designed to alert you when the camera's recording function has been affected. For example, if an intruder attempts to spray paint the camera lens or deliberately moves it, the camera will send you a notification, alerting you to the fact that your camera has been tampered with. The automatic tamper alerts let you stay connected to your system even when you're not on-site. The camera is moved or pushed around (keep in mind, that it might be moved by a falling…
  • How to Choose a Surveillance Camera Lens

    11 Aug 2015 | 12:24 pm
    When researching video surveillance cameras, you will quickly realize that the lens a camera has is incredibly important for the type of video you want. When it comes to choosing the type of camera lens you want, do you know the most important factors to look at? There are generally three types of lenses - normal, wide angle, and telephoto. A normal lens (one that isn't wide angle or telephoto) captures video that looks similar to what you would see looking at the scene. A wide angle lens can capture a larger view of the same scene, a great option for when you want your surveillance camera to…
  • Video Surveillance for Job Site Security

    6 Aug 2015 | 12:21 pm
    Security on a construction job site can be a difficult task - vandalism is common, theft of materials is a growing concern, and the outdoor nature makes it hard to restrict access. Utilizing an outdoor video surveillance system can make it easier for you to manage your site's security while reducing workplace accidents and theft. Your construction site will require specialized equipment, but working with an experienced surveillance partner can help you build the best system for your needs. Outdoor cameras can weather extreme temperatures, rain, and the dust from construction. If you're…
  • add this feed to my.Alltop

    Seculert Blog on Breach Detection

  • DGA.Changer Playing The Imitation Game With Sandboxes

    Aviv Raff
    6 Aug 2015 | 8:50 am
    Seculert researchers closely follow the evolution of major malware families while examining the behavioral malware profiles that are a core part of our breach analytics platform. Back in 2013 I wrote about the enhancements to the DGA.Changer malware that allowed it to change its seed which in turn allowed  it to connect to a different […] The post DGA.Changer Playing The Imitation Game With Sandboxes appeared first on Seculert Blog on Breach Detection. [[Read more...]]
  • Network Breached? Ask Yourself these 3 Questions within the First 48 Hours

    Liora R. Herman
    23 Jun 2015 | 5:36 am
    In an article for Bankingtech.com, Peter Cheney, the director of cybersecurity at independent global risk and strategic consulting firm Control Risks, has identified three essential questions that he believes enterprises must ask within the first 48 hours after a network breach: 1. What is the specific nature of the breach? Enterprises must quickly and accurately […] The post Network Breached? Ask Yourself these 3 Questions within the First 48 Hours appeared first on Seculert Blog on Breach Detection. [[Read more...]]
  • Cybersecurity’s Weakest Link? Employees

    Liora R. Herman
    18 Jun 2015 | 4:50 am
    About 15 years ago, a game show took public humiliation to new heights (or depths, depending on one’s perspective) by branding unsuccessful contestants as the weakest link in the group. They were then ushered offstage to the tune of the most soul-crushing “goodbye” in television history by the host. Well, that game show is now […] The post Cybersecurity’s Weakest Link? Employees appeared first on Seculert Blog on Breach Detection. [[Read more...]]
  • Cyber Attacks Beating 54% of Organizations Says Survey

    Liora R. Herman
    16 Jun 2015 | 1:37 am
    A survey of 500 IT decision-makers in UK enterprises (250+ employees) has revealed that 54% lack the knowledge and capacity required to thwart sophisticated cyber attacks. The survey, which was conducted by Symantec and Deloitte, also found that: 66% of respondents don’t think it’s necessary to regularly train employees on cyber security policies and practices […] The post Cyber Attacks Beating 54% of Organizations Says Survey appeared first on Seculert Blog on Breach Detection. [[Read more...]]
  • Malware Slips by Prevention-Based Security Software

    Liora R. Herman
    10 Jun 2015 | 4:31 am
    An automated and independent malware testing service has taken a quick break from analyzing malware such as worms, information stealers, and rootkits so that it can crunch some numbers — and the news isn’t good for enterprises that rely exclusively on prevention-based security software packages. As reported by David Braue of CSO Online, the aggregated […] The post Malware Slips by Prevention-Based Security Software appeared first on Seculert Blog on Breach Detection. [[Read more...]]
  • add this feed to my.Alltop

    Managed File Transfer and Network Solutions

  • Forwarding Files From FTP To SFTP

    John Carl Villanueva
    1 Sep 2015 | 1:01 am
    Overview In this tutorial, we'll show you how to automatically forward FTP uploads to an SFTP server.   
  • How To Send Big Files For eDiscovery

    John Carl Villanueva
    28 Aug 2015 | 7:57 pm
    Overview Ever since amendments were made to the Federal Rules of Civil Procedure to introduce eDiscovery, litigants and litigators have been struggling to find better ways of handling the large volumes of electronically stored information (ESI) now frequently involved in lawsuits. For instance, many of our clients in the legal profession want to know how to reduce risk exposure when sending big files of ESI.  
  • What Is A Key Exchange?

    John Carl Villanueva
    27 Aug 2015 | 1:28 pm
    Overview Before any files can be sent securely over protocols like FTPS, HTTPS, and SFTP, the two communicating parties must first engage in a key exchange. What's that?  
  • Understanding The Limitation of IRS' "Get Transcript" Multi-Step Authentication

    John Carl Villanueva
    21 Aug 2015 | 10:33 pm
    Overview The multi-step authentication system used to secure the IRS "Get Transcript" application required several pieces of data that only the taxpayers could have known. But even that wasn't strong enough to prevent the recent data breach. That's because the system had one serious limitation. 
  • A Key Takeaway From The IRS Data Breach

    John Carl Villanueva
    20 Aug 2015 | 8:31 pm
        Recently, we learned that the total number of accounts that may have been compromised in the IRS data breach might have exceeded 330,000. That alone's already more than twice the original estimates when the breach was first disclosed in May. But aside from the growing numbers, there are a couple more details that really stand out.
 
  • add this feed to my.Alltop

    Radware Blog

  • The Internet has Upgraded to HTTP/2, but One Key Feature will Slow You Down

    Frank Yue
    26 Aug 2015 | 9:37 am
    Imagine a world where smartphones were only upgraded every 15 years.  It is hard to imagine waiting that long for new hardware and new functionality to meet consumer expectations and demands.  It is even harder to imagine how the update will integrate all the changes in the way people utilize their smartphones.  Until recently, the primary protocol for Internet traffic, HTTP, was last updated in 1999.  In May of this year, 2015, RFC7540 was published updating the HTTP standard to HTTP/2.  HTTP/2 incorporates a lot of features to improve performance and delivery of content based on how…
  • The 10 Immutable Laws of Personal Security on the Internet

    Carl Herberger
    13 Aug 2015 | 8:08 am
    There have been a number of unbelievable data breaches lately and I have been fielding a ton of questions from personal friends and colleagues who are genuinely worried about their personal information and they want to do better with securing their digital life. In an attempt to provide some guidance on how to make better security decisions on the Internet, I’ve honed these ten immutable thoughts for consumer-level security: 1. Consider it public. Unencrypted data stored in the cloud should be considered public even if you believe it is not. 2. Encryption of data should be accomplished…
  • Poor Application Attack Visibility is a Major Threat to Carrier Network Security

    Louis Scialabba
    10 Aug 2015 | 4:07 am
    If you own, operate, or even consume a carrier-grade communications network, it’s a safe bet you are under attack right now.  Attack motivations and attack tactics may vary, but one consistency is that high profile, sophisticated attacks on carrier networks are increasing – in both number and severity.  Attackers are getting in and causing slow-downs in network speed and performance, service outages and worse. How Do You Stop What You Can’t See? Security solutions protect the perimeter of the network against volumetric DDOS attacks, but what they are likely not seeing are the…
  • Reverse Engineering a Sophisticated DDoS Attack Bot

    Yotam Ben-Ezra
    5 Aug 2015 | 9:28 am
    Not long ago, the Radware Emergency Response Team (ERT) noticed significant and increased usage of the Tsunami SYN Flood attack against a large customer. This activity strongly indicated the presence of a service related robot and Radware security researchers managed to obtain a sample of the malware binary used to generate these DDoS attacks. The malware was then isolated and used in a controlled environment to study its behavior and its different attack vectors. Analysis revealed that more than 50,000 sources were involved in the attack.  A closer look, however, led to a more interesting…
  • DDoS-For-Hire: A Full Blown Market

    Yotam Ben-Ezra
    23 Jul 2015 | 7:59 am
    DDoS-for-hire has been around for a while.  Until recently, “booters” were known as paid online services used by gamers to initiate DDoS attacks against their opponents to gain a competitive advantage. Now, DDoS attacks can be launched by anybody with a credit card and a motive. No longer exclusive to gamers and hackers, a competitive DDoS-for-hire market has expanded nearly to the point of commoditization. Why? Prices Are Decreasing – In the past, attacks cost hundreds of dollars. They are now offered in several models from weekly subscriptions to others that are only a few…
  • add this feed to my.Alltop

    pfSense Setup HQ

  • pfSense Multi-WAN Configuration: Part Two

    maximumdx
    2 Sep 2015 | 8:00 am
    Configuring the DNS forwarder in pfSense 2.2.4. In the first article, we covered some basic considerations with a multi-WAN setup. in this article, we will cover multi-WAN configuration. First, the WAN interfaces need to be configured. You should set up the primary WAN the same way you would in a single WAN setup. Then for the OPT WAN interfaces, select either DHCP or static, depending on your Internet connection type. For static iP conncections, you will need to fill in the IP address and gateway. Next, you need to configure pfSense with DNS servers from each WAN connection to ensure it is…
  • pfSense Multi-WAN Configuration: Part One

    maximumdx
    25 Aug 2015 | 2:00 pm
    pfSense incorporates the ability to set up multiple WAN interfaces (multi-WAN), which allows you to utilize multiple WAN connections. This in turn enables you to achieve higher uptime and greater throughput capacity (for example, if the user has one 1.5 Mbps connection and a second 2.5 Mbps connection, their total bandwidth using a multi-WAN setup would be 4 Mbps). It has been reported that some pfSense deployments have used as many as 12 WAN connections, and pfSense may scale even higher than that with the right hardware. Any additional WAN interfaces are referred to as OPT WAN interfaces.
  • Configuring Dynamic DNS in pfSense

    maximumdx
    21 Aug 2015 | 2:00 pm
    Adding a domain name at the Duck DNS website. Dynamic DNS (DDNS) is a method of automatically updating a name server in the Domain Name System (DNS), often in real time, with the active DNS configuration of its configured hostnames and/or addresses. The term is used to describe two separate concepts. The first is dynamic DNS updating, which refers to systems that are used to update traditional DNS records without manual editing; this mechanism is described in RFC 2136. The second permits lightweight and immediate updates, often using an update client. These clients provide a persistent…
  • Video: Configuring Dynamic DNS with pfSense

    admin
    17 Aug 2015 | 12:00 pm
    You may want to set up a domain name for your home or SOHO WAN IP. This video demonstrates how to do this. In this video I cover: What DDNS is, why you might want to use it, and different methods of implementing DDNS Configuring Duck DNS on the Duck DNS web site; downloading and installing the Duck DNS client Configuring DDNS in pfSense and setting up NAT so we can access an Apache web server behind the firewall Accessing a web site using the domain name I set up in the previous steps The post Video: Configuring Dynamic DNS with pfSense appeared first on pfSense Setup HQ.
  • IPsec VPN Configuration in pfSense: Part One

    maximumdx
    14 Aug 2015 | 2:00 pm
    Phase 1 IPsec configuration in pfSense 2.2.4. In the previous article, we covered how to set up a PPTP VPN connection in pfSense, and how to connect to it in Mint Linux. Since PPTP relies on MS-CHAPv2, which has been compromised, we probably want to use another method if security is paramount. In this article, we will cover setting up an IPsec tunnel with pfSense and connecting to it with Mint Linux. IPsec VPN Configuration: Phase 1 First we need to set up the IPsec tunnel in pfSense. Navigate to VPN -> IPsec and click on the plus button on on the lower right to add a new tunnel. Under…
  • add this feed to my.Alltop

    Tips4Tech Blog

  • Does Your Business Have a Cloud Computing Usage Policy?

    Allan Pratt
    1 Sep 2015 | 8:09 pm
    Many businesses have a Bring Your Own Device (BYOD) to Work policy, a risk management policy, and some businesses are even tech-savvy enough to have a social media policy. Some businesses go one step further and introduce and review all these policies during the onboarding process for new employees. But while many businesses expect employees to collaborate on work either while in the same office or remotely, they are placing their data at risk if they don’t have a cloud computing usage policy. In simple terms, cloud computing is the process of using a network of remote servers hosted on the…
  • Don’t Forget Security When Developing Corporate Mobile Apps – Time for Another Look

    Allan Pratt
    18 Aug 2015 | 8:42 pm
    About a year ago, I wrote a post about the importance of security when developing mobile device apps. As part of the post, I also discussed the importance of security when evaluating the “bring your own device” to work (BYOD) phenomenon and the growth of the Internet of Things (IoT). Today, a year later, it’s time for another look. If you’re creating an app, are you using tools provided by a managed service provider (MSP) allowing multiple people in multiple places to work on it? Does the MSP charge by the seat for the tools to be used, or is it a group license? Today, businesses try…
  • The Managed Service Provider (MSP) Quandary: They’re Only as Good as You Allow Them to Be

    Allan Pratt
    7 Aug 2015 | 7:50 pm
    When I hear of managed service providers (MSPs), I think of services in a compartmentalized box or a box of Legos. While that may be a simplistic view of what a MSP is, it actually fits because that’s how companies tend to use them. They take parts that they want from a box and leave others that they don’t want. And as an end-user chooses a product or service from the box, the pieces are attached together to form an organization’s total service solution. This process is used whether it is a small company or a Fortune 500 company. After an organization’s needs have been met, and after…
  • 5 Must-Ask Questions Before Adding the Cloud to Your Infrastructure

    Allan Pratt
    21 Jul 2015 | 8:09 pm
    In a previous post, I asked, “Is Your Business Ready for the Cloud?” Five key issues were detailed to assist midsize businesses before making the decision to move to the cloud. But once your leadership and IT teams make the decision to move data to the cloud, your next step should be to sign a vendor agreement with your cloud provider. Don’t move forward without having your leadership and IT teams review the agreement in its entirety, and even better, include your legal team in the review process. According to the IBM Center for Applied Insights: “By 2016, cloud…
  • 12 Timeless Password Tips for Improved Security

    Allan Pratt
    8 Jul 2015 | 8:45 pm
    According to Splashdata, the #1 and #2 most commonly used passwords are “123456” and “password,” so the creation of strong passwords is one way that users can be proactive in fighting security breaches. Since passwords are the core of an overall security plan, here are my favorite password-related tips. When using a managed service provider, it’s just as critical to follow these guidelines because any time data travels to a third party, it can become more vulnerable. PASSWORD TIP 1 Make sure your passwords are complex. Use lower case and upper case letters, numbers, spaces, and…
 
  • add this feed to my.Alltop

    Milton Security

  • Google, Microsoft, and Mozilla Jump Ship on the RC4 Cypher

    Milton Security Group
    2 Sep 2015 | 9:43 am
    Google, Microsoft and Mozilla appear to have gotten together and announced yesterday that they’ve all determined when they will severing support for the RC4 encryption algorithm in each of their browsers. RC4, a stream cypher, was leaked into the public domain in 1994.  It was used heavily for quite awhile, but over the last decade it has become increasingly obvious that the cypher is extremely vulnerable.  it was banned from TLS earlier this year and it will be turned off by default in the major browsers by February 2016. Mozilla has plans for the end of RC4 support to coincide with the…
  • U.S. Reportedly Preparing Sanctions Against China

    Milton Security Group
    1 Sep 2015 | 9:04 am
    According to reports, the U.S. government is preparing a lengthy list of sanctions that they are considering dropping on Chinese companies and citizens who have benefited from the Chinese government stealing U.S. trade secrets via cybercrime. According to the Washington Post, the government has not decided whether or not they will be issuing the sanctions, but if they do it is likely to be coming very soon.  If the sanctions were to come in the next month, it could prove to be very awkward.  President Xi Jinping of China is coming in to Washington DC for his first state visit. If the…
  • Minnesota Drivers’ Info Compromised by Server Update

    Milton Security Group
    31 Aug 2015 | 1:47 pm
    Drivers in Minnesota are on alert!  Officials that driver’s license information was compromised after a protected portal was accidentally opened. According to the the Department of Public Safety(DPS), an update sent out to a server on July 25th inadvertently removed the password protection on the state’s driver’s license database.  Between August 2nd and August 24th of this year, there were two individuals who used the web portal to access the information 55 times. 18 residents had their information, including pictures, pictures, names, addresses and dates of birth, compromised…
  • New Phishing Campaign Spoofs EFF

    Milton Security Group
    31 Aug 2015 | 8:47 am
    If you had to pick one absolute ‘good’ team when it comes to the internet and the like, it would probably be the Electronic Frontier Foundation, better known as the EFF.  Unfortunately, someone is taking advantage of that very fact. A spearphishing campaign that is going around right now, is using a fake EFF page to try to steal credentials and other sensitive data, and drop malware on unsuspecting users. The campaign comes in the form an email with a link to electronicfrontierfoundation.org (the actual EFF site is www.eff.org), and may be part of an even larger campaign referred to as…
  • Avid Life Media Chief Executive Resigns Over Ashley Madison Hack

    Milton Security Group
    28 Aug 2015 | 10:34 am
    Noel Biderman, Chief Executive of Avid Life Media, which is currently best known as the parent company of Ashley Madison, has announced that he will be stepping down. This is not a surprising move considering the scandal they have found themselves in following the massive Ashley Madison hack. Leaked emails and data suggest that the company has engaged in some seriously shady business practices, such as hacking other dating sites and lying about their female population. The breach of Ashley Madison has rocked the online dating scene, and has resulted in the leak of personal information of over…
  • add this feed to my.Alltop

    Cognoscape, LLC

  • Facts About Cyber Security

    Cognoscape
    27 Aug 2015 | 1:00 am
    Cybercrime is big business. Cybercrime costs the global economy an estimated $575 billion; $100 billion of which comes from the US. The Unites States is the #1 country for cybercrime, and every person and business is a target. We are exploring the world of cybercrime and providing you with resources to protect your business.   They aren’t computer nerds; they are the country’s most wanted criminals If you think hackers are computer nerds in their mothers’ basements, this illusion puts you at risk. Just like any other crime, there are smalltime offenders and largescale operations.
  • Using an IT Managed Services Provider to Assist Your IT Department

    Cognoscape
    13 Aug 2015 | 1:00 am
    In this digital era, it is critical that a business of any size hire IT experts to take care of all their technology needs. When it’s late at night and you’re suddenly dealing with files that won’t open, or there are errors showing up on a black screen, a company needs that IT support in place to keep running efficiently. Otherwise, it is wasted time and money trying to find someone at the last minute to fix the critical problems. It is always helpful to have an in-house IT team in place, but that situation can be improved upon. Many companies are now supplementing their…
  • The Revolutionary New Piece of Gun Technology

    Cognoscape
    30 Jul 2015 | 11:33 am
    Technology has changed the way people do everything, from communicating with others to purchasing products – and now to how guns are used. Google has announced that they are in the testing phase of a cutting-edge new gun technology that supporters believe is the coolest thing to happen to guns since Smith and Wesson came out with the J-Frame. The app, which has been aptly dubbed ShotView, will allow those who use it to shoot with precision around corners and from unsupported positions and behind barricades, as long as they are using the proper firearm. There’s no denying the benefits that…
  • The Business Benefits of One-On-One IT Consulting

    Cognoscape
    16 Jul 2015 | 2:00 am
    In the world of business, if you want to stand out against the competition an information technology (IT) system that supports your goals is vital to your success. However, while this component of your business is crucial, it can be difficult to maintain on your own. Between developing your products and services, attending to the needs of your customers and handling all of the other aspects of your business, finding the time that is needed to invest in your IT system may be virtually impossible. Additionally, you may not have the in-depth knowledge that is required for managing your system.
  • The Latest in Military Technology

    Cognoscape
    25 Jun 2015 | 1:30 am
    The military has the best toys – things we could only imagine in our wildest dreams. The military creates, tests and deploys technology toys, from lucrative spy planes to robotic companions, the military is making astonishing advancements. Check out the latest in military technology we know about so far, and remember, these are only what they allow us to see. Self-Steering Ammunition Remember the days of Looney Tunes when the bullets maneuvered around corners to find their intended targets? Well, the military has employed a similar technology. Military snipers in war zones face…
  • add this feed to my.Alltop

    blog.trendmicro.com

  • Lone Rangers of the Underground

    Rik Ferguson (VP, Security Research)
    2 Sep 2015 | 7:03 am
    When we speak about online crime, we do so often in terms of “organised crime” or of highly-skilled nation-state sponsored activity. So much so in fact that you could be forgiven for thinking that solo online criminals represent the bottom-feeding, “script-kiddie” side of the business. Trend Micro’s second quarter roundup “A Rising Tide: New Hacks Threaten Public Technologies” holds that conclusion up to scrutiny and finds it wanting. The underground market for malware tools, vulnerabilities, exploit kits and every other criminal niche is fully mature. The barriers to entry into…
  • Installing or Upgrading Trend Micro Security on your PC or Mac

    Michael Miley
    2 Sep 2015 | 6:00 am
    If you’re a frequent Internet user (as most folks are in the 21st century), browsing the web or receiving emails without good security software is inviting disaster. Sophisticated malware is rampant on the net, coming in the form of socially-engineered phishing emails that can trick you into visiting bad websites that host malicious files or fake AV apps masquerading as real ones—not to mention ransomware that can encrypt your computer or files and prevent you from accessing them until you pay a ransom. Trend Micro provides some of the best preventative security software available today…
  • A Cyberespionage Campaign against the Middle East

    Jon Clay
    1 Sep 2015 | 6:31 am
    Trend Micro threat research today released a new report that details out the activities of a group of hackers we call Rocket Kitten and who have been active in a cyberespionage campaign for several years now. We released a previous report on this group, but since then some new activities have been uncovered with the help of another research organization, ClearSky, who we collaborated with on the new report. Targeted attacks are fairly standard today with the intent of most being theft of information, which is then used to sell or use in an effort to make money. What makes the Rocket Kitten…
  • Security can make or break your Azure project

    Chris Voice
    1 Sep 2015 | 6:00 am
    All or nothing is a really bad strategy for securing your Microsoft Azure workloads. You need to know exactly what it is that you must secure. But you can’t do it alone. Microsoft provides robust physical security, network infrastructure, and virtualization layer. Ideally, you will match their excellence with equally robust security for your workloads, including operating system, applications, and data.     But there’s a small catch. If you try to use traditional security to protect your applications and data in the cloud, you risk slowing your Azure project with needless…
  • The Decline of Email Spam?

    Jon Clay
    31 Aug 2015 | 7:00 am
    As threat defense experts, Trend Micro has been delivering quarterly security roundup reports for several years now. Each quarter we look back on the previous quarter to highlight the key threats found during that time period. We also review the threat data we collect and analyze from the Trend Micro™ Smart Protection Network™ which gives us insights into the trends occurring within the threat landscape. In our Q2’15 report, A Rising Tide: New Hacks Threaten Public Technologies, one of the trends we’ve been seeing for some time now is a lower amount of spam affecting the world. As you…
 
  • add this feed to my.Alltop

    Effect Hacking

  • How To Monitor Your Computer For Free

    Gokul G
    22 Aug 2015 | 9:34 am
    Is someone else using your computer when you are not around? If yes, this article is for you. Today I'm going to show you how to monitor your computer for free. Before jumping into the how-to guide, take a look at some of the reasons to spy on your own computer: Monitor kids' web activity. Steal Facebook password of your brother/sister. Catch cheating spouse. I think, now you got a reason
  • How To Turn Your Android Smartphone Into a Super Spy

    Gokul G
    11 Aug 2015 | 5:23 am
    James Bond has his own spy gadgets.... Do you have one? If not, don't worry, you can turn your android smartphone into a super spy for completely free! Do you want to know how? Keep reading..... You might also like: aNmap Hacking Tool apk Free Download First, take a look at the things you can do with the tricks mentioned in this article: Monitor a particular place without using expensive
  • 14 Best IP Hide Tools 2015

    Gokul G
    4 Aug 2015 | 11:38 pm
    Do you want to protect your privacy? If the answer is yes, you are at the right place! Today I'm going to show you 14 best IP hide tools that you can use to protect your privacy online. You might also like: How To Monitor a Remote Computer For Free Note: The below list is not in any particular order. Sorry guys, I didn't post anything last week. I was very busy with goverment data
  • aNmap - Android App For Hackers

    Gokul G
    29 Jul 2015 | 4:52 am
    ANmap is an android tool that you can use on a network to determine available hosts, services, operating system versions, types of packet filters/firewalls and other characteristics. It is an incredibly useful tool for hackers (ethical or unethical). Today I'm going to give you a step by step guide on how to use android Nmap to identify open ports and other server or host characteristics.
  • How To Bypass SMS Verification Of Any Website/Service

    Gokul G
    27 Jul 2015 | 4:55 am
    If you don't want to give your phone number to a website while creating an account, DON'T GIVE IT TO THEM, because today I'm going to show you a trick that you can use to bypass SMS verification of any website/service. Are you ready for the hack? If yes,...... Let's do this! Before jumping into the how to guide, take a look at the things you can learn from this article: Free SMS
  • add this feed to my.Alltop

    Bishop Fox » Blog

  • ColdFusion Bomb: A Chain Reaction From XSS to RCE

    Shubham Shah
    27 Aug 2015 | 11:03 am
    During an audit of ColdFusion 10 and 11’s administration panel, I discovered a reflected, DOM-based cross-site scripting flaw, and in this blog post, I will show you how to leverage that vulnerability to gain remote code execution on the ColdFusion application server. After discovering this vulnerability, I participated in the responsible disclosure process with the Adobe Security Team. The CVE assigned to this vulnerability is CVE-2015-0345. To remediate this vulnerability, please patch your ColdFusion installation via the administration panel itself and ensure that the panel is not…
  • An Overview of BGP Hijacking

    Zach Julian
    17 Aug 2015 | 2:51 pm
    Border Gateway Protocol (BGP) is a crucial component of the Internet, responsible for determining routing paths. BGP hijacking — that is, using BGP to manipulate Internet routing paths — has become more frequent in recent years. Cybercriminals and governments alike have taken advantage of this technique for their own ends, such as traffic misdirection and interception. This blog post will provide an overview to BGP and describe how BGP hijacking is performed. Introduction to BGP BGP is a protocol used to exchange routing information between networks on the Internet. It is used to…
  • On the “Brink” of a Robbery

    Dan Petro
    28 Jul 2015 | 9:21 am
    When you think of a safe, you think exactly that: something that is inherently safe (because it protects, you know, money and other valuables). Traditional safes may have hardly been considered “secure,” but their computerized counterparts — so-called smart safes — may be even less secure. The Brink’s CompuSafe Galileo has a design flaw that has left it vulnerable to theft. A simple thumb drive is all that a clever (and tech-savvy) thief needs to break open the safe and take off with the cash inside. It’s in the Design First, some background information on the centuries-old…
  • Bishop Fox is Still a Top Place to Work

    Bishop Fox
    29 Jun 2015 | 10:15 am
    Well, this feels a little like déjà vu, doesn’t it? Last year, we proudly announced that we were named by CareerBuilder as a Top Company to Work For in Arizona. This year, the same is true once again. Time Flies Since we wrote about last year’s accomplishment, there have been some changes here at Bishop Fox – for starters, we’ve moved our Tempe office and hired a few new Foxes. Yet as much as things change, they stay the same – we’re still excited to head into the office around 10 AM, we still (try to) work from home on Fridays, and we still celebrate Taco Tuesday. Celebrating…
  • ISO 27018: The Long-Awaited Cloud Privacy Standard

    Birgit Thorup Mullen
    20 May 2015 | 11:24 am
    ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) released a new privacy standard for public cloud computing environments in August of 2014. This new standard, ISO 27018, joins the family of standards supporting the ISO 27001 standard for establishing and operating an Information Security Management System (ISMS). The standard takes into consideration other compliance requirements for privacy, so it can be used as an agnostic and uniform tool for evaluating privacy controls. What Is It? The main ISO 27018 standard lists the ISO…
  • add this feed to my.Alltop

    Cybernetic Global Intelligence

  • SMEs Make Easy Pickings – Why Hackers Love Small Companies

    Cybernetic Media
    17 Aug 2015 | 4:09 pm
    The news today is littered with various cyber security incidents that are growing in frequency and the resulting damage seems to be escalating as businesses struggle against the onslaughts of cyber attacks. However, the cases in the media represent only a fraction of the true scale of the problem. The fact is that most cases involving cyber attacks or security breaches never get reported. Whether this is because companies prefer to keep from publicising security breaches to avoid reputational damage, regulatory investigations or lawsuits, or because these cases are just not as juicy as those…
  • PRESS RELEASE: Cybernetic Global Intelligence becomes Supplier of Choice for Queensland Government.

    Cybernetic Media
    6 Aug 2015 | 4:00 pm
    Cybernetic Global Intelligence, a Cyber Security solutions provided, were GITC approved earlier this week. This accreditation is the result of a rigorous approval process, where Cybernetic demonstrated the high quality of their IT security services. GITC is Queensland’s leading accreditation for companies who provide services to government departments and agencies. Businesses who do not possess this accreditation are seriously hindered, as government buyers require suppliers to have GITC accreditation, otherwise they fail to abide by the State Purchasing Policy through Information Standard…
  • PRESS RELEASE: Cybernetic Global Intelligence gains QAssure accreditation.

    Cybernetic Media
    4 Aug 2015 | 6:43 pm
    Earlier this week Cybernetic Global Intelligence received its QAssure accreditation, bringing the company one step closer to its GITC approval. QAssure is a ‘pre-qualification’ of organisations to ensure they are capable of providing high-quality services and are acceptable by QLD Government standards as a reputable supplier. The accreditation also provides private clients with the extra assurance that their chosen supplier has been properly vetted by the government for quality and capability assurance.  Cybernetic CEO, Ravin Prasad commented that “This has definitely been a great time…
  • SCADA Security in the 21st Century

    Cybernetic Media
    2 Aug 2015 | 7:17 pm
    Every day Australia’s mining sector is under attack from cyber criminals both foreign and domestic, doing their utmost to gain any information on new contracts, mining operations and site specifics that can be used, or sold to the highest bidder. According to Symantec, more than 43 percent the world’s mining and oil companies were hacked or underwent some sort of cyber-attack in the past year. Furthermore, as attacks increase so does the level of new technology and as more mining companies begin to upgrade their networks and SCADA systems, they unwittingly give rise to new…
  • The Domino Effect – One Hack to Rule Them All

    Cybernetic Media
    26 Jul 2015 | 7:51 pm
    The increasing sophistication of hackers and their repertoire of attacks has made cyber security a must for companies and many have done a good job of beefing up their defense mechanisms in response. However, what many of even the largest and most successful companies often fail to do, with detrimental consequences, is ensure that their subcontractors, partners, supply chain members and others with network or application access maintain the same level of vigilance and defensive frameworks when combating cyber threats. Criminals are finding that third-party partners may provide relatively easy…
 
  • add this feed to my.Alltop

    Infected Packet

  • (Bad) Amazon Phishing Email

    Infected Packet
    21 Aug 2015 | 2:45 pm
    Introduction Fortunately, my wife is a smart cookie and always suspicious of weird looking email. Maybe its due to the fact she lives with a paranoid guy. In any case, she caught this phishing email, which appears to be from Amazon, and leads to a fake login page. Contents The phishing email comes from “amazon@iservice.co.org.il” with the terribly spelled subject “your accounnt information need to be updated” and the content is a screenshot of an authentic Amazon email, thus bypassing filters. However, the attacker succeed in misspelling the only field he had to fill.
  • Repost: Stack-based Buffer Overflow Vulnerabilities in Embedded Systems

    Infected Packet
    17 Aug 2015 | 11:41 am
    I have not written or contributed to the enclosed research paper. I’m simply reposting it here because it’s interesting and for some reason, appears available only via Google cache. So before it disappear from results, I’m reposting it here. This paper discusses a technique to conduct buffer overflows on processors using the Harvard architecture. In this architecture, the stack starts at the beginning of the memory and grows up, versus Von Neumann architectures in which it grows down. Abstract: Most small embedded devices are built on Harvard class microprocessor…
  • The Variable Message Format (VMF) Protocol – A Data Protocol for Radios (Part 1)

    Infected Packet
    10 Aug 2015 | 6:30 am
    Introduction Software-Defined Radio (SDR) is a fast-growing market, expanding in a wide array of industries. Growth in this sector alone is expected to reach $USD27.29 billion by 2020 [1]. When only considering that most smartphones are equipped with SDRs, one can quickly understand the active research conducted in the field. SDRs are also in high usage across militaries and law enforcement given the added flexibility to conduct multiple types of operations using the same hardware, often with reduced maintenance costs. Nowadays, military tactical radios and law enforcement equipment are all…
  • CTF Code : Javascript Code to Quickly Process Data on a Webpage

    Infected Packet
    8 Aug 2015 | 2:16 am
    Introduction In quite a few Capture the Flag (CTF) exercises, I’ve seen this challenge – a coding one – which asks the participant to process some information on a webpage in less than X seconds, short enough so that no manual processing can be done. One way to do so is using Javascript. In one case, the participant is asked to crack a SHA1 encrypted word. Method By first doing manually searching for the hash using a search engine, the plaintext will be found and after doing it 2 or 3 times for different hash, a pattern will emerge in the random plaintext. In this case,…
  • #TheGreatFTPHunt – 2% to 9% of files scanned potentially containing confidential information

    Infected Packet
    17 Jul 2015 | 5:30 am
    Introduction In this post, we continue our data collection and evaluation of files stored on removable medias publicly accessible to the Internet. The collection of filenames from 6,500 hosts is ongoing, therefore we’re going to focus on evaluation of sensitivity of a file based only on its filename. Based on the current result, 2 to 9% of the 3000 files reviewed were sensitive or potentially sensitive. Most of the sensitive files are concentrated on a few hosts. These files often include financial information or project data from businesses. So far, 773 hosts containing around 4.5…
Log in