Network Security

  • Most Topular Stories

  • GM Vehicles Can Be Located, Unlocked, Started Remotely Via OnStar App

    Dark Reading:
    Jai Vijayan
    31 Jul 2015 | 7:15 am
    White Hat hacker Samy Kamkar's OwnStart device latest to show up vulnerabilities in modern vehicles
  • Cyber Boot Camp: Lessons Learned

    Dark Reading:
    Marilyn Cohodas
    31 Jul 2015 | 9:00 am
    What happens when 50 young people spend a week in the trenches with cybersecurity researchers from ESET? One picture is worth a thousand words. Here are seven.
  • Twitter for Infosec

    Security Blog
    Gabe Bassett
    20 Jul 2015 | 12:57 pm
    TL:DR Yes, twitter is awesome for infosec folks.  Create an account, follow this list, post about infosec stuff you’re passionate about, and don’t post anything you wouldn’t share during a job interview. IntroductionSo, a non-technical blog for a change.  I get asked a lot about twitter. If you’ve ever wondered if twitter would benefit you as an infosec professional, this post is for you.  It’ll answer two questions: Why use twitter How to get started Why Use Twitter?For infosec professionals, there are really two reasons to use twitter: The social infosec…
  • Real World Ramifications of Cyber Attacks

    Dragon News
    Jenny O'Connell
    31 Jul 2015 | 7:37 am
    Warning: the following blog contains gratuitous use of sarcasm and hyperbole from the start. Reader discretion is advised. And so, ladies and gentlemen, it has finally happened. The Internet-of-Things has risen up, Skynet style, and we are doomed. This much prophesied event finally came to pass with reports of hackers disabling cars from miles away, and altering rifle trajectories. At last, it seems, the crossover has been made from the digital world to the physical one; the end is nigh. Then again, is this such a sudden shock? There has been much interest in the hacking of industrial…
  • The Trouble with Security

    Feed: Articles & Tutorials
    Deb Shinder
    1 Jul 2015 | 1:05 am
    IT security pros aren’t feeling the love these days. Once upon a time, we were the stars of the show. I remember how, back in 2004-2009 or so, it was all about security. Today, the relationship has moved from the honeymoon phase to “it’s complicated.”
 
 
  • add this feed to my.Alltop

    Feed: Articles & Tutorials

  • Active Directory in the Cloud (Part 2)

    Deb Shinder
    29 Jul 2015 | 1:57 am
    In this, Part 2, we will go into more detail about how Azure AD works, how to implement it in business scenarios and how Windows 10 will integrate with it.
  • Video: Windows Service Account Finder and Reporter: FREE!

    Derek Melber
    22 Jul 2015 | 2:51 am
    This video demonstrates usage of free Service Account Finder and Reporter utility.
  • Active Directory in the Cloud (Part 1)

    Deb Shinder
    15 Jul 2015 | 2:00 am
    In this two-part article, we’re going to take a look at directory services in general and Azure AD in particular, along with what Windows 10 will bring to the table.
  • Windows 10 Varieties Explained - Choosing the Best Fit for You

    Ricky M. & Monique L. Magalhaes
    8 Jul 2015 | 2:28 am
    It is understood that Microsoft will release several versions of Windows 10 later this year. In this article we consider the security features and various flavours for release. Looking at how one edition may differ from the next, as the characteristics and security feature offerings would help you determine which is the best suited to you and your organisations specific requirements.
  • The Trouble with Security

    Deb Shinder
    1 Jul 2015 | 1:05 am
    IT security pros aren’t feeling the love these days. Once upon a time, we were the stars of the show. I remember how, back in 2004-2009 or so, it was all about security. Today, the relationship has moved from the honeymoon phase to “it’s complicated.”
 
  • add this feed to my.Alltop

    Dragon News

  • Real World Ramifications of Cyber Attacks

    Jenny O'Connell
    31 Jul 2015 | 7:37 am
    Warning: the following blog contains gratuitous use of sarcasm and hyperbole from the start. Reader discretion is advised. And so, ladies and gentlemen, it has finally happened. The Internet-of-Things has risen up, Skynet style, and we are doomed. This much prophesied event finally came to pass with reports of hackers disabling cars from miles away, and altering rifle trajectories. At last, it seems, the crossover has been made from the digital world to the physical one; the end is nigh. Then again, is this such a sudden shock? There has been much interest in the hacking of industrial…
  • SC Magazine article – Law firms getting duped out of client funds, warns regulator

    Kevin Williams
    30 Jul 2015 | 2:44 am
    This article was published on 27th July 2015 commenting on how Solicitors are getting hit by a growing tide of cyber-enabled fraud, resulting in the loss of money and confidential information. The article says: “The Solicitors Regulation Authority (SRA) has seen a big increase in scams targeting the legal profession. In 2014 it issued 183 scam alerts, up from 97 the previous year. It blames the internet which provides anonymity for the fraudsters and makes it less expensive and more efficient to perpetrate their crimes”. — Tom Reeve, SC Magazine I have no doubt that the figures…
  • Another Day, Another Patch

    Jenny O'Connell
    23 Jul 2015 | 6:41 am
    FreeBSD users were treated this week to an interesting new denial of service attack vector. All supported versions of the OS are affected by the bug, which has now been patched. Junos OS, which is based on FreeBSD, is also affected. If you’re a FreeBSD admin and you haven’t patched, feel free to disappear now and do so. Don’t worry, we’ll be here when you’re done… Right, now that’s out of the way, we can peruse the vulnerability at our leisure. The bug (CVE-2015-5358) boils down to a mishandling of TCP sockets that enter the LAST_ACK state. LAST_ACK is part of the close down of…
  • Cybercrime – Tipping the Balance

    Jenny O'Connell
    21 Jul 2015 | 12:43 am
    It’s been said before (on this very blog) but it’s worth saying again; if you work back far enough from any cybercrime, eventually you find a person. Someone, somewhere is writing the code and calling the shots. When this statement is presented to a non-technical audience, the question that typically follows is “so who are these people?”, and hot on it’s heels “why are they doing this?”. Simple and reasonable queries, but as most of us know, the answers are often rather trickier. Accurate attribution in a specific circumstance is notoriously difficult to achieve, often requiring…
  • DomainTools; A Profile of Malicious Domains

    Kevin Williams
    17 Jul 2015 | 3:59 am
    One of my colleagues passed me a recent report from DomainTools; A Profile of Malicious Domains, originally published in May 2015-07-17. I found their findings really interesting but don’t recall reading about them at the time. Defense against Malicious Actors They speak about how “much of the malicious activity on the Internet is classified and tracked in domain blacklists and reputation scores. But these do little to profile and predict cybercrime to proactively protect against domains that have yet to exhibit illicit behavior. Malicious actors behave in a predictable manner, and…
 
  • add this feed to my.Alltop

    TaoSecurity

  • Going Too Far to Prove a Point

    21 Jul 2015 | 6:45 am
    I just read Hackers Remotely Kill a Jeep on the Highway - With Me in It by Andy Greenberg. It includes the following:"I was driving 70 mph on the edge of downtown St. Louis when the exploit began to take hold...To better simulate the experience of driving a vehicle while it’s being hijacked by an invisible, virtual force, Miller and Valasek refused to tell me ahead of time what kinds of attacks they planned to launch from Miller’s laptop in his house 10 miles west. Instead, they merely assured me that they wouldn’t do anything life-threatening. Then they told me to drive the Jeep…
  • My Security Strategy: The "Third Way"

    30 Jun 2015 | 12:23 pm
    Over the last two weeks I listened to and watched all of the hearings related to the OPM breach. During the exchanges between the witnesses and legislators, I noticed several themes. One presented the situation facing OPM (and other Federal agencies) as confronting the following choice:You can either 1) "secure your network," which is very difficult and going to "take years," due to "years of insufficient investment," or 2) suffer intrusions and breaches, which is what happened to OPM.This struck me as an odd dichotomy. The reasoning appeared to be that because OPM did not make "sufficient…
  • My Prediction for Top Gun 2 Plot

    30 Jun 2015 | 8:01 am
    We've known for about a year that Tom Cruise is returning to his iconic "Maverick" role from Top Gun, and that drone warfare would be involved. A few days ago we heard a few more details in this Collider story:[Producer David Ellison]: There is an amazing role for Maverick in the movie and there is no Top Gun without Maverick, and it is going to be Maverick playing Maverick. It is I don’t think what people are going to expect, and we are very, very hopeful that we get to make the movie very soon. But like all things, it all comes down to the script, and Justin is writing as we…
  • Hearing Witness Doesn't Understand CDM

    27 Jun 2015 | 8:50 am
    This post is a follow up to this post on CDM. Since that post I have been watching hearings on the OPM breach.On Wednesday 24 June a Subcommittee of the House Committee on Homeland Security held a hearing titled DHS’ Efforts to Secure .Gov.A second panel (starts in the Webcast around 2 hours 20 minutes) featured Dr. Daniel M. Gerstein, a former DHS official now with RAND, as its sole witness.During his opening statement, and in his written testimony, he made the following comments:"The two foundational programs of DHS’s cybersecurity program are EINSTEIN (also…
  • The Tragedy of the Bloomberg Code Issue

    20 Jun 2015 | 6:13 am
    Last week I Tweeted about the Bloomberg "code" issue. I said I didn't know how to think about it. The issue is a 28,000+ word document, enough to qualify as a book, that's been covered by news outlets like the Huffington Post.I approached the document with an open mind. When I opened my mail box last week, I didn't expect to get a 112 page magazine devoted to explaining the importance of software to non-technical people. It was a welcome surprise.This morning I decided to try to read some of the issue. (It's been a busy week.) I opened the table of contents, shown at left. It took me a…
  • add this feed to my.Alltop

    Spyware news

  • The threat of the year: Cryptolocker

    28 Jul 2015 | 6:27 am
    It seems that its time to announce the threat of the year! Virus that can be found in almost every security forum or a virus-related website is Cryptolocker. According to the data of the last 14 months, the FBI’s Internet Crime Complain Center (IC3) received 992 Cryptolocker-related complaints from affected companies and PC users. According to […]
  • iPad and iPhone users are tricked by fake warning that locks their Safari and asks $80 for fix

    16 Jul 2015 | 4:29 am
    If you are the owner of an iPad and iPhone, please read this story very carefully. We want to warn you about the latest scam, which has been spreading in the US and Great Britain for some time. The main thing that you have to do for protecting yourself is to ignore the misleading warning […]
  • Selfies to replace passwords in MasterCard transactions

    9 Jul 2015 | 4:17 am
    MasterCard has announced that it is launching a pilot program that will help the shoppers by ensuring safer transactions. This will be achieved by shoppers taking photos of themselves. This new program is based on biometric authentication methods like voice recognition, cardiac rhythm or facial identification. Ajay Bhalla, President of enterprise safety and security at […]
  • Oracle has decided to displace Ask with Yahoo! in Java updates

    29 Jun 2015 | 4:53 am
    For many years, Oracle has been blamed for filling crucial Java updates with Ask Toolbar. This way, Ask search provider has been increasing the number of its users on a daily basis. If you have never heard about ‘bundling’ before, then, of course, you are a lucky person because you haven’t encountered with a deceptive […]
  • WhatsApp is the worst at protecting users’ privacy

    19 Jun 2015 | 6:15 am
    If you are looking for an app that is could track you, could collect specific data and then could share it according to its needs, you should download WhatsApp. In fact, we believe that the biggest part of those who will read this article are among those 800 million active users who have already downloaded it […]
  • add this feed to my.Alltop

    Schneier on Security

  • Friday Squid Blogging: Russian Sailors Video Colossal Squid

    schneier
    31 Jul 2015 | 2:17 pm
    It tried to steal their catch. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
  • Schneier Speaking Schedule

    schneier
    31 Jul 2015 | 12:21 pm
    I'm speaking at an Infoedge event at Bali Hai Golf Club in Las Vegas, at 5 PM on August 5, 2015. I'm speaking at DefCon 23 on Friday, August 7, 2015. I'm speaking -- remotely via Skype -- at LinuxCon in Seattle on August 18, 2015. I'm speaking at CloudSec in Singapore on August 25, 2015. I'm speaking at MindTheSec in São Paulo, Brazil on August 27, 2015. I'm speaking on the future of privacy at a public seminar sponsored by the Institute for Future Studies, in Stockholm, Sweden on September 21, 2015. I'm speaking at Next Generation Threats 2015 in Stockholm, Sweden on September 22, 2015. I'm…
  • HAMMERTOSS: New Russian Malware

    schneier
    31 Jul 2015 | 9:12 am
    Fireeye has a detailed report of a sophisticated piece of Russian malware: HAMMERTOSS. It uses some clever techniques to hide: The Hammertoss backdoor malware looks for a different Twitter handle each day -- automatically prompted by a list generated by the tool -- to get its instructions. If the handle it's looking for is not registered that day, it merely returns the next day and checks for the Twitter handle designated for that day. If the account is active, Hammertoss searches for a tweet with a URL and hashtag, and then visits the URL. That's where a legit-looking image is grabbed and…
  • Back Doors Won't Solve Comey's Going Dark Problem

    schneier
    31 Jul 2015 | 4:08 am
    At the
  • Comparing the Security Practices of Experts and Non-Experts

    schneier
    30 Jul 2015 | 12:21 pm
    New paper: "'...no one can hack my mind': Comparing Expert and Non-Expert Security Practices," by Iulia Ion, Rob Reeder, and Sunny Consolvo. Abstract: The state of advice given to people today on how to stay safe online has plenty of room for improvement. Too many things are asked of them, which may be unrealistic, time consuming, or not really worth the effort. To improve the security advice, our community must find out what practices people use and what recommendations, if messaged well, are likely to bring the highest benefit while being realistic to ask of people. In this paper, we…
 
  • add this feed to my.Alltop

    Security Blog

  • Stagefright and Security Fright

    admin_sec
    31 Jul 2015 | 1:58 pm
    by Mark RaschThis article originally appeared on Security Currents here.A new vulnerability in the Android OS points out not only problems with hardware and software generally, but with our bug bounty and patch management system for mass-market consumer products – you know, exactly the kinds of products that most need a patch management program.The fact that the critical vulnerability was discovered and reported in April (though no exploit yet publicly acknowledged) and patches and publicity are going out in late July demonstrates how the process of vulnerability discovery, validation,…
  • Internal vs External Discovery in the DBIR

    Gabe Bassett
    27 Jul 2015 | 8:15 am
    In the DBIR we track who discovered the breach.  It turns out, there’s a significant difference in the breaches that are discovered externally vs those discovered internally.  Keep in mind, discovery method is an effect, not a cause.  But it can help us understand the importance of good internal detection and the blind spots internal detection may be more likely to have.Just as a preface, Incidents are any breach of confidentiality, integrity, or availability.  Breaches are just those incidents in which the confidentiality of data is breached. Patterns (Incidents)  Internal…
  • Twitter for Infosec

    Gabe Bassett
    20 Jul 2015 | 12:57 pm
    TL:DR Yes, twitter is awesome for infosec folks.  Create an account, follow this list, post about infosec stuff you’re passionate about, and don’t post anything you wouldn’t share during a job interview. IntroductionSo, a non-technical blog for a change.  I get asked a lot about twitter. If you’ve ever wondered if twitter would benefit you as an infosec professional, this post is for you.  It’ll answer two questions: Why use twitter How to get started Why Use Twitter?For infosec professionals, there are really two reasons to use twitter: The social infosec…
  • Weekly Intelligence Summary Lead Paragraph: 2015-07-17

    dkennedy
    20 Jul 2015 | 12:56 pm
    InfoSec risk intelligence was not completely dominated by patch management this week. However, mitigating the risks from attacks on insecure software almost certainly had the most widespread impact on Verizon and our clients.  Adobe issued another Flash Player security bulletin and update for two vulnerabilities revealed in the Hacking Team data dump that cybercriminals almost immediately added to exploit kits.  The Pawn Storm/Sednit/Sofacy/APT 28 threat actors were exploiting a new Microsoft Office vulnerability patched by MS15-070. The same actor was also using new Java vulnerability also…
  • DBIR The Missing Section: Phishing

    Gabe Bassett
    14 Jul 2015 | 3:46 pm
    Phishing is BIG.  Don’t believe me? out of the 2122 breaches in the DBIR this year, 463 included Phishing; over a fifth of them!Now, the DBIR had a phishing section this year, but it was focused on how people react to phishing when tested rather than phishing breaches.  Along with credentials, phishing is a type of threat actor action, one of the VERIS 4 A’s that is strongly interwoven throughout the DBIR.  Phishing related breaches are so strong, that it probably deserves it’s own section along with the phishing testing section that we added this year.  (Throughout…
 
  • add this feed to my.Alltop

    Optimal Security

  • Infosec Haiku

    Chris Merritt
    31 Jul 2015 | 2:08 pm
    Anata no joho sekyuritei konshu no haiku Buy your Sysadmin a piece of pie today, or your PC goes down!   ### Notes ### * Thanks to Kurt N for jogging my memory — happy b-day!  And Matt — your pie will be delivered! * Thanks to Ms. Etsuko vdH for the translation. * Thanks to everyone who’ve contributed their haikus … watch this space to see if yours is published. * Submit Your Own … if yours is published, I’ll send you a $20 Starbux card. Please DM me at infosec-haiku@lumension.com. Contest Rules: all rulings by the judge (me) are final, blah blah…
  • Windows 10 is Here! Windows 10 is Here!

    Chris Merritt
    29 Jul 2015 | 6:13 pm
    Unless you’re still buried under snow in Buffalo, you probably know that Microsoft released its newest operating system today. Windows 10 is the latest and greatest from Redmond, and as one pundit put it: Vista was awful, Windows 7 was okay, and the less said of Windows 8 the better, but Windows 10 looks to me to be the best first release of Windows in over a decade. According to Net Applications’ Marketshare data, almost 61% of systems in use today are Win 7, followed by 13% for Win 8.1 and a surprising 3% for Win 8. Perhaps more interesting are the 12% still on WinXP – if that’s…
  • Gaping hole in Android lets hackers break in with just your phone number!

    Graham Cluley
    27 Jul 2015 | 2:22 pm
    Imagine that you want to infect someone else’s Android smartphone, but you cannot get physical access to the device. The normal method would be to attempt to trick the phone’s owner into installing a malicious app, or fool them into clicking on a link that points to a webpage that exploits a vulnerability that silently installs malware onto the device. That would be the normal method. But Joshua Drake, a security firm with Zimperium, has found a serious vulnerability that does away with all that, and requires no interaction at all by the user. In fact, the vulnerability could…
  • Ransomware – Now for Websites

    Orion
    27 Jul 2015 | 6:30 am
    Over the last several weeks I’ve written about ransomware primarily as it relates to individual machines or mobile devices. There is another very sneaky variant of ransomware which you should be aware of. It’s specifically crafted to hold websites hostage. It’s called RansomWeb. It’s methodology is slow and diabolical, and I believe it’s out there silently working on websites today. Most large websites are built on Content Management System (CMS) frameworks. Some are open source, some are commercial, and some are home-brewed. All of them rely on one or more…
  • Infosec Haiku

    Chris Merritt
    25 Jul 2015 | 2:27 pm
    Anata no joho sekyuritei konshu no haiku Delete Old Data Reduce Scope of Protection Save Embarrassment   ### Notes ### * Thanks to Ms. Etsuko vdH for the translation. * Thanks to everyone who’ve contributed their haikus … watch this space to see if yours is published. * Submit Your Own … if yours is published, I’ll send you a $20 Starbux card. Please DM me at infosec-haiku@lumension.com. Contest Rules: all rulings by the judge (me) are final, blah blah blah.
 
  • add this feed to my.Alltop

    TRUSTe Blog

  • August Spotlight – Live Demos, Data Privacy Asia Event

    kfreeman
    31 Jul 2015 | 2:27 pm
    August 6, 10-11 a.m. PDT Webinar – “30 Day Countdown Until DAA Mobile Enforcement: Are You Ready?” Enforcement of the DAA Mobile Guidelines begins in September. Find out what this means for your business. Speakers include Lou Mastria, Executive Director of the Digital Advertising Alliance; Michael Signorelli, Partner, Venable LLP and Counsel, Digital Advertising Alliance; … Continue reading » The post August Spotlight – Live Demos, Data Privacy Asia Event appeared first on TRUSTe Blog.
  • End-of-Month-Recap: What You May Have Missed

    kfreeman
    31 Jul 2015 | 9:00 am
    At the end of each month we’ll compiled a list featuring some of the most informative and interesting privacy blog posts to let you know what topics are driving the privacy agenda this month. This month on the blog we covered a wide array of privacy topics. We also shared the Privacy Ecosystem. This map … Continue reading » The post End-of-Month-Recap: What You May Have Missed appeared first on TRUSTe Blog.
  • Google AdSense Policy Now Requires Publishers to Obtain Consent from EU Visitors

    kfreeman
    29 Jul 2015 | 9:28 am
    This week Google announced it will be implementing a new user consent policy. Essentially, this new policy requires all websites serving EU visitors, including those not based in the EU, to comply with the EU Cookie Directive. Google posted the notice on its official AdSense blog. In 2009 an amendment to an existing EU directive … Continue reading » The post Google AdSense Policy Now Requires Publishers to Obtain Consent from EU Visitors appeared first on TRUSTe Blog.
  • Latest Privacy Insight Series Webinar Addresses FTC Stance on Privacy, Security

    kfreeman
    24 Jul 2015 | 10:12 am
    The FTC is the leading privacy and security regulator in the U.S. says Daniel J. Solove, a professor at George Washington University Law School who runs a privacy and security training company called TeachPrivacy and organizes the The Privacy + Security Forum conference. Although there is hardly any case law, Solove noted in presenting this … Continue reading » The post Latest Privacy Insight Series Webinar Addresses FTC Stance on Privacy, Security appeared first on TRUSTe Blog.
  • Doubling Down on Privacy and Security [Video]

    kfreeman
    23 Jul 2015 | 9:00 am
    A data breach or regulatory investigation can have devastating consequences for an organization. Today, companies are collecting sensitive information of customers and employees alike and are looking for ways to systematically safeguard that information against the possibility of a costly breach. Privacy professionals need a comprehensive strategy to address these privacy and security risks, but … Continue reading » The post Doubling Down on Privacy and Security [Video] appeared first on TRUSTe Blog.
  • add this feed to my.Alltop

    Networking

  • Cradlepoint 101

    27 Jul 2015 | 6:46 am
    As a Wi-Fi guy, it’s easy to pay no attention to “other” wireless technologies. From the provider perspective, Wi-Fi and its various accoutrements can be complicated enough… throwing 4G into the mix as a solution just doesn’t tend to happen (for a number of reasons) fo...
  • Globalstar's TLPS Story Gets Weirder

    20 Jul 2015 | 1:27 pm
    TLPS is an odd technology story that just keeps going. Now, we have a little intrigue to spice things up.
  • Has GlobalStar Tricked the FCC, or Is Everyone in Washington Clueless on Tech?

    20 Jul 2015 | 1:26 pm
    TLPS is a weird story that just keeps going. Now, we have a little intrigue to spice things up.
  • In Appreciation of Network Wiring

    12 Jul 2015 | 2:07 am
    Wiring isn't the most glamorous part of networking- but it's as important as an other.
  • Understanding Meraki Cloud-Managed Networking Licenses

    6 Jul 2015 | 4:56 am
    Cloud-managed networking has been around a few years, and can be transformative for many environments. But there is a lot of confusion and misinformation on licensing around the topic. Let's look at one vendor example and try to bring some clarity.
  • add this feed to my.Alltop

    Enterprise Drm

  • Wieso ich hier über DNA Tests schreibe

    Star
    27 Jul 2015 | 6:50 am
    Es liegt in der Natur des Menschen, neugierig zu sein. Diese Neugier zeichnet uns aus und treibt uns voran. Auch ich habe von den DNA Tests gehört und nachgeforscht und die Informationen, die man dazu bekommt sind unglaublich. Den eigenen Wissensdurst stillen Wieso sollte man die Möglichkeit, etwas über sich selbst oder sein Haustier zu erfahren, denn nicht nutzen? Genau diese Frage steht im Raum und eröffnet einen bisher unbekannten Blickwinkel. Würde ein Mensch sein Leben anders Leben und es ganz neu strukturieren, wenn er wüsste, dass er sehr bald schwer erkranken wird? Mit…
 
  • add this feed to my.Alltop

    SecurityWeek RSS Feed

  • Flaw in Fingerprint Access Devices Could Make It Easy to Open Doors

    Eduard Kovacs
    31 Jul 2015 | 10:41 am
    Fingerprint access controllers developed by Taiwan-based Chiyu Technology are plagued by a vulnerability that could allow hackers to make it easier to open the doors protected by these devices, a researcher has warned. read more
  • Cisco Patches DoS Vulnerability in ASR Routers

    Eduard Kovacs
    31 Jul 2015 | 6:22 am
    Cisco has released software updates to address a high severity denial-of-service (DoS) vulnerability affecting Cisco ASR 1000 Series Aggregation Services Routers. read more
  • PagerDuty Warns Customers of Data Breach

    Eduard Kovacs
    31 Jul 2015 | 4:34 am
    San Francisco-based operations performance management company PagerDuty informed customers on Thursday that its systems were breached earlier this month. read more
  • Unintentional Mistakes The Biggest Insider Threat: Survey

    SecurityWeek News
    31 Jul 2015 | 4:21 am
    Contrary to many headlines across the cyber realm, not all security incidents are a result of malicious intent. According to the results of a recent survey, 70 percent of U.S. survey respondents and 64 percent of German respondents said that more security incidents are caused by unintentional mistakes rather than intentional and/or malicious acts. read more
  • Researchers Show DRAM "Rowhammer" Bug Can Be Exploited Remotely

    Eduard Kovacs
    31 Jul 2015 | 2:18 am
    A team of researchers from Austria and France have demonstrated what they claim to be the first remote software-induced hardware fault attack. They have found a way to exploit the “Rowhammer” vulnerability remotely by using JavaScript. read more
  • add this feed to my.Alltop

    Free IT - Security Magazines and Downloads from alltop.tradepub.com

  • Raxxis Breach of Global Bank - Real World Attack Case Study

    30 Jul 2015 | 12:00 am
    Raxis, a leading penetration testing firm, reconstructed a real-world APT attack by Russian hackers on a global bank. A stolen digital certificate and private key resulted in access to almost 100 servers and tens of millions of customer records.Read this whitepaper, Real-world Attack Breaching a Global 100 Bank, to get the details on how you can protect your organization:Discover how hackers obtain unsecured private keys and digital certificatesSee how stolen keys and certificates increase the effectiveness of targeted phishing attacksFind out how you can protect against certificate misuse to…
  • New SANS 20 Updates Require Keys and Certificates to be Protected

    30 Jul 2015 | 12:00 am
    Enterprises have an average of almost 24,000 keys and certificates, and 54% of security professional admitted they don’t know where all of their keys and certificates are used. Is your organization ready to meet the new SANS 20 requirements?Download this important SANS 20 Critical Security Control brief to learn how to implement these new requirements and reduce risk:Manage the rapid growth in keys and certificatesGain visibility into where all keys and certificates are locatedSecure your keys and certificates against cyberattacksEnforce automation of certificate issuance and…
  • Mitigating the DDoS Threat

    28 Jul 2015 | 12:00 am
    This white paper covers:Likelihood of attacks for different industriesTop business concerns of DoS/DDoS attacks2013 notable attack vectors and landscapeDoS/DDoS protection best practicesRequest Free!
  • SANS Analytics and Intelligence Survey

    23 Jul 2015 | 11:20 am
    By conducting this survey, SANS had hoped to see more improvements in the use and benefits of security analytics and intelligence. However, security teams are struggling with visibility, and the use of “intelligence” is slipping. Learn more about the information gathered by SANS and understand if you're realizing your threat intelligence investment.Request Free!
  • The Essentials of Information Security Kit: Includes a Free PC Security Handbook - 2nd Edition eBook

    23 Jul 2015 | 10:50 am
    The Essentials of Information Security brings together the latest in information, coverage of important developments, and expert commentary to help with your Information Security related decisions.The following kit contents will help you get the most out of your Information Security research:PC Security Handbook - 2nd EditionForrester Market Overview: Cloud Workload Security Management Solutions - Automate or DieSecurity, Compliance, and Cost: A Productive Balancing ActSANS Analytics and Intelligence SurveyRequest Free!
  • add this feed to my.Alltop

    IT-Security

  • The 50-Minute MBA for Sec Pros, Part Deux

    Branden Williams
    28 Jul 2015 | 7:21 am
    Encrypted stories, by FeatheredTar James Adamson & I recently followed up our 50-Minute MBA for Information Security Professionals RSA session with a webcast to describe how to apply the concepts. The entire session was recorded and is available on-demand. We’re currently exploring more ways we can take this message to information security professionals. Would you all be interested in “office hours” every other week to call in and ask questions? How about smaller group sessions with lots of 1:1 interaction? Let us know in the comments below! Possibly Related Posts: May…
  • Is the Council Trying to Kill the QSA Program?

    Branden Williams
    23 Jun 2015 | 7:22 am
    If you can believe, it has been nearly seven years since the last update to the Qualification Requirements for Qualified Security Assessors (QSAs). This document is the guide that assessors use in their business dealings with the Council. It explains how a firm can become a QSA Company, who is qualified to be a QSA employee, and how the ecosystem works around that whole group. Christina Aguilera on the PCI Ecosystem The changes are quite substantial, as evidenced by the change log. The last entry, for 1.2, simply stated alignment issues with PCI DSS v1.2. This version has nineteen entries,…
  • May 2015 Roundup

    Branden Williams
    1 Jun 2015 | 5:54 am
    Stay Classy, San Diego! It finally happened last month. In May, North Texas set a record for being the wettest may on record. For those of you who have been watching from afar, check out this great infographic that shows how much 35 trillion gallons of water will cover. In other news, we had a major breach that is having bigger impacts than many realize, we are seeing the first reports and fall-out from PCI DSS 3.1, and key provisions of the Patriot Act expired. Here’s what you folks liked the most last month: The Only Customer Service Script You Will Ever Need. Maybe the economy is…
  • Why the Adult Friend Finder Breach Should Concern You

    Branden Williams
    26 May 2015 | 7:11 am
    Check out this great post by Dave Lewis over at CSO who reports on one of those face-palm realizations that many folks are having today. Adult Friend Finder is a social hookup site that fell victim to a breach with all kinds of data on its members now disclosed to the public. Why is that a big deal? Because an alarming number of users on that site signed up for the service using their corporate email accounts. Hands on: “MacBook Air” HR nightmare aside, there is a ton of really great information now available to an attacker. If you use the service, you may have your own issues…
  • March-April 2015 Roundup

    Branden Williams
    4 May 2015 | 11:34 am
    Stay Classy, San Diego! Shush it. I know it’s been a little slow around here. There are some major things in the works! I started a new gig, for one, which is consuming the bulk of my time. I’m also working on a 3.1 addendum to our book, which should be out by the summer. March and April were some busy months for many of us. Three major shows (MAC, ETA, and RSA Conference) all happened in those months. PCI DSS 3.1 was released. You paid your taxes (hopefully). Here’s what you folks liked the most last month: The Only Customer Service Script You Will Ever Need. Maybe the…
 
  • add this feed to my.Alltop

    Pcthreat.com

  • BeagleBrowser

    30 Jul 2015 | 8:48 pm
    Although it might not sound like it, BeagleBrowser does not have anything to do with beagles. It probably just counts on the cute image of the breed to make you believe the program is good enough on a daily...
  • PC Optimizer Pro

    30 Jul 2015 | 8:48 pm
    Despite the best efforts of the online security industry to secure the exact opposite, many of its consumers continue to fall into the trap set by malicious rogue security tools like PC Optimizer Pro. This...
  • Qone8.com

    30 Jul 2015 | 8:48 pm
    Qone8.com is a search engine which returns search results from Google Search. The search engine is owned by Taiwan Shui Mu Chih Ching Technology Limited, and it very similar to such browser hijackers as...
  • RaaS Ransomware

    30 Jul 2015 | 8:48 pm
    One of the main reasons computer security experts say that you should always keep your files backed up on a cloud drive (or another storage system) is the likes of RaaS Ransomware. Lately, we have been...
  • V9 Redirect Virus

    30 Jul 2015 | 8:48 pm
    V9 Redirect Virus is a malicious browser hijacker which infects the system while you are browsing insecure websites or when you download spam email attachments. Once the infection gets in the system, the...
  • add this feed to my.Alltop

    Threatpost | The first stop for security news

  • Unusual Re-Do of US Wassenaar Rules Applauded

    Michael Mimoso
    31 Jul 2015 | 9:56 am
    The U.S. Commerce Department this week agreed to rewrite the proposed U.S. implementation of the Wassenaar Arrangement, a decision lauded by security experts.
  • Threatpost News Wrap, July 31, 2015

    Dennis Fisher
    31 Jul 2015 | 8:51 am
    Dennis Fisher and Mike Mimoso discuss the hacked sniper rifle, the huge Android bug in Stagefright, Samy Kamkar’s OwnStar device, and the joy and pain of next week’s Black Hat conference.
  • FBI Warns of Increase in DDoS Extortion Scams

    Dennis Fisher
    31 Jul 2015 | 8:26 am
    Online scammers constantly are looking for new ways to reach into the pockets of potential victims, and the FBI says it is seeing an increase in the number of companies being targeted by scammers threatening to launch DDoS attacks if they don’t pay a ransom. The scam is a variation on a theme, the familiar […]
  • Xen Patches VM Escape Flaw

    Dennis Fisher
    31 Jul 2015 | 6:21 am
    The Xen Project has patched a serious vulnerability that could allow an attacker in a guest virtual machine to escape and gain the ability to run arbitrary code on the host machine. The vulnerability is in the QEMU open source machine emulator that ships as part of the Xen hypervisor. The problem is related to the […]
  • Cisco Fixes DoS Vulnerability in ASR 1000 Routers

    Dennis Fisher
    30 Jul 2015 | 11:55 am
    Cisco has patched a denial-of-service vulnerability in its ASR 1000 line of routers, a bug that’s caused by an issue with the way the routers handle some fragmented packets. The company said the DoS vulnerability affects all of the ASR 1000 Series Aggregation Services Routers that are running a vulnerable version of the IOS XE […]
 
  • add this feed to my.Alltop

    Pivot Point Security

  • “High Business Impact” Data—A Better Way to Talk about Vendor Risk

    John
    14 Jul 2015 | 4:00 am
    I have been around long enough to remember when the phrase “Microsoft security” was an oxymoron. But it’s amazing how things have changed in the last five years or so. Microsoft has really come into its own as a thought leader on security. Recently Microsoft introduced a great new term that I love: HBI (High Business Impact) data. HBI is essentially a vendor risk classification scheme that applies to vendors/partners that access critical data (e.g., financial data, source code, facial recognition data, Social Security numbers, credit card data, sales account data, sales and marketing…
  • 3 More Preventable Mega-Hacks that Illustrate the Value of Independent Information Security Certification

    Robert Oliver
    7 Jul 2015 | 4:00 am
    It seems like every few days a new story breaks about yet another information security breach that 1) violated the public trust, 2) had the potential to greatly harm individuals, organizations or even the fabric of civilization itself, and 3) could have been easily prevented by a “standards-compliant” information security management system (ISMS). Let’s start with the big kahuna: security researcher Chris Roberts’ claims that he was able to take control of a passenger aircraft in flight by hacking into the infotainment system, causing one of the plane’s engines to increase power and…
  • 70% of Breaches are Detected by a Third Party

    Andrew Shumate
    30 Jun 2015 | 4:00 am
    Working in information security can make you a bit cynical. But even so I was surprised to learn that a recent survey found that 70% of breaches were detected by a third party, rather than by the organization itself. Equally painful is the fact that 46% of companies that suffered a breach took more than four months to detect a problem, and more than three months to mitigate the risk. No wonder reporters like Michael Krebs can find out about major breaches even before industry-leading victims like Target. The same survey of 1,000 IT professionals found that 73% of them believe their…
  • Pivot Point Security Adds ISO 22301 Certified Lead Implementer; Expands Business Continuity Services

    Scott
    23 Jun 2015 | 4:00 am
    For the original version on PRWeb visit:http://www.prweb.com/releases/2015/06/prweb12800496.htm Pivot Point Security, a leading information security consulting firm, specializing in helping companies of all sizes and types achieve ISO 27001 certification, announces its expansion into ISO 22301 – an international standard for Business Continuity Management (BCM). To solidify its commitment to ISO standards, Pivot Point has attained an ISO 22301 Lead Implementer Certification. Like the Lead Implementer certification for ISO 27001 (Pivot Point has 10 consultants holding that distinguished…
  • What is a Reasonable Cost/Scope for an ISO 27001 Internal Audit?

    John
    23 Jun 2015 | 4:00 am
    We recently bid on an ISMS Internal Audit (ISMS IA) for an existing client at around $8,000, and were very surprised when the client let me know via email that they had decided to use another “qualified” firm that bid the project “at a cost that is less than half your proposal.” We bid the project at a fixed price, figuring that it would require roughly five days’ worth of work: One day for planning (review previous internal audits, review certification audit, review most recent risk assessment reports, work with client to understand other areas of concerns, develop audit plan, gain…
  • add this feed to my.Alltop

    HOTforSecurity

  • De-anonymization of Tor Hidden Services With 88 Percent Certainty, Researchers Say

    Liviu Arsene
    31 Jul 2015 | 5:43 am
    MIT researchers have devised a method for identifying anonymous Tor hidden services or hosts – with 88 percent certainty – by using a circuit fingerprinting attack to analyze traffic going through an attacker-controlled computer. Once the attacker’s computer starts acting as a Tor guard, the researchers say they used a machine learning algorithm that analyzes traffic patterns that go through the computer to de-anonymize hidden service clients. “The attacker sends crafted signals to speed up discovery of entry guards, which are first-hop routers on circuits, or use congestion attacks…
  • See how a self-aiming sniper rifle can be remotely hacked

    Graham Cluley
    30 Jul 2015 | 7:56 am
    I must admit I raised an eyebrow. I’m not clear why any regular member of the public would really need a sniper rifle, let alone one which has a computer running Linux embedded inside it. But, it turns out, there is a market for so-called “smart” self-aiming sniper rifles – in America at least. And with help from the kind of modern technology built into the $13,000 Tracking Point TP750 rifle, even a lousy shot might find themselves shooting dead on target, as the computer-assisted weapon decides upon the very best time to shoot is to hit your intended target.
  • Financial Companies to Provide Stronger Authentication Methods; How FIDO Works

    Razvan Muresan
    30 Jul 2015 | 12:09 am
    Financial services companies have the most urgent need for safer payment methods as their clients demand privacy, security and convenience in all transactions, according to FIDO (Fast IDentity Online) Alliance, which groups more than 200 companies and government agencies, including financial institutions such as Wells Fargo, Goldman Sachs and JP Morgan Chase, among others. Source: Wikipedia Bank clients may experience safer transactions as more financial companies, now including ING Bank of the Netherlands and USAA, join the FIDO (Fast IDentity Online) Alliance, to solve problems users face…
  • Ethical Decisions May Be Embedded in Self-Driving Cars

    Liviu Arsene
    29 Jul 2015 | 1:59 am
    Progress in self-driving vehicles led Chris Gerdes, a professor at Stanford University, and Patrick Lin, a professor of philosophy at Cal Poly, to experiment with ethical dilemmas that may come up when such vehicles become common. Considering that recent proof-of-concept hacking attempts on smart vehicles have proven that, with off-the-shelf equipment and adequate skills, someone could interfere with and control the vehicle – in this case, a Jeep Cherokee – automotive manufacturers will have to reconsider built-in security standards. Following such incidents, US politicians proposed a SPY…
  • Security Has Reached Board-Level Thinking, Gartner Survey Finds

    Razvan Muresan
    29 Jul 2015 | 12:30 am
    Some 71% of managers say IT risk management data influences decisions at the board level, according to Gartner’s annual end-user survey for privacy and information security. Image source: Flickr The study’s authors found an increasing focus on IT risk as part of corporate governance. Almost 40% of respondents stated explicitly that the most senior person responsible for information security reports outside of the IT organization.  “The primary reasons for establishing this reporting line outside of IT are to improve separation between execution and oversight, to increase the…
  • add this feed to my.Alltop

    Video Surveillance Blog

  • What type of hard drive do I need for my surveillance system?

    31 Jul 2015 | 12:45 pm
    Because a surveillance system runs intensive management software, and has to store large amounts of data, the hard drives you choose for your surveillance system are very important. While you cannot eliminate the chances of a hardware malfunction or failure, selecting hardware designed for professional video surveillance applications is your best option for the best system performance. Traditional hard drives have spinning discs, while a solid state drive (SSD) uses different technology to remove the spinning parts. Because it has no moving parts, a SSD is believed to last longer; this is…
  • Video Surveillance for the Critical Infrastructure Industry

    28 Jul 2015 | 10:59 am
    VideoSurveillance.com has a lonstanding history helping facilities within the critical infrastructure market deploy high-resolution IP camera systems along their perimeters. Examples of ritical infrastructure projects that VideoSurveillance.com have worked with include electrical utilities and electrical substations. Heightened security efforts are key to keeping critical infrastructure businesses protected against trespassers, theft, and vandalism. In addition, security cameras help ensure safety protocols are followed and that a live and recorded view of the facility is accessible 24-7 on a…
  • How can video surveillance secure your equipment rental business?

    23 Jul 2015 | 12:56 pm
    Construction and agriculture machinery is large and expensive, and not everyone who needs the equipment occasionally can afford to purchase and store it. Equipment rental businesses make it easy to access this equipment as needed, but how can you secure your business and products? Video surveillance systems are extremely common and popular in retail businesses. Although it may be more difficult for a thief to steal a tractor versus a sweater, all retail businesses need to be aware of the damages from thieves. A surveillance camera can monitor your business around the clock, even when you are…
  • Video Surveillance Solutions for RV & Boat Dealerships

    17 Jul 2015 | 1:02 pm
    If you own an RV or boat dealership, then you know how critical it is to protect your lot against theft, vandalism, and trespassers. VideoSurveillance.com specailizes in helping boat dealers and RV dealerships heighten their security efforts with custom-designed security camera solutions. Designed with precision, our custom video surveillance systems provide a wealth of benefits to ensure your lot is well guarded and monitored around the clock, 24-7. Pioneering advances in security camera technology have made it possible to capture video in full HD resolution, which gives business owners the…
  • Safeguard Your Cannabis Operation with HD Video Surveillance

    8 Jul 2015 | 10:24 am
    VideoSurveillance.com has helped marijuana dispensaries, producers, retailers, wholesalers, and processors protect their facilities with customized HD video surveillance systems. These facilities are required to meet stringent state regulations in order to obtain and keep their license to sell their product. Among these regulations include installing and maintaining a video surveillance system to monitor operations 24-7. VideoSurveillance.com is extremely knowledgeable in marijuana compliance laws, and will design a security camera system that not only meets compliance but provides a host of…
 
  • add this feed to my.Alltop

    Radware Blog

  • DDoS-For-Hire: A Full Blown Market

    Yotam Ben-Ezra
    23 Jul 2015 | 7:59 am
    DDoS-for-hire has been around for a while.  Until recently, “booters” were known as paid online services used by gamers to initiate DDoS attacks against their opponents to gain a competitive advantage. Now, DDoS attacks can be launched by anybody with a credit card and a motive. No longer exclusive to gamers and hackers, a competitive DDoS-for-hire market has expanded nearly to the point of commoditization. Why? Prices Are Decreasing – In the past, attacks cost hundreds of dollars. They are now offered in several models from weekly subscriptions to others that are only a few…
  • A Gateway to the New Internet: What to Know about HTTP/2 (And How to Use it Now)

    Yaron Azerual
    20 Jul 2015 | 2:53 am
    Since HTTP 1.1 was introduced 17 years ago, the Internet has evolved.  This evolution introduced many changes, among them the development and delivery of rich content to users. These improvements enhanced the online experience, but did come at a cost – and the currency was performance. Performance challenges that HTTP 1.1 was never designed to handle. In February 2015 the Internet Engineering Task Force (IETF), who develops and promotes voluntary Internet standards, released a new HTTP/2 version to cope with those challenges and to adapt to the evolution that internet content has…
  • How Application Delivery Can Simplify Enterprise Challenges

    Prakash Sinha
    24 Jun 2015 | 8:40 am
    In enterprise environments it is common for an application to be hosted by a pool of servers, either physical or virtual.  Over time these applications also go through a lifecycle that consists of security patches, maintenance, upgrades to update capabilities, and changes to keep up with trends such as virtualization, consolidation and deployment in a hybrid cloud environment.  For scalability, additional servers may also be deployed. IT is needed to deliver consistent availability and an optimized user experience for these applications all while delivering the Service Level Agreement…
  • What Do You Know About DDoS Attacks? Here’s The Ultimate Guide

    Ben Desjardins
    22 Jun 2015 | 2:41 am
    Every good hero needs a trusty guide. Sherlock Holmes had his Watson. Bruce Wayne had Alfred. Captain Kirk? He had Spock. Today’s information security professionals are no different. They work in the trenches to protect networks and applications and they are the modern day heroes of our digital lives. And thus, a guide for keeping up with the fast evolving cyber-threat landscape is valuable when supporting combat. Today at Radware, we’re pleased to provide a new tool to this community with the release of our newly updated DDoS Handbook. The handbook is subtitled ‘The Ultimate Guide to…
  • The NFV Carrier Opportunity – Takeaways from Light Reading’s Big Telecom Event

    Mike O'Malley
    16 Jun 2015 | 9:03 am
    On Tuesday June 9th, I presented at Light Reading’s Big Telecom Event and spoke about NFV in the mobile network. The event hosted a few thousand attendees for several hot Chicago days by the Lake and the NFV session was well attended. NFV is a hot topic in the Carrier industry. According to Heavy Reading, nearly 50% of the Carriers said that they are currently testing NFV solutions in their networks and the other 50% claimed they are in active study on the topic.  Carriers clearly see the value of the technology and its potential to both lower their costs by reducing their…
  • add this feed to my.Alltop

    pfSense Setup HQ

  • Video: Setting Up VLANs in pfSense

    admin
    28 Jul 2015 | 1:30 pm
    A single layer 2 network can be partitioned into two or more broadcast domains so we don’t have to add switches every time we want to add another network. This video shows how to set up 802.1Q VLANs with pfSense. The post Video: Setting Up VLANs in pfSense appeared first on pfSense Setup HQ.
  • Video: Demonstration of Squid Overriding Firewall Rules in pfSense

    admin
    27 Jul 2015 | 1:00 pm
    One phenomenon I initially didn’t understand is the fact that once Squid is enabled in an interface, it overrides any firewall rules you might have for ports that are controlled by Squid (80 and, if you enable the SSL proxy, 443). This is important to understand if you already have firewall rules in place. This video demonstrates this in practice. The post Video: Demonstration of Squid Overriding Firewall Rules in pfSense appeared first on pfSense Setup HQ.
  • Breaking News: pfSense 2.2.4 Released

    admin
    27 Jul 2015 | 8:05 am
    pfSense 2.2.4 has been released, which incorporates multiple security and bug fixes. Some things you probably should know about this upgrade: You can upgrade from any previous version straight to 2.2.4. It is considered a low risk upgrade. It is considered a high priority upgrade for users of IPsec 2.2x. For users of 2.1.x and earlier versions, there are a number of significant changes which may impact you. You can read all about it at the official pfSense blog. I will update the download links on the download page ASAP. The post Breaking News: pfSense 2.2.4 Released appeared first on pfSense…
  • Video: Installing and Configuring Squid3 in pfSense

    admin
    21 Jul 2015 | 3:00 pm
    In this video, I demonstrate how to install and configure the Squid3 package in pfSense. Although the older version of Squid is generally considered more stable, Squid 3.0 incorporates a number of features not included in the older Squid, including the ability to act as a proxy for SSL traffic. See the release notes for more information. As demonstrated in this video, installation and configuration of Squid3 is almost as easy as it is for the original Squid. The post Video: Installing and Configuring Squid3 in pfSense appeared first on pfSense Setup HQ.
  • Video: Installing and Configuring the Squid Proxy in pfSense

    admin
    20 Jul 2015 | 3:00 pm
    In this video, I discuss what a proxy is, why you might want to use one, and how to install and configure the Squid package in pfSense. It’s so easy that it takes only a few minutes to install and configure Squid. The post Video: Installing and Configuring the Squid Proxy in pfSense appeared first on pfSense Setup HQ.
 
  • add this feed to my.Alltop

    Tips4Tech Blog

  • 5 Must-Ask Questions Before Adding the Cloud to Your Infrastructure

    Allan Pratt
    21 Jul 2015 | 8:09 pm
    In a previous post, I asked, “Is Your Business Ready for the Cloud?” Five key issues were detailed to assist midsize businesses before making the decision to move to the cloud. But once your leadership and IT teams make the decision to move data to the cloud, your next step should be to sign a vendor agreement with your cloud provider. Don’t move forward without having your leadership and IT teams review the agreement in its entirety, and even better, include your legal team in the review process. According to the IBM Center for Applied Insights: “By 2016, cloud…
  • 12 Timeless Password Tips for Improved Security

    Allan Pratt
    8 Jul 2015 | 8:45 pm
    According to Splashdata, the #1 and #2 most commonly used passwords are “123456” and “password,” so the creation of strong passwords is one way that users can be proactive in fighting security breaches. Since passwords are the core of an overall security plan, here are my favorite password-related tips. When using a managed service provider, it’s just as critical to follow these guidelines because any time data travels to a third party, it can become more vulnerable. PASSWORD TIP 1 Make sure your passwords are complex. Use lower case and upper case letters, numbers, spaces, and…
  • Television’s Role in the Conversation about Cybersecurity

    Allan Pratt
    5 Apr 2015 | 12:20 pm
    Have you noticed all the recent storylines about cybercrime on television? Several episodes of “The Good Wife” focus on technology issues ranging from hacked emails to online privacy to ransomware (a type of malware that restricts access to the computer system it infects and demands a ransom paid to the creator of the malware in order for the restriction to be removed). And of course, the latest version of the CSI franchise is titled “CSI: Cyber,” whereby all episodes focus on online crime. This increased attention on cybercrime and resulting emphasis on cybersecurity…
  • A Cheat Sheet to Translate InfoSecurity for Key Business Units

    Allan Pratt
    9 Dec 2014 | 7:39 pm
    As a result of working with many different business units over the last decade, I’ve developed my ability to help companies by bridging the business and technology gap – and align technology strategies with business objectives. Toward that end, I have devised scenarios detailed below that translate infosecurity concepts into languages that team members can understand based on their specialty areas. My goal is to initiate a dialogue between business unit managers so that we may work as a team to mitigate internal and external threats. The truth is, without awareness, buy-in, and…
  • Cloud vs. Mobile: Can They Co-Exist?

    Allan Pratt
    1 Dec 2014 | 7:35 pm
    IBM recently published an Infographic featuring the following statistics: “68% of top CISOs and security leaders see security in the cloud and data privacy as a critical business concern yet 76% are worried about the theft of mobile devices and the loss of sensitive corporate data.” These stats would indicate that cloud and mobile devices/mobile data cannot co-exist. Yet, for the small and medium business (SMB) market, cloud computing and mobile device management (MDM) have become synonymous with doing business. Many businesses that comprise the SMB market have adopted, integrated, and…
  • add this feed to my.Alltop

    blackstratus.com

  • SOX Compliance: A Comprehensive Overview

    Rich Murphy
    28 Jul 2015 | 6:20 am
    It has been more than 10 years since the initial passage of the Sarbanes–Oxley Act of 2002 and, even today, many organizations still struggle to fulfill their auditing and compliance requirements. If not done smartly, meeting your obligations as a publically traded company can be expensive, time-consuming and ultimately counterproductive for your business goals. It doesn’t have to be that way. The more you know ahead of planning for an audit, the more seamless and effective the process will be. In this article, we attempt to answer the question, “What is SOX compliance,”…
  • How to Overcome Security Issues in Cloud Computing

    Don Carfagno
    18 Jun 2015 | 6:13 am
    There’s a strain of conservatism among certain IT professionals — the enthusiasm for all things new and innovative is tempered by skepticism about security challenges and other issues. Part of this is simply the nature of our industry. After all, it’s our job to anticipate risks and develop creative ways to mitigate them. However, this type of caution also leads to the kind of broad thinking and blanket statements that ultimately do little to address individual security challenges on an organizational level. Broad skepticism is particularly prominent when comparing cloud security vs.
  • On-Demand Passwords Vs. Two Factor Authentication

    Don Carfagno
    17 Jun 2015 | 4:00 am
    Two factor authentication has long been considered one of the best ways to prevent fraud and protect sensitive information against intrusion. In March 2015, however, Yahoo generated a lot of press with the introduction of its on-demand password system, supposedly a more convenient, easier-to-use alternative to two factor authentication that nevertheless provides a high level of protection against threats. Will Yahoo’s competitors start to adopt similar security on-demand intrusion protection, or will the technology fail to build on its initial promise? Let’s look beyond the hype and take…
  • The Clinton Email Scandal: A Wakeup Call for Network Security Professionals

    Rich Murphy
    1 Jun 2015 | 2:00 am
    Pollsters and journalists alike have been describing Hillary Clinton’s path to the Democratic nomination for president in 2016 to be inevitable, but that doesn’t mean there haven’t been some bumps along the road. To date, the most significant roadblock has been the recent revelations that Clinton used a private email account and server to send and receive messages while she was Secretary of State between 2009 and 2013. While only time will tell whether or not the scandal has an impact on Clinton’s quest to become the first female president of the United States, it highlights many…
  • Preventing Credit Card Hacks Through Integrity Monitoring

    Don Carfagno
    27 May 2015 | 4:00 am
    Recent high-profile hacks against Target, Home Depot and other major retailers have drawn attention to the vulnerability of credit card data both online and off. In the wake of this, several methods have been suggested for reducing the likelihood of future attacks. There’s no question that greater consumer awareness, as well as the adoption of smart card technology, will play a role in keeping credit card data secure in the future. But what can be done to prevent security breaches at the infrastructural level? What Is File Integrity Monitoring? File integrity monitoring (FIM) is already a…
  • add this feed to my.Alltop

    Milton Security

  • Neiman Marcus Ruling Sets Data Breach Lawsuit Precedent

    Milton Security Group
    30 Jul 2015 | 8:48 am
    A major question that has been bandied about in the last few data breach-ridden years has been,”Who do we hold responsible?”.  Clearly, we would love to hold the actual attackers responsible, but they have a tendency to disappear into thin air.  Not only that, but is it possible that, if the company had had the proper security, they wouldn’t have been attacked successfully in the first place?  If you leave your car doors open and someone steals your stuff, don’t you tend to feel a bit responsible(and a little stupid)? Companies have been getting hammered with data breaches left and…
  • Hammertoss Malware Tied To Old MiniDuke

    Milton Security Group
    29 Jul 2015 | 8:59 am
    Remember the MiniDuke backdoor?  No? Basically, it was malware used to attack 23 governments, mostly European, back in 2013.   The malware exploited a flaw in Adobe Reader, and gave the attackers the ability to copy and paste files to their own servers, create new directories, kill processes and install additional malware. This malware was a big deal because it was the first to be able to bypass the Adobe sandbox protection since the addition of the Protection Mode(Version X). However, malware doesn’t behave like a normal user, making it noticeable to systems, and it was caught quickly…
  • HealthFirst Hit By Data Breach

    Milton Security Group
    28 Jul 2015 | 9:05 am
    The Healthcare industry takes another hit! HealthFirst, an insurance company based in  New York, has announced that they have been the target of a data breach.  Not only that, but they already know that the intent was malicious.  The stolen data has already been used for fraudulent purposes against HealthFirst. Healthfirst began  notifying the 5,300 affected members yesterday via mailed letter(so ignore any phishing emails claiming to be HealthFirst). Members are encouraged to sign up for the free credit and identity monitoring that HealthFirst is offering free of charge. According to…
  • Android Vulnerabilities Found In Stagefright Could Be Devastating

    Milton Security Group
    27 Jul 2015 | 9:34 am
    Ask almost any Android owner why they chose their phone, and the answer will be because of how open it is.  It’s well known that Apple locks down their iPhones as if their Fort Knox, stopping the average user from changing anything fundamental. However, for those who enjoy the ability to program their phone, it’s also well-known that the openness leaves their Android open to vulnerabilities.  The big, bad vulnerability they’ve all been fearing may have shown up in the recently released flaw in Stagefright. Discovered by Joshua Drake, vice president of platform research and…
  • Don’t Overcomplicate the Simple in Risk Assessment

    Milton Security Group
    23 Jul 2015 | 8:26 am
    It’s a funny thing, all this emphasis on risk assessments and risk management. Listen to some parties and you’d think this is some magical whiz-bang marvel of engineering and decision analysis that will save us all. And yet, when you get right down to it, very few people seem to truly to understand what it is they are talking about. If I had a nickel for every time someone asked about risk assessments and yet couldn’t describe a basic risk management process, I’d probably have enough money for a bottle of Eagle Rare 10. Why is it that we seem inclined to over…
 
  • add this feed to my.Alltop

    Cyberoam : Securing You

  • Remote Code Execution Vulnerability Detected in Microsoft Windows

    Cyberoam Threat Research Labs
    22 Jul 2015 | 5:25 am
    The vulnerability tally in Microsoft Windows continues to grow and this one is of the Remote Code Execution (RCE) variety. Known as the OpenType Font Driver vulnerability, its existence can be attributed to the inability of the Windows Adobe Type Manager Library to properly handle specially crafted OpenType fonts. Unauthenticated attackers can exploit this vulnerability by either convincing users to open specially crafted documents or persuading them to visit a dubious webpage that contains embedded OpenType fonts. If attackers successfully exploit this vulnerability, they can take complete…
  • Cyberoam products are secure against OpenSSL vulnerability “CVE-2015-1793″

    Cyberoam Threat Research Labs
    13 Jul 2015 | 4:36 am
    Having issued a “high-alert” on a new vulnerability on July 9, which causes certificate forgery, OpenSSL team had businesses and IT products vendors around the world feeling a chill down their spine. OpenSSL bugs, in the aftermath of the Heartbleed vulnerability have gained increased notoriety, for they bring back the horrors of TLS / SSL compromise and how it impacted the online ecosystem, stabbing the heart of secure Internet. Labelled as “Alternative chains certificate forgery” by OpenSSL security advisory, the alert concerns a “high severity” rated patch affecting latest…
  • Trojan.Win32.Qudamah.Gen.24 Targets the Windows Platform

    Cyberoam Threat Research Labs
    8 Jun 2015 | 2:12 am
    The Windows platform is in the firing line of Trojan.Win32.Qudamah.Gen.24. This backdoor contacts a remote server, identifies itself, and accepts commands from the remote server. After receiving commands from the attacker, the malware can be used to perform several non-agreeable activities including but not limited to gathering system information, executing arbitrary files, deleting files, stealing file contents, uploading files to the remote server, taking screen shots and obtaining a listing of processes. FILE Details: File name: zender1.exe md5sum: 40f42b2e11e29d34f625da992cd545cf SHA256:…
  • Third Party Vendors – The Weak Links in Network Security

    Cyberoam
    5 Jun 2015 | 3:30 am
    “Your cybersecurity is only as good or bad as that of your vendors.” By 2019, the cyber security market will be worth a mammoth $155.74 billion. The market for next generation security appliances like firewalls could be worth between $15 billion to $20 billion over the next three years. These big numbers reflect the dawning realization on businesses about the need to fortify their mission critical systems from cyber threats. The cost of recovery from cyber fraud or data breaches is going up every year. According to Ponemon Institute’s 2014 Cost of Data Breach Study: Global…
  • Moose might mess up your Home Router!

    Cyberoam Threat Research Labs
    28 May 2015 | 4:19 am
    A new malware infecting series of Home based routers/modems running on MIPS and ARM architecture has been spotted. The said malware family specifically targets consumer devices based on Linux systems, and spreads by infecting other Linux based embedded systems in its path. The compromised devices are used to sniff unencrypted traffic and render proxy services to botnet operator. Key Capabilities of the Moose Malware The malware specifically targets Home routers The malware is capable of sniffing the traffic and sending the capture packets to remote C&C. Any devices generating network…
  • add this feed to my.Alltop

    blackstratus.com

  • SOX Compliance: A Comprehensive Overview

    Rich Murphy
    28 Jul 2015 | 6:20 am
    It has been more than 10 years since the initial passage of the Sarbanes–Oxley Act of 2002 and, even today, many organizations still struggle to fulfill their auditing and compliance requirements. If not done smartly, meeting your obligations as a publically traded company can be expensive, time-consuming and ultimately counterproductive for your business goals. It doesn’t have to be that way. The more you know ahead of planning for an audit, the more seamless and effective the process will be. In this article, we attempt to answer the question, “What is SOX compliance,”…
  • How to Overcome Security Issues in Cloud Computing

    Don Carfagno
    18 Jun 2015 | 6:13 am
    There’s a strain of conservatism among certain IT professionals — the enthusiasm for all things new and innovative is tempered by skepticism about security challenges and other issues. Part of this is simply the nature of our industry. After all, it’s our job to anticipate risks and develop creative ways to mitigate them. However, this type of caution also leads to the kind of broad thinking and blanket statements that ultimately do little to address individual security challenges on an organizational level. Broad skepticism is particularly prominent when comparing cloud security vs.
  • On-Demand Passwords Vs. Two Factor Authentication

    Don Carfagno
    17 Jun 2015 | 4:00 am
    Two factor authentication has long been considered one of the best ways to prevent fraud and protect sensitive information against intrusion. In March 2015, however, Yahoo generated a lot of press with the introduction of its on-demand password system, supposedly a more convenient, easier-to-use alternative to two factor authentication that nevertheless provides a high level of protection against threats. Will Yahoo’s competitors start to adopt similar security on-demand intrusion protection, or will the technology fail to build on its initial promise? Let’s look beyond the hype and take…
  • The Clinton Email Scandal: A Wakeup Call for Network Security Professionals

    Rich Murphy
    1 Jun 2015 | 2:00 am
    Pollsters and journalists alike have been describing Hillary Clinton’s path to the Democratic nomination for president in 2016 to be inevitable, but that doesn’t mean there haven’t been some bumps along the road. To date, the most significant roadblock has been the recent revelations that Clinton used a private email account and server to send and receive messages while she was Secretary of State between 2009 and 2013. While only time will tell whether or not the scandal has an impact on Clinton’s quest to become the first female president of the United States, it highlights many…
  • Preventing Credit Card Hacks Through Integrity Monitoring

    Don Carfagno
    27 May 2015 | 4:00 am
    Recent high-profile hacks against Target, Home Depot and other major retailers have drawn attention to the vulnerability of credit card data both online and off. In the wake of this, several methods have been suggested for reducing the likelihood of future attacks. There’s no question that greater consumer awareness, as well as the adoption of smart card technology, will play a role in keeping credit card data secure in the future. But what can be done to prevent security breaches at the infrastructural level? What Is File Integrity Monitoring? File integrity monitoring (FIM) is already a…
  • add this feed to my.Alltop

    Cognoscape, LLC

  • The Revolutionary New Piece of Gun Technology

    Cognoscape
    30 Jul 2015 | 11:33 am
    Technology has changed the way people do everything, from communicating with others to purchasing products – and now to how guns are used. Google has announced that they are in the testing phase of a cutting-edge new gun technology that supporters believe is the coolest thing to happen to guns since Smith and Wesson came out with the J-Frame. The app, which has been aptly dubbed ShotView, will allow those who use it to shoot with precision around corners and from unsupported positions and behind barricades, as long as they are using the proper firearm. There’s no denying the benefits that…
  • The Business Benefits of One-On-One IT Consulting

    Cognoscape
    16 Jul 2015 | 2:00 am
    In the world of business, if you want to stand out against the competition an information technology (IT) system that supports your goals is vital to your success. However, while this component of your business is crucial, it can be difficult to maintain on your own. Between developing your products and services, attending to the needs of your customers and handling all of the other aspects of your business, finding the time that is needed to invest in your IT system may be virtually impossible. Additionally, you may not have the in-depth knowledge that is required for managing your system.
  • The Latest in Military Technology

    Cognoscape
    25 Jun 2015 | 1:30 am
    The military has the best toys – things we could only imagine in our wildest dreams. The military creates, tests and deploys technology toys, from lucrative spy planes to robotic companions, the military is making astonishing advancements. Check out the latest in military technology we know about so far, and remember, these are only what they allow us to see. Self-Steering Ammunition Remember the days of Looney Tunes when the bullets maneuvered around corners to find their intended targets? Well, the military has employed a similar technology. Military snipers in war zones face…
  • Dropbox Isn’t As Secure As You Think

    Cognoscape
    11 Jun 2015 | 1:30 am
    Shocking, right? Where does such a bold claim come from? Dropbox services over 100,000 businesses and 300,000,000 users. The company reports users upload over 1 billion files every 24 hours, and 97% of Fortune 500 companies utilize some form of the service. What do the millions of users need to know about Dropbox? Dropbox is not as secure as you think. Let’s Talk About the Issues Claims about security lapses are nothing new to Dropbox. A “potential” security lapse occurred in 2011 when users could access other accounts without passwords, followed by a handful of ambiguous statements…
  • Benefits of Network Security

    Cognoscape
    14 May 2015 | 1:30 am
    You’ve spent countless hours, days, months, maybe even years building your business…what if everything you had worked for was ruined because of a security breach? All it takes is one bad security breach and you’re out of business. This is why your company needs CognoSecurity. Let’s look at the benefits of network security. Reduced Stress With CognoSecurity you will never lose sleep over stressing about your business’ security. We will handle everything so that you don’t have to. Now you have more time to focus on making your business even more successful, because you know it’s…
 
  • add this feed to my.Alltop

    TutorialsLodge

  • Security

    temmydahyour
    23 Jul 2015 | 4:40 pm
    Introduction Security is already an increasing concern for businesses.The .NET Framework is designed to allow for distributed applications across the Internet.This concept introduces a slew of security risks. Microsoft realizes these risks and has introduced new security functionality that is incorporated in the .NET Framework. This chapter is not meant to completely cover implementing security but rather to… Read More »The post Security appeared first on TutorialsLodge.
  • How Virtual LANs Help Reduce Broadcast

    Uche Gozie
    22 Jul 2015 | 8:43 pm
    I’ve heard people say things like “in our network we don’t use Vlan’s”. Well, just because you don’t use Vlans doesn’t mean they aren’t configured on your switch and to check that, lets run the below command on our switch. [crayon-55bbe72073477434661448/] From the result, you will notice that there is a default vlan on the… Read More »The post How Virtual LANs Help Reduce Broadcast appeared first on TutorialsLodge.
  • JavaScript For Learners – JavaScript Do While Loop

    Chimezie Enyinnaya
    17 Jul 2015 | 1:19 pm
    Hi guys, welcome to the very last episode of JavaScript Iteration which is part of the JavaScript For Learners. We have looked at For Loop, For In Loop and While Loop. We’ll be looking at the Do While Loop today, and as usual, I will be showing how it work and how to put it into… Read More »The post JavaScript For Learners – JavaScript Do While Loop appeared first on TutorialsLodge.
  • Setting Up FTP Server And Running FTP Client On Your Linux Box

    Uche Gozie
    14 Jul 2015 | 5:49 am
    I have said so much about FTP in my previous articles and I guess you are all beginning to think that I am in love with this protocol. Well you are right and I just want to share. These articles aren’t exactly a series but I have done justice to setting up a secured FTP… Read More »The post Setting Up FTP Server And Running FTP Client On Your Linux Box appeared first on TutorialsLodge.
  • VB.NET PDF – How to Create, Load & Save PDF

    temmydahyour
    10 Jul 2015 | 6:29 am
    Welcome back from a week break, am still  temmy, today we will be talking on how to create , load and save PDF . lets start by checking some of the vital step well ought to know before we could  create and perform the other process. we will be looking at Creating API simple API… Read More »The post VB.NET PDF – How to Create, Load & Save PDF appeared first on TutorialsLodge.
  • add this feed to my.Alltop

    blog.trendmicro.com

  • This Week in Security News

    Gavin Donovan
    31 Jul 2015 | 8:35 am
    Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!   The Show Goes On—More “Stagefright” Horrors with Auto-Play Videos Our researchers have now disclosed additional details about one of the vulnerabilities (CVE-2015-3824) in the so-called “Stagefright” cluster affecting Android…
  • Revealing Widespread Gas Station Cyber Attacks at Black Hat

    Cara West-Wainwright
    31 Jul 2015 | 7:00 am
    At Trend Micro it’s always been our job to work out where the next threat is coming from, so we can offer the best protection possible to our customers. Sometimes people listen to us at shows and say: “Seriously? That’s never happened to us.” But that’s the point. It hasn’t … yet. Who would have thought gas pump monitoring systems in the US were a target for hackers? The truth is they are, and at Black Hat next week we’ll tell you exactly how and why. Times have changed We’re no longer faced with bedroom-bound enthusiasts releasing potent but relatively innocuous viruses…
  • The Show Goes On—More “Stagefright” Horrors with Auto-Play Videos

    Christopher Budd (Global Threat Communications)
    31 Jul 2015 | 5:25 am
    Trend Micro researchers are now disclosing additional details about one of the vulnerabilities (CVE-2015-3824) in the so-called “Stagefright” cluster affecting Android users. The “Stagefright” vulnerability is actually a marketing label for a cluster of seven individual vulnerabilities. One of the vulnerabilities in this cluster, CVE-2015-3824, was independently discovered by Trend Micro’s research team at the same time as other security researchers.  This is actually a common occurrence in vulnerability research. For instance, we and other researchers found, and were credited for,…
  • Ready for Windows 10

    Andrew Stevens
    29 Jul 2015 | 1:37 pm
    Are you ready for Windows 10? Trend Micro has you covered. According to Microsoft, its latest operating system Windows 10 “is familiar and easy to use. It includes an improved start menu and is designed to start-up and resume fast…We’ve designed the upgrade to be easy and compatible with the hardware and software you already use.” Trend Micro has a helpful link (see below) to a special web page with tips and tools to assist you in making a smooth upgrade to Windows 10 while maintaining your security with our Smart Protection Suites and all of the Trend Micro endpoint security…
  • Trend Micro Security 10 is Ready for Windows 10

    Shannon McCarty-Caplan
    29 Jul 2015 | 6:00 am
    Are you ready for Windows 10? We are. According to Microsoft, its latest operating system Windows 10 introduces fresh ways to read, write, store, and share information. We have helpful links (see below) to web pages with tips and tools to assist you in making a smooth upgrade to Windows 10 while maintaining your security with Trend Micro™ Security 10 – our newly released software for home users that is fully compatible with the new operating system. Trend Micro Security 10 will help you do great things online safely. It gives you advanced Internet security and privacy, protecting you…
  • add this feed to my.Alltop

    Effect Hacking

  • aNmap - Android App For Hackers

    Gokul G
    29 Jul 2015 | 4:52 am
    ANmap is an android tool that you can use on a network to determine available hosts, services, operating system versions, types of packet filters/firewalls and other characteristics. It is an incredibly useful tool for hackers (ethical or unethical). Today I'm going to give you a step by step guide on how to use android Nmap to identify open ports and other server or host characteristics.
  • How To Bypass SMS Verification Of Any Website/Service

    Gokul G
    27 Jul 2015 | 4:55 am
    If you don't want to give your phone number to a website while creating an account, DON'T GIVE IT TO THEM, because today I'm going to show you a trick that you can use to bypass SMS verification of any website/service. Are you ready for the hack? If yes,...... Let's do this! Before jumping into the how to guide, take a look at the things you can learn from this article: Free SMS
  • How To Monitor a Remote Computer For Free

    Gokul G
    24 Jul 2015 | 8:23 am
    Do you want to monitor a remote computer for free? If the answer is yes,..... YOU CAN DO IT! This article is full of tricks and tips that you can use to monitor a remote computer for FREE. You might also like: How To Find Trusted, Secure, Free Proxy Services Here is the FREE computer monitoring guide: First, take a look at the things you can do with these tools: Spy on your spouse,
  • Hacked: When Cyber Spies Attack (Documentary Film)

    Gokul G
    23 Jul 2015 | 6:12 am
    Hacked: When Cyber Spies Attack is a documentary film produced by Australian Broadcasting Corporation. The film takes a deep look into the ever-growing problem of cyber attacks in both the civilian and government sectors. You might also like: How To Hack/Bypass Any Android App Locker Watch the full documentary: <!-- adsense --> Also check out the latest articles in Hacking Tools
  • AnDOSid - Android App For Hackers

    Gokul G
    23 Jul 2015 | 5:21 am
    AnDOSid is an android tool developed by Scott Herbert that you can use to launch DDoS attacks from your mobile phone. It was developed as a stress testing tool, but you know, anything can be misused, even a pen....  AnDOSid is so powerful, that you can even use it to take down web servers. But don't go for it, because it's one of the quick way to get into jail! <!-- adsense -->
 
  • add this feed to my.Alltop

    Bishop Fox » Blog

  • On the “Brink” of a Robbery

    Dan Petro
    28 Jul 2015 | 9:21 am
    When you think of a safe, you think exactly that: something that is inherently safe (because it protects, you know, money and other valuables). Traditional safes may have hardly been considered “secure,” but their computerized counterparts — so-called smart safes — may be even less secure. The Brink’s CompuSafe Galileo has a design flaw that has left it vulnerable to theft. A simple thumb drive is all that a clever (and tech-savvy) thief needs to break open the safe and take off with the cash inside. It’s in the Design First, some background information on the centuries-old…
  • Bishop Fox is Still a Top Place to Work

    Bishop Fox
    29 Jun 2015 | 10:15 am
    Well, this feels a little like déjà vu, doesn’t it? Last year, we proudly announced that we were named by CareerBuilder as a Top Company to Work For in Arizona. This year, the same is true once again. Time Flies Since we wrote about last year’s accomplishment, there have been some changes here at Bishop Fox – for starters, we’ve moved our Tempe office and hired a few new Foxes. Yet as much as things change, they stay the same – we’re still excited to head into the office around 10 AM, we still (try to) work from home on Fridays, and we still celebrate Taco Tuesday. Celebrating…
  • ISO 27018: The Long-Awaited Cloud Privacy Standard

    Birgit Thorup Mullen
    20 May 2015 | 11:24 am
    ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) released a new privacy standard for public cloud computing environments in August of 2014. This new standard, ISO 27018, joins the family of standards supporting the ISO 27001 standard for establishing and operating an Information Security Management System (ISMS). The standard takes into consideration other compliance requirements for privacy, so it can be used as an agnostic and uniform tool for evaluating privacy controls. What Is It? The main ISO 27018 standard lists the ISO…
  • Rethinking & Repackaging iOS Apps: Part 2

    Carl Livitt
    4 May 2015 | 12:38 pm
    In the first part of our series, we looked at how to modify an iOS application binary by inserting load commands to inject custom dynamic libraries. In Part 2, we take this a step further by introducing a toolchain designed to make some of our favorite iOS application hacking tools available on non-jailbroken devices. To facilitate this, we forked the fantastic Theos project by DHowett. For the uninitiated, Theos is basically a build environment that allows you to (among other things) easily write, build, and deploy Cydia Substrate tweaks for apps on jailbroken devices. Theos takes care of…
  • Security Should Be Application-Specific

    Brenda Larcom
    27 Apr 2015 | 11:06 am
    I’m looking for the perfect pants. They’re brown. They’re sturdy. They’re business casual. They have many huge pockets, artfully arranged so that I don’t look like a pack rat even after I stash my stuff in them. They don’t cost a fortune. And of course, they fit me perfectly. I have never met these pants. But if I did, I certainly wouldn’t give them to my cousins, who wish for black leather and pajama jeans respectively, or my friend from college, who is into purple cargo pants, or my brother, who is a good five inches taller than I am, even though every one of these…
  • add this feed to my.Alltop

    Cybernetic Global Intelligence

  • The Domino Effect – One Hack to Rule Them All

    Cybernetic Media
    26 Jul 2015 | 7:51 pm
    The increasing sophistication of hackers and their repertoire of attacks has made cyber security a must for companies and many have done a good job of beefing up their defense mechanisms in response. However, what many of even the largest and most successful companies often fail to do, with detrimental consequences, is ensure that their subcontractors, partners, supply chain members and others with network or application access maintain the same level of vigilance and defensive frameworks when combating cyber threats. Criminals are finding that third-party partners may provide relatively easy…
  • Social Engineering – Why You Are The Weakest Link

    Cybernetic Media
    12 Jul 2015 | 2:50 pm
    Social engineering is not a new concept that belongs in the 21 century. Ever since the Turks wheeled that wretched horse in tough the gates of Troy, social engineering tactics have proliferated throughout the world and become widely popular. What is specific to our century however, is the ability of criminals to use these social engineering techniques in the digital landscape. In most cases, it is incredibly more simple to infiltrate networks and get access to private information though a well-placed phone call to an unsuspecting employee than to spend hours sifting through code in an attempt…
  • Phishing – Don’t become someone’s big game!

    Cybernetic Media
    28 Jun 2015 | 10:48 pm
    If you haven’t received one of the numerous phishing emails or texts over the past few years – you are living under a rock or suffer from immeasurable good luck. Chances are, you have received one and just didn’t realise what it was. Best case scenario – it went into your spam folder never to be heard from again, worst case – you now have a large hole in your bank account where your money used to be. ‘Phishing’ usually refers to fraudulent emails, text messages or robot-calls that trick people into giving out their personal and financial data with the purpose of network…
  • Cyber Safety Faux Pas – Infographic

    Cybernetic Media
    1 Jun 2015 | 9:20 pm
    We’ve all been guilty of a few faux pas in our time, but have you ever considered your bad cyber security habits? To help you kick your habit and stop making your IT guy cry, we’ve compiled a list of some of the most common mistakes people make, and a few tips on how to avoid them!     Share this Image On Your Site <p><strong><a href=”http://www.cybernetic-gi.com/”>www.cybernetic-gi.com</a></strong></p> <p><a href=’http://www.cybernetic-gi.com/cyber-safety-faux-pas-infographic/’><img…
  • Malware – Hiding in Plain Sight

    Cybernetic Media
    31 May 2015 | 8:40 pm
    What is Malware? Malware is like APTs (Advanced Persistent Threats) annoying cousin that just won’t take a hint. Just like APTs, targeted malware is more often than not deployed with the objective of collecting as much information as possible, with as little ruckus as possible in order to remain undetected and ‘fly-under-the-radar’ for longer. However overall Malware ranges in the scope of it maliciousness, and is often used as an ‘umbrella’ term that covers a whole range of hostile software including spyware, viruses and adware. Malware can infect a computer with the single goal of…
Log in