Network Security

  • add this feed to my.Alltop

    Dark Reading:

  • Hotel Router Vulnerability A Reminder Of Untrusted WiFi Risks

    Jai Vijayan
    27 Mar 2015 | 1:25 pm
    A flaw in a popular router product may have exposed millions of hotel guests, says Cylance
  • Black Hat USA 2015: Defensive Bonus +3

    Black Hat Staff
    27 Mar 2015 | 8:00 am
    Defense never seems to garner quite as much glory as offense, but good home-base security is what keeps the lights on and the enterprise humming. Today we'll check out three Black Hat USA 2015 trainings that aim to up your security game and take the "hard" out of hardening.
  • Cyber Hunting: 5 Tips To Bag Your Prey

    David J. Bianco
    26 Mar 2015 | 7:30 am
    Knowing the lay of the land and where attackers hide is a key element in hunting, both in nature and in the cyber realm.
  • SSL/TLS Suffers 'Bar Mitzvah Attack'

    Kelly Jackson Higgins
    26 Mar 2015 | 6:00 am
    Researcher at Black Hat Asia shows how attackers could abuse a known-weak crypto algorithm to steal credentials and other data from encrypted communications.
  • SDN Shows Promise For Security

    Marcia Savage
    26 Mar 2015 | 5:00 am
    Improved security is emerging as a major reason for adopting software-defined networking, but concerns about potential SDN risks persist.
 
 
 
  • add this feed to my.Alltop

    TaoSecurity

  • The Attack on GitHub Must Stop

    27 Mar 2015 | 4:40 pm
    For many years, private organizations in the West have endured attacks by the Chinese government, its proxies, and other parties. These intruders infiltrated private organizations to steal data. Those not associated with the targeted organizations were generally not directly affected.Today an action by the Chinese government is affecting millions of users around the world. This is unacceptable.You may be aware that an American technology company, GitHub, is suffering a massive distributed denial of service attack, at the time of writing.According to Insight Labs, Internet traffic within China…
  • Can Interrogators Teach Digital Security Pros?

    24 Mar 2015 | 1:38 pm
    Recently Bloomberg published an article titled The Dark Science of Interrogation. I was fascinated by this article because I graduated from the SERE program at the US Air Force Academy in the summer of 1991, after my freshman year there. SERE teaches how to resist the interrogation methods used against prisoners of war. When I attended the school, the content was based on techniques used by Korea and Vietnam against American POWs in the 1950s-1970s.As I read the article, I realized the subject matter reminded me of another aspect of my professional life.In intelligence, as in the most mundane…
  • Why Would Iran Welcome Western Tech?

    2 Mar 2015 | 7:10 pm
    I noticed an AFP story posted by Al Jazeera America titled Iran could allow in Google, other tech companies if they follow rules. It included the following:Iran could allow Internet giants such as Google to operate in the the country if they respect its "cultural" rules, Fars news agency said on Sunday, quoting a senior official."We are not opposed to any of the entities operating in global markets who want to offer services in Iran," Deputy Telecommunications and Information Technology Minister Nasrollah Jahangard reportedly told Fars."We are ready to negotiate with them and if…
  • Boards Not Briefed on Strategy?

    19 Feb 2015 | 9:43 am
    I'd like to make a quick note on strategy, after reading After high-profile hacks, many companies still nonchalant about cybersecurity in the Christian Science Monitor today. The article says:In a survey commissioned by defense contractor Raytheon of 1,006 chief information officers, chief information security officers, and other technology executives, 78 percent said their boards had not been briefed even once on their organization’s cybersecurity strategy over the past 12 months...The findings are similar to those reported by PricewaterhouseCoopers in its Global State of…
  • Elevating the Discussion on Security Incidents

    19 Feb 2015 | 8:20 am
    I am not a fan of the way many media sources cite "statistics" on digital security incidents. I've noted before that any "statistic" using the terms "millions" or "billions" to describe "attacks" is probably worthless.This week, two articles on security incidents caught my attention. First, I'd like to discuss the story at left, published 17 February in The Japan Times, titled Cyberattacks detected in Japan doubled to 25.7 billion in 2014. It included the following:The number of computer attacks on government and other organizations detected in Japan doubled in 2014 from the previous…
  • add this feed to my.Alltop

    Spyware news

  • Threatening truth about Vawtrak malware

    27 Mar 2015 | 8:04 am
    It seems that today everyone is discussing about Vawtrak or Neverquest. If you have no idea what this virus can be used for and how does it spread, this article is just for you. The main reason why we decided to write about this malware is its increased distribution rate. It is known that this […]
  • Adware in Apple Mac OS X? Yes, it’s possible!

    20 Mar 2015 | 7:31 am
    Steadily, year by year, adware-type programs have been bothering Windows users. After being installed in a bundle with third-party downloads, they have been interrupting people with annoying pop-up ads, in-text links, banner ads and other commercial content. It should be mentioned that such applications are not considered malicious. Nevertheless, security experts recommend avoiding them. It seems that […]
  • Beware!!! Ransomware threats have just started their second round!

    28 Jan 2015 | 2:43 am
    You may have heard about a seriously dangerous ransomware, which is called FBI virus. This threat has been spreading around as an official notification from various governmental authorities, such as FBI, Police Central e-crime Unit, etc. After blocking the entire PC system this fake warning starts claiming that victim has to pay a fine for the […]
  • What should be known after the end of Windows 7 Mainstream Support?

    16 Jan 2015 | 7:01 am
    You may have already heard about the end of Windows 7 mainstream support. What does it mean for a typical PC user? As this Windows platform is known to be one of the most popular ones (it is believed that almost 56.26 percent of global PCs are still using it) we decided to dedicate some […]
  • 4 dangerous methods used by hackers that may turn your Christmas into hell

    15 Dec 2014 | 6:23 am
    Christmas is just around the corner, so we believe that there are thousands of people who are surfing thru online stores right know. If you are also one of those who are looking for presents that could please their darling ones, then you should do this very carefully. Believe us, we say so for a […]
 
  • add this feed to my.Alltop

    Uncommon Sense Security

  • Software Stockholm Syndrome

    9 Mar 2015 | 8:53 am
    Q: Why do you use that software? It’s horrible! A: Because it’s what I know, and once you get used to it it isn’t so bad. Sound familiar?  It’s what I like to call “Software Stockholm Syndrome”, and we’re all victims. Take the application I’m using to write this post, Windows Live Writer.  Writer used to be a sweet little WYSIWYG blog editor, lightweight and versatile.  Sure, a little light on features, but a great little app.  Microsoft put their stamp on the app they acquired with the Onfolio acquisition until it had a few more features and a stunning…
  • We need to talk about attribution.

    10 Feb 2015 | 7:09 pm
    One of the InfoSec community’s greatest distractions lately has been attribution, both specifically and generically. Let’s start with the Sony fiasco and the FBI’s pinning the attribution tail on the North Korean donkey.  Many people have beaten this to death, there has even been name calling over it.  And I don’t care.  There are certainly questions unanswered, but I’m not opposed to the idea that it was North Korea, I’m just not convinced “beyond a reasonable doubt”.  The argument is lost in the greater public, everyone believes it, just like they believe…
  • But Jack, community and stuff…

    30 Jan 2015 | 4:40 am
    A few folks have asked me about my roles on the advisory board for Intelligent Defence and as a judge for RSA’s new crowdsourced track.  I’m often thought of as “Mr. BSides”, which is unfair to a lot of people who do a lot more than I do to build and sustain the Security BSides movement and community, and unfair to the thousands of organizers, volunteers, speakers, sponsors, and participants who make BSides what it is.  This also overlooks the fact that I have long been engaged with a variety of groups and events, and I work in the security industry. The short version of the…
  • RSA Conference’s new crowdsourced submissions program

    28 Jan 2015 | 10:06 pm
    The US RSA Conference is adding something new for 2015, a crowdsourced submissions track.  RSA gets a stunning number of submissions each year, and it takes a long time to sort through them all- leading to a common grumble about the long lead time between submissions and the conference.  And as with almost any event, some question why certain talks were accepted over others.  RSA has been listening, and is trying this new crowdsourced track to address some of the feedback they have received.  You want a short leadtime for talks to allow for recent topics?  You want a…
  • Infosecurity Europe’s new “Intelligent Defence” conference

    26 Jan 2015 | 11:35 am
    My friends over at Infosecurity Europe have been listening to their attendees- and that’s pretty cool.  From the Intelligent Defence site: “Infosecurity Europe's meticulous research revealed that attendees of the Number 1 exhibition and conference in Europe require more in-depth, technical research sessions.” The folks at Infosecurity listened, and then acted, creating this new conference which will run parallel with Infosecurity Europe.  Again from the Intelligent Defence site: “Infosecurity Intelligent Defence 2015 is a two-day, technical security conference, focusing on…
  • add this feed to my.Alltop

    Schneier on Security

  • Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products

    schneier
    27 Mar 2015 | 2:03 pm
    More research. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
  • Yet Another Computer Side Channel

    schneier
    27 Mar 2015 | 5:01 am
    Researchers have managed to get two computers to communicate using heat and thermal sensors. It's not really viable communication -- the bit rate is eight per hour over fifteen inches -- but it's neat.
  • New Zealand's XKEYSCORE Use

    schneier
    26 Mar 2015 | 7:46 am
    The Intercept and the New Zealand Herald have reported that New Zealand spied on communications about the World Trade Organization director-general candidates. I'm not sure why this is news; it seems like a perfectly reasonable national intelligence target. More interesting to me is that the Intercept published the XKEYSCORE rules. It's interesting to see how primitive the keyword targeting is, and how broadly it collects e-mails. The second really important point is that Edward Snowden's name is mentioned nowhere in the stories. Given how scrupulous the Intercept is about identifying him as…
  • Capabilities of Canada's Communications Security Establishment

    schneier
    25 Mar 2015 | 4:55 am
    There's a new story about the hacking capabilities of Canada's Communications Security Establishment (CSE), based on the Snowden documents.
  • Reforming the FISA Court

    schneier
    24 Mar 2015 | 7:04 am
    The Brennan Center has a long report on what's wrong with the FISA Court and how to fix it. At the time of its creation, many lawmakers saw constitutional problems in a court that operated in total secrecy and outside the normal "adversarial" process.... But the majority of Congress was reassured by similarities between FISA Court proceedings and the hearings that take place when the government seeks a search warrant in a criminal investigation. Moreover, the rules governing who could be targeted for "foreign intelligence" purposes were narrow enough to mitigate concerns that the FISA Court…
  • add this feed to my.Alltop

    Security Uncorked

  • The Official RSA Conference Guide by Industry’s Top Snarkers

    jj
    27 Mar 2015 | 4:03 pm
    Sure, sure — you can check out the voluminous agenda and event catalogs detailing what you’ll find at RSA this year. But to get the real scoop on “where the world talks security”, you need an insider’s view, and the most accurate, full-featured, and entertaining take on the world’s largest security conference comes from us. Head over to the RSA Conference Blog site and soak in all the blogs you can find from the Securosis Team. I’m delighted and honored to join my colleagues in contributing to this year’s conference Official (Unofficial) RSA…
  • InfoSec World- Best, Worst and Common Practices for Securing Enterprise WiFi

    jj
    22 Mar 2015 | 9:00 pm
    The afternoon of Monday, March 23rd at InfoSec World in Orlando, I’ll be giving a talk in the mobile track titled “Best, Worst and Common Practices for Securing Enterprise WiFi“. Since the event site doesn’t post the full abstract, I figured I’d share it here for you, and I’ll tweet the crap out of it so you can find it. Session E3: Monday, 1:30pm “Best, Worst and Common Practices for Securing Enterprise WiFi” The ultimate how-to for network admins and technical decision makers. This session takes decades of experience and hits the high points…
  • Your Favorite Speakers at Infosec World 2015

    jj
    15 Mar 2015 | 7:45 am
    Okay, in full disclosure this probably isn’t going to be a list of YOUR favorite speakers, but it’s a list of some friend, colleagues, and mentors you don’t want to miss at this year’s Infosec World. A key to the session ID codes is below, and my favorite schedule format is their at-a-glance you can get here http://www.infosec-world.com/OS15_Grid_for_Web.pdf. Infosec World 2015 is March 23-25 at Disney’s Contemporary Resort in Orlando, FL. In no particular order… Oh, actually these are mostly alphabetical by last name. Deviant’s at the top because I…
  • Diana Kelley: 3 Books that Changed My Life

    jj
    14 Mar 2015 | 5:52 pm
    In this series, I asked infosec professionals to name 3 books that changed their life. This entry features picks from Diana Kelley, an industry mover and shaker currently serving as an executive in IBM Security Systems. If you looked at my profile and Diana’s side-by-side, you’d think we must run in the same circles – we’ve spoken at many of the same events, both serve as faculty at IANS, have written content for the same magazines. But the truth is I didn’t “find” Diana until some time last year, and it was purely by chance. She’s one of those…
  • Jack Daniel: 3 Books that Changed My Life

    jj
    17 Feb 2015 | 4:59 pm
    In this series, I asked infosec professionals to name 3 books that changed their life. This entry features picks from Jack Daniel, the self-proclaimed security curmudgeon and peer-described “glue” of our industry. Perhaps best known as the co-founder of Security BSides, there are many accolades of Jack’s professional success, and I might say the more subtle, softer side of Jack is often overshadowed by his well-developed curmudgeonly persona. The short version is that he wins awards, does great things, helps lots of people, and will never turn a blind eye or hurried goodbye…
 
  • add this feed to my.Alltop

    Infosec Events

  • Week 12 In Review – 2015

    md
    25 Mar 2015 | 1:50 pm
    Events Related Troopers15 Wrap-Up Day #1 – blog.rootshell.be This is Xavier’s first Troopers conference. Here is the wrap-up for the first day of Troopers15. Before the review of the talks, a few words about the conference. The venue was really nice as well as the facilities. Troopers15 Wrap-Up Day #2 – blog.rootshell.be This is Xavier’s wrap-up for the second day of Troopers15. Resources Attacks Only Get Better: Password Recovery Attacks Against RC4 in TLS – isg.rhul.ac.uk The team behind this research provide new attacks against RC4 in TLS that are focussed on…
  • Week 11 In Review – 2015

    md
    16 Mar 2015 | 12:29 pm
    Resources A Primer on IoT Security Research – community.rapid7.com In this blog post Mstanislav’d like to give a high-level sense of what IoT security research often entails. TThis post is intended for the casual security researcher, or even IoT vendor, who wants to know what this research looks like, and where to get started. ElasticSearch CVE-2015-1427 RCE Exploit – carnal0wnage.attackresearch.com Since the exploit is already out, here. To fix disable groovy scripting in config/elasticsearch.yml and upgrade to 1.4.3+. BSides Tampa 2015 Videos – irongeek.com These are the…
  • Week 10 In Review – 2015

    md
    9 Mar 2015 | 1:00 pm
    Resources A Visual Introduction to DSP for SDR – visual-dsp.switchb.org This is an animated slide deck providing a tour of digital signal processing topics relevant to implementation of software-defined radios, focusing on building visual/geometric intuition for signals. Anatomy of A Hack – theverge.com Partap Davis online life had been compromised. Read the full story here. A step-by-step account of an overnight digital heist. Net-Creds – github.com Sniffs sensitive data from interface or pcap.  Concatenates fragmented packets and does not rely on ports for service identification.
  • Week 9 In Review – 2015

    md
    2 Mar 2015 | 5:53 am
    Resources BSides Tampa 2015 Videos – irongeek.com These are the videos from the BSides Tampa conference. You can watch and download the videos from here. Gemalto presents the findings of its investigations into the alleged hacking of SIM card encryption keys by Britain’s Government Communications Headquarters (GCHQ) and the U.S. National Security Agency (NSA) – gemalto.com The analysis of the documents shows that the NSA and GCHQ targeted numerous parties beyond Gemalto. The published documents are real and refer accurately to events that occurred during 2010 and 2011. Honeypot…
  • Information Security Events For March

    sheila
    28 Feb 2015 | 2:09 am
    Here are information security events in North America this month: 5th ACM Conference on Data and Application Security and Privacy (CODASPY 2015) : March 2 to 4 in San Antonio, TX, USA   Cyber Risk Insights Conference San Francisco 2015 : March 3 in San Francisco, CA, USA   Global Privacy Summit 2015 : March 4 to 6 in Washington, DC, USA   SecureWorld Boston 2015 : March 4 to 5 in Boston, MA, USA   DakotaCon 2015 : March 6 in Madison, SD, USA   BSides Austin 2015 : March 12 to 13 in Austin, TX, USA   CactusCon 2015 : March 13 in Tempe, AZ, USA   BSides…
  • add this feed to my.Alltop

    Dr Anton Chuvakin Blog PERSONAL Blog

  • Links for 2015-03-09 [del.icio.us]

    Anton Chuvakin
    10 Mar 2015 | 12:00 am
    For threat intelligence programs, ROI evaluation proves tricky
  • Monthly Blog Round-Up – February 2015

    2 Mar 2015 | 8:01 pm
    Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month: “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? Well, you be the judge.  Current emergence of open source log search tools, BTW, does not break the logic of that post. SIEM requires a lot of work, whether you paid for the software, or not. “Simple Log Review Checklist Released!” is often at the top of this list – the checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the…
  • Links for 2015-02-27 [del.icio.us]

    Anton Chuvakin
    28 Feb 2015 | 12:00 am
    BBC News - Cybersecurity: Defending 'unpreventable' cyber attacks
  • Monthly Blog Round-Up – January 2015

    2 Feb 2015 | 3:59 pm
    Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month:“Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? Well, you be the judge.  Current emergence of open source log search tools, BTW, does not break the logic of that post. “Simple Log Review Checklist Released!” is often at the top of this list – the checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version) “Top 10 Criteria for a SIEM?” came from…
  • Annual Blog Round-Up – 2014

    20 Jan 2015 | 10:19 am
    Here is my annual "Security Warrior" blog round-up of top 10 popular posts/topics in 2014. “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? Well, you be the judge.  Current emergence of open sources log search tools (ELK FTW!), BTW, does not break the logic of that post. “Simple Log Review Checklist Released!” is often at the top of this list – the checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version) “New SIEM Whitepaper on Use Cases In-Depth…
 
  • add this feed to my.Alltop

    Security Blog

  • Weekly Intelligence Summary Lead Paragraph: 2015-03-27

    dkennedy
    28 Mar 2015 | 8:22 am
    It’s the end of March and you know what that means? It’s time for Cisco to release its semiannual IOS security advisories! This week the company released seven advisories to patch 16 vulnerabilities in its IOS product line. Speaking of patched vulnerabilities, Trend Micro and other security vendors reported that an exploit for a Flash Player vulnerability patched earlier this month had been integrated into the Nuclear exploit kit. If you haven’t already updated to the latest version of Flash Player, there’s no time like the present. Researchers from FireEye took a deeper dive into the…
  • Weekly Intelligence Summary Lead Paragraph: 2015-03-20

    dkennedy
    21 Mar 2015 | 1:54 pm
    We had just settled down with the first coffee of the week when new risk intelligence reports started popping up like dandelions. The Verizon Cyber Intelligence Center (VCIC) team needed to channel our inner hummingbirds this week to resist temptations to hyper-focus on several of the emerging “blooms.”  The OpenSSL project pre-announced a forthcoming release would include a “high” severity vulnerability fix.  Also on Monday, IBM’s X-Force released their 1Q15 Threat Intelligence report (reg. req’d).  Three weeks ago, ThreatConnect reported they observed domains related to the…
  • Weekly Intelligence Summary Lead Paragraph: 2015-03-13

    ssimpson
    16 Mar 2015 | 12:47 pm
    If a week features the second Tuesday of the month, it’s fair to say that week’s open source intelligence collections will feature major security bulletin releases. This week was no different. Microsoft published a hearty 14 bulletins to address 43 vulnerabilities in several of its products. The most notable bulletins feature patches for Internet Explorer, FREAK and a vulnerability initially patched back in 2010 that was exploited by Stuxnet. Adobe also issued a security bulletin, which patches 11 vulnerabilities in Flash Player. Luckily none of them appear to be under attack at this…
  • Weekly Intelligence Summary Lead Paragraph: 2015-03-06

    dkennedy
    7 Mar 2015 | 9:35 am
    ThreatConnect released “The Anthem Hack: All Roads Lead to China,” connecting a multitude of dots including those in reports from the FBI, Brian Krebs, CrowdStrike, PWC, and the March 2014 data breach at the U.S. Office of Personnel Management reported in July 2014.  The VCIC’s primary interest in actor attribution is developing actionable intelligence and the ThreatConnect report includes many actionable indicators of compromise related to the Anthem data breach.  This week, we collected more indicators for the espionage campaign using Babar/Bunny and now Casper malware courtesy of…
  • Weekly Intelligence Summary Lead Paragraph: 2015-02-27

    ssimpson
    4 Mar 2015 | 12:15 pm
    This week was a light week as far as intelligence collections go, or at least it seemed that way to the VCIC. That’s not necessarily a bad thing in the InfoSec space. Some of our more notable collections dealt with updates to several highly publicized breaches. Anthem confirmed 78.8 million individuals were impacted by the incident it disclosed earlier this year, including anywhere between 8.8 and 18.8 million non-customers. Target pegged the cost of its late 2013 payment card breach at $252 million, only $90 million of which has been covered by insurance. Hackers affiliated with Lizard…
  • add this feed to my.Alltop

    Optimal Security

  • Infosec Haiku

    Chris Merritt
    28 Mar 2015 | 1:21 pm
    Anata no joho sekyuritei konshu no haiku Twenty Percent of Top Sites Are Running Bad Code. Please Patch Your Site Now!   ### Notes ### * Thanks to Ms. Etsuko vdH for the translation. * Thanks to everyone who’ve contributed their haikus … watch this space to see if yours is published. * Submit Your Own … if yours is published, I’ll send you a $20 Starbux card. Please DM me at infosec-haiku@lumension.com. Contest Rules: all rulings by the judge (me) are final, blah blah blah.
  • Android users exposed to malware by installer hijacking vulnerability

    Graham Cluley
    27 Mar 2015 | 3:25 pm
    Security researchers have warned about a widespread vulnerability in Android devices, that could see attackers sneakily modify or entirely replace seemingly benign apps with malware, without users becoming aware. In other words, a user might attempt to install a legitimate version of “Angry Birds” but instead end up with a Flashlight app that’s harbouring malware. Every Android user is familiar with the screen that gets displayed during an app package’s installation, explaining the permissions that the app requests in order to run. What wasn’t commonly known was…
  • Introducing HEAT Software

    Lumension
    20 Mar 2015 | 11:17 am
    Jonathan Temple, President & CEO, HEAT Software. Our recent merger of Lumension and FrontRange marks an important new chapter in the evolution of service and unified endpoint management. The two companies are merging to form HEAT Software and I’m thrilled to be heading the newly formed organization as CEO. I should hasten to add that the new company will feature a blended management team with executives from both organizations. By bringing together the two leaders of hybrid service management and unified endpoint management solutions under one “roof”, HEAT Software is going to…
  • Brace yourself. Mystery OpenSSL high severity vulnerability due to be fixed on Thursday

    Graham Cluley
    18 Mar 2015 | 3:16 pm
    New versions of OpenSSL, the open-source software widely used to encrypt internet communications using SSL/TLS, are due to be released on Thursday, patching a series of security vulnerabilities. And one of those security vulnerabilities, according to the software’s developers, is considered “highly serious”. Details of the nature of the security flaws are currently non-existent, but an advisory published on Monday does explain that updates will be issued for OpenSSL versions 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf. Inevitably, there is much speculation online that the…
  • To Patch or Not To Patch, Which is Riskier?

    Orion
    16 Mar 2015 | 8:33 am
    Patching systems in an enterprise is a complex and risky activity. It’s extremely time-consuming if you do it right. It’s even more time consuming if you don’t do it right. And in either case, there is fallout to deal with after patching. The patches don’t get applied to some systems, some systems stop working after being patched. It’s a real project to go through the results and manually clean up these systems which didn’t behave as you expected. Many companies focus their efforts on patching the endpoints regularly, and less on internal critical systems.
 
  • add this feed to my.Alltop

    TRUSTe Blog

  • TRUSTe a ‘Best Places to Work 2015’ Finalist

    kfreeman
    27 Mar 2015 | 9:00 am
    The San Francisco Business Times and the Silicon Valley Business Journal released the finalists of its “Best Places to Work 2015” list, representing the best in the entire Bay Area. The final winners will be announced on April 14th. There are a total of five categories based on company size. TRUSTe is a finalist amongst … Continue reading »
  • End-of-Month-Recap: What You Might Have Missed

    kfreeman
    27 Mar 2015 | 8:00 am
    At the end of each month we’ll compile a list featuring some of the most informative and interesting privacy blog posts to let you know what topics are driving the privacy agenda this month. TRUSTe is launching Enterprise Privacy Certification for general availability on April 1st, 2015. This new offering consolidates five separate privacy services – … Continue reading »
  • Meet TRUSTe: Heidi Berger, Director, Product Management

    kfreeman
    25 Mar 2015 | 9:00 am
    Our latest series will introduce you to a new TRUSTe employee every week to give you an inside look at the talented, knowledgeable and friendly people who work at TRUSTe.   Name: Heidi K. Berger, CIPP/US Job Title: Director, Product Management How long have you worked at TRUSTe? 11 years! (I started on March 17, 2004). Tell us about your role … Continue reading »
  • New TRUSTe Certification Available to Demonstrate Privacy Compliance Across the Enterprise

    kfreeman
    24 Mar 2015 | 9:00 am
    With the rapid expansion in digital properties and heightened data privacy concerns, maintaining trust is more important than ever. It is no longer enough to say that an individual website or mobile app has good privacy practices. Companies need to be able to demonstrate to customers, employees, partners and regulators that they have strong data … Continue reading »
  • Join Privacy Professionals At This Week’s Meetup Event

    kfreeman
    23 Mar 2015 | 12:22 pm
    The Privacy Innovation & Technology Meetup group invites you to join them on Thursday, March 26th at TRUSTe headquarters in San Francisco for an evening of networking and discussion of of-the-moment privacy topics. The event will be held from 6-8 p.m. The topic for the evening will be “Demystifying Privacy Engineering.” Alexandra Ross (@sharemindfully), founder … Continue reading »
 
  • add this feed to my.Alltop

    Networking

  • Aerohive Keeps Innovating- PPSK, Guest and BYOD Management

    22 Mar 2015 | 10:36 am
    Aerohive is one of the original cloud-managed wireless networking vendors, and they always have something new up their sleeve.
  • Staying Afloat In Muddy Wireless Waters

    15 Mar 2015 | 6:43 am
    When it comes to Wi-Fi, things are often not what they seem. the 802.11 family of standards has only gotten more complex with each generation, from the early original 802.11 standard to our latest high-performance 802.11ac. This complexity has a ripple effect when it comes to simply trying to understand and explain wireless technologies, and gets compounded when marketing and misinformation enter the picture.
  • Learning the Basics of HetNets

    8 Mar 2015 | 2:56 pm
    The term HetNet is one of those that comes up often in tech media these days, but if you're not involved with networking in the carrier space it likely doesn't mean a lot to you. Though I'm a WLAN architect myself, I recently had an opportunity to get schooled a bit on the notion of HetNets as it applies to the bigger contemporary wireless world.
  • Does Your Tablet Have GPS, A-GPS, or aGPS? The Differences Are Big

    1 Mar 2015 | 10:19 am
    Tablet computers can be incredibly empowering for a number of professional and hobby applications that depend on location accuracy. Beware though- some tablet makers play fast and loose with reality when it comes to onboard GPS capabilities.
  • Many Choices For Wireless Display Mirroring- Choose Wisely

    22 Feb 2015 | 2:46 am
    The evolution of getting content to the big screen at the front of the room has brought us to an interesting place. We now have a range of choices when it comes to remote display-- but like everything in the network world, the devil is in the details.
  • add this feed to my.Alltop

    Free IT - Security Magazines and Downloads from alltop.tradepub.com

  • Securing Your Private Keys As Best Practice for Code Signing Certificates

    27 Mar 2015 | 12:00 am
    Certificates are for more than just Web servers - and code-signing certificates in particular can make your enterprise more secure, make your software more accepted, and even stop malware in its tracks. Learn about the many ways in which code-signing certificates are being used to create more secure, more trustworthy, and more accepted software in a variety of different scenarios.Request Free!
  • Accelerating Office 365 Adoption

    26 Mar 2015 | 12:00 am
    In this webcast, you'll learn how to ensure each department has a seat at the table and has its needs met without slowing down your purchase timelines. Office 365 expert and Microsoft MVP Paul Robichaux will focus on the out-of-the-box functionality for each stakeholder, while delivering tactics and guidance that'll mitigate concerns that often stall Office 365 procurement and deployment.Proactively answering stakeholder objections, and others like them, can help remove obstacles to Office 365 deployment, meet security and compliance requirements, and get stakeholders engaged about your…
  • Viruses, Spyware, Malware, etc. Explained: Understanding Online Threats

    25 Mar 2015 | 12:00 am
    When you start to think about all the things that could go wrong when browsing the Internet, the web starts to look like a pretty scary place. Luckily, Internet users as a whole are getting far more savvy, and better at recognizing risky online behavior.While pages with a dozen download buttons – or auto-checked boxes that tricked us into downloading things we didn’t want – are no longer quite as effective as they once were, that doesn’t mean there aren’t hackers out there right now trying to come up with new methods of deception. In order to protect ourselves…
  • The Database Hacker's Handbook: Defending Database Servers (a $50 value) FREE for a limited time!

    25 Mar 2015 | 12:00 am
    Databases are the nerve center of our economy. Every piece of your personal information is stored there-medical records, bank accounts, employment history, pensions, car registrations, even your children's grades and what groceries you buy. Database attacks are potentially crippling-and relentless.In The Database Hacker's Handbook, four of the world's top security experts teach you to break into and defend the seven most popular database servers. The bad guys already know all the information in this book. You need to know it too. Identify and plug the new holes in Oracle and Microsoft(r) SQL…
  • Securing the Future of Trust on the Internet

    24 Mar 2015 | 12:00 am
    It also discusses how Symantec is leading the way with world-class security and authentication practices, and what CAs, browser developers, customers, consumers and all other stakeholders can do to help build a more robust PKI ecosystem that can ensure security and trust across the entire Internet now and in the foreseeable future.Request Free!
 
  • add this feed to my.Alltop

    IT-Security

  • Thinking Beyond the Compliance Checklist – Why Your Organization Needs a Comprehensive Information Risk Management Strategy

    Bob Chaput
    26 Mar 2015 | 10:00 am
    Several years ago, many within the finance, banking and retail sectors were guilty of security for compliance sake. Regulations such as the Payment Card Industry (PCI) standard, and US Sarbanes-Oxley Act laid out specific expectations for organizations. But obviously they didn’t offer unique prescriptions for how individual organizations could best protect their information. Those who were proactive went beyond the regulations to take a comprehensive and balanced approach to safeguarding information. Others checked it off their list, and many ultimately paid the price. Fast forward to 2014,…
  • Be Afraid, Be Very Afraid: 3 Reasons You Should Fear HIPAA

    Bob Chaput
    24 Mar 2015 | 10:00 am
    In a recent Geico commercial, a group of teens are scrambling to avoid imminent danger. One teen says tearfully, “Why can’t we just get in the running car?” Another responds by asking the girl if she’s “crazy” and suggests hiding behind a wall of dangling chainsaws in a toolshed. Of course, the group deems this a great idea. GEICO had fun with the fact that “if you’re in a horror movie, you make poor decisions.” The really scary thing> This is a scenario that plays out all too often in response to HIPAA compliance as well. Many organizations are either inaccurately…
  • Verizon Report should be a Wake Up Call for the PCI SSC

    Branden Williams
    24 Mar 2015 | 7:05 am
    Streeter Seidell, Comedian, by Zach Klein Verizon recently released their annual state of PCI Compliance Report, which attempts to give a snapshot of current issues in the space as well as trending data over previous years. To summarize the report, the state of PCI Compliance is “not good.” It’s now 2015, more than 10 years after the first release of the standard, and we continue to struggle with compliance rates. In a Computer Weekly article, the GM of the Council says that “wake-up call for every business that cares about payment security.”…
  • Banks & Merchants are not ready for EMV

    Branden Williams
    19 Mar 2015 | 1:31 pm
    EMV, or that fancy chip thingie that many of you are starting to see in your banking cards here in the US, is an anti-fraud technology released in the 90s with global adoption. US markets are finally taking steps to encourage adoption here, and for the most part, nobody is ready. Chip, by Declan Jewell There is a key date coming up in October of this year. Essentially, merchants who have invested in EMV terminals that are capable of processing a transaction (meaning, the EMV slot can’t just be for show) will benefit from protections if counterfeit cards are used at their location. If…
  • Delay in HIPAA Audit Program Doesn’t Mean You Can Take a Wait and See Approach to Risk Management

    Bob Chaput
    19 Mar 2015 | 10:00 am
    Recent news that the Office for Civil Rights is delaying Phase 2 of its HIPAA Audit Program might tempt some organizations to breath a momentary sigh of relief, but taking your foot off the pedal would be a big mistake. Here are four big reasons why organizations should be making good use of the extra time afforded by OCR’s late start. 1. The actual length of the delay is unknown. All that has been reported is that OCR will delay the start of the audit program. No one knows how long the delay will be. You may have less time than you think before your organization gets a call. 2. When the…
  • add this feed to my.Alltop

    Email management, storage and security for business email admins

  • Massive Spam Scheme Nets Over 1 Billion Email Addresses

    Sue Walsh
    13 Mar 2015 | 7:00 am
    Three people were indicted on computer and wire fraud, and money laundering charges, in a Georgia courtroom in an operation the acting U.S. attorney called one of the largest data breaches in history. The three, two Vietnamese citizens and a Canadian citizen, are accused of stealing over 1 billion email addresses from various U.S. marketing companies and then raking in over $2 million dollars in commissions from the spam messages they sent to them. They also used the marketing firm’s own email servers to send the spam. This spam scheme “reflects the cutting-edge problems posed by…
  • Internet-Connected Refrigerator Turned Into Spam bot

    Sue Walsh
    12 Mar 2015 | 6:30 am
    An internet-connected refrigerator was discovered to be part of a botnet and part of a spam campaign responsible for pumping out over 750,000 spam messages. These sort of occurrences may become more common now that televisions, appliances, cars and other things are being given their own internet connections. “Botnets are already a major security concern and the emergence of thingbots may make the situation much worse” said security expert David Knight in a release. “Many of these devices are poorly protected at best and consumers have virtually no way to detect or fix infections…
  • CASL Flexes its Muscles: CRTC Slaps $1 Million Spam Fine on Training Company

    Malcolm James
    10 Mar 2015 | 5:00 am
    If you woke up today, poured yourself a tall, steaming mug of coffee, flipped on the TV and asked yourself the same question you ask yourself every day, then you’re not alone. The question? “What, good sir, is the use of a punitive law without punitive action?” Or something like that. It’s the question that burns at the deepest core of our souls. Well, not really, but it still has merit. So even if you haven’t asked yourself that burning question, we’re going to ask it anyway. What good is a law that isn’t being enacted? Answer: not too darned much. IT professionals, legal…
  • Malware Author Pleads Guilty

    Sue Walsh
    5 Mar 2015 | 5:30 am
    The admitted author of Blackshades, a RAT malware variant, plead guilty in a Manhattan court room yesterday. Alex Yucel of Sweden did not hesitate to enter his plea, admitting he knew the software was designed to cause damage. He sold his creation to other cybercriminals, racking up hundreds of thousands in sales while over 500,000 computers across the globe were infected with it. Spread via spam messages and drive by injections, Blackshades allowed hackers to talk over the infected PC, log keystrokes, activate the camera, steal passwords, and access files. It also acts as ransomware, sending…
  • FBI Teases $3 Million Reward for GameOver Zeus Creator

    Malcolm James
    3 Mar 2015 | 6:00 am
    Looking to make a little quick cash? You could buy lottery tickets, but you have a better chance of being struck by lightning than winning the big one. Keep telling yourself that someone has to win. In modern society, the quick payout isn’t necessarily a real thing. Sure, it happens, but it usually requires a ton of luck or a willingness to do something illegal. No, in today’s society, knowledge is worth something, and it can be exchanged for money if you have the correct knowledge. Case in point: if you have some specific information, the Federal Bureau of Investigation is willing to pay…
  • add this feed to my.Alltop

    Email management, storage and security for business email admins

  • Massive Spam Scheme Nets Over 1 Billion Email Addresses

    Sue Walsh
    13 Mar 2015 | 7:00 am
    Three people were indicted on computer and wire fraud, and money laundering charges, in a Georgia courtroom in an operation the acting U.S. attorney called one of the largest data breaches in history. The three, two Vietnamese citizens and a Canadian citizen, are accused of stealing over 1 billion email addresses from various U.S. marketing companies and then raking in over $2 million dollars in commissions from the spam messages they sent to them. They also used the marketing firm’s own email servers to send the spam. This spam scheme “reflects the cutting-edge problems posed by…
  • Internet-Connected Refrigerator Turned Into Spam bot

    Sue Walsh
    12 Mar 2015 | 6:30 am
    An internet-connected refrigerator was discovered to be part of a botnet and part of a spam campaign responsible for pumping out over 750,000 spam messages. These sort of occurrences may become more common now that televisions, appliances, cars and other things are being given their own internet connections. “Botnets are already a major security concern and the emergence of thingbots may make the situation much worse” said security expert David Knight in a release. “Many of these devices are poorly protected at best and consumers have virtually no way to detect or fix infections…
  • CASL Flexes its Muscles: CRTC Slaps $1 Million Spam Fine on Training Company

    Malcolm James
    10 Mar 2015 | 5:00 am
    If you woke up today, poured yourself a tall, steaming mug of coffee, flipped on the TV and asked yourself the same question you ask yourself every day, then you’re not alone. The question? “What, good sir, is the use of a punitive law without punitive action?” Or something like that. It’s the question that burns at the deepest core of our souls. Well, not really, but it still has merit. So even if you haven’t asked yourself that burning question, we’re going to ask it anyway. What good is a law that isn’t being enacted? Answer: not too darned much. IT professionals, legal…
  • Malware Author Pleads Guilty

    Sue Walsh
    5 Mar 2015 | 5:30 am
    The admitted author of Blackshades, a RAT malware variant, plead guilty in a Manhattan court room yesterday. Alex Yucel of Sweden did not hesitate to enter his plea, admitting he knew the software was designed to cause damage. He sold his creation to other cybercriminals, racking up hundreds of thousands in sales while over 500,000 computers across the globe were infected with it. Spread via spam messages and drive by injections, Blackshades allowed hackers to talk over the infected PC, log keystrokes, activate the camera, steal passwords, and access files. It also acts as ransomware, sending…
  • FBI Teases $3 Million Reward for GameOver Zeus Creator

    Malcolm James
    3 Mar 2015 | 6:00 am
    Looking to make a little quick cash? You could buy lottery tickets, but you have a better chance of being struck by lightning than winning the big one. Keep telling yourself that someone has to win. In modern society, the quick payout isn’t necessarily a real thing. Sure, it happens, but it usually requires a ton of luck or a willingness to do something illegal. No, in today’s society, knowledge is worth something, and it can be exchanged for money if you have the correct knowledge. Case in point: if you have some specific information, the Federal Bureau of Investigation is willing to pay…
 
  • add this feed to my.Alltop

    F-Secure Antivirus Research Weblog

  • Our VPN Service Takes Your Privacy Seriously

    19 Mar 2015 | 6:30 am
    TorrentFreak recently asked "leading [VPN] providers about their logging practices and other privacy sensitive policies."Questions such as:1 — Do you keep ANY logs which would allow you to match an IP-address and a time stamp to a user of your service? If so, exactly what information do you hold and for how long?2 — Under what jurisdiction(s) does your company operate?3 — What tools are used to monitor and mitigate abuse of your service?The folks responsible for our Freedome VPN answered:Read all the questions/answers at TorrentFreak and/or our Safe and Savvy blog. On…
  • The Ear of Sauron

    19 Mar 2015 | 6:30 am
    A recent story by The Daily Beast seems to have ignited a real firestorm over Samsung's "smart" television terms and conditions. Which is somewhat surprising to us as we read about it months ago via Mikko. But anyway, things that listen are topical.So… do the words "always-listening voice search" sound good to you? Or do they give you the creeps?Because that's the potential future of Google's Chrome browser:Image: How-To GeekThe "always-listening" feature is currently available via: Google Voice Search Hotword (Beta)And as always, the interesting details are in the fine print:Video:…
  • Variants of Ransomware Targeting Video Game Files

    19 Mar 2015 | 6:30 am
    "Free" Decryption — but you'll need to pay a ransom first.The image above is from the Web interface of a ransomware scheme that is targeting video game files (among others).Details here and here.Protip: backup — all — of your important stuff. On 13/03/15 At 12:09 PM
  • The Equation Group Equals NSA / IRATEMONK

    19 Mar 2015 | 6:30 am
    On December 29, 2013, Der Spiegel, a German weekly news magazine, published an article about an internal NSA catalog that lists technology available to the NSA's Tailored Access Operations (TAO). Among that technology is "IRATEMONK"."IRATEMONK provides software application persistence on desktop and laptop computers by implanting the hard drive firmware to gain execution through Master Boot Record (MBR) substitution."Source: Wikimedia"This technique supports systems without RAID hardware that boot from a variety of Western Digital, Seagate, Maxtor, and Samsung hard drives."On January 31,…
  • Nordea Phishing Campaign Continues

    19 Mar 2015 | 6:30 am
    Just when we thought this Nordea phishing campaign is over, it reared its ugly head once again. It made its comeback on March 5th.The phishing site looks pretty similar to the actual Nordea Finnish website.Many of us in the Labs are Nordea customers, so we know that if the perpetrator is able to steal information from this page, there is nothing else they can do other than login to accounts once and check the balance. They will be unable to do any transactions since they would need more than one pin number.However, the ones behind this did their homework.If someone falls victim to this…
  • add this feed to my.Alltop

    Pcthreat.com

  • OnePlayer

    28 Mar 2015 | 1:58 am
  • PC Optimizer Pro

    28 Mar 2015 | 1:58 am
    Despite the best efforts of the online security industry to secure the exact opposite, many of its consumers continue to fall into the trap set by malicious rogue security tools like PC Optimizer Pro. This...
  • Qone8.com

    28 Mar 2015 | 1:58 am
    Qone8.com is a search engine which returns search results from Google Search. The search engine is owned by Taiwan Shui Mu Chih Ching Technology Limited, and it very similar to such browser hijackers as...
  • Jelbrus

    28 Mar 2015 | 1:58 am
    We have recently witnessed a surge of malware infections which have been traced back to a new adware program called Jelbrus. Users should remove this infection, because it is very irritating and even...
  • V9 Redirect Virus

    28 Mar 2015 | 1:58 am
    V9 Redirect Virus is a malicious browser hijacker which infects the system while you are browsing insecure websites or when you download spam email attachments. Once the infection gets in the system, the...
  • add this feed to my.Alltop

    Threatpost | The first stop for security news

  • iOS, OS X Library AFNetwork Patches MiTM Vulnerability

    Chris Brook
    27 Mar 2015 | 11:56 am
    Until yesterday, a popular networking library for iOS and OS X, used by several apps like Pinterest and Simple was susceptible to SSL man-in-the-middle (MiTM) attacks.
  • Slack Discloses Breach of Its User Profile Database, Implements 2FA

    Michael Mimoso
    27 Mar 2015 | 11:49 am
    Collaboration providers Slack disclosed that a database storing its user profile information has been breached. The break-in has been stopped, and Slack announced that it has implemented two-factor authentication going forward.
  • FBI Pleads For Crypto Subversion in Congressional Budget Hearing

    Brian Donohue
    27 Mar 2015 | 10:49 am
    FBI Director James Comey pleads with Congress to create a law that would allow law enforcement access to encrypted mobile communications on Android and Apple devices.
  • GitHub Hit With DDoS Attack

    Dennis Fisher
    27 Mar 2015 | 8:54 am
    A large-scale DDoS attack, apparently emanating from China, has been hammering the servers at GitHub over the course of the last 12 hours, periodically causing service outages at the code-sharing and collaboration site.
  • Threatpost News Wrap, March 27, 2015

    Dennis Fisher
    27 Mar 2015 | 8:50 am
    Dennis Fisher and Mike Mimoso discuss the news of the week, including the Android app-replacement vulnerability, the Windows privilege escalation bug and the Yahoo transparency report and the company's crypto efforts.
 
  • add this feed to my.Alltop

    PC1News.com

  • Sos@anointernet.com Removal Guide

    admin
    27 Mar 2015 | 2:05 am
    Users from different countries complain that they have found a scary warning displayed on their desktops. The notification seems to be sent to inform the users that their computers were attacked by a virus-encoder. It claims that you have to send a message to the Sos@anointernet.com e-mail with your id to solve the case. Do not be tricked by this bogus warning, as it is aimed at misleading you. Indeed, if you are a victim of this ransowmare infection, you will be unable to access files on your computer. However, the truth is that this notification is displayed not to help you solve the…
  • Search.StrtPoint.com Removal Guide

    admin
    27 Mar 2015 | 1:54 am
    Search.StrtPoint.com is an alternative browser homepage and search engine which claims to offer optimized web browsing. This can be enticing, especially if you like to shop online. The engine has a separate “shopping” section which common browsers like Google or Yahoo do not feature. While this may seem like convenient service, there is no guarantee that Search.StrtPoint.com displays only legitimate ads. The site has noted that it may include third party content, but has stated it will not be held responsible for the reliability of such ads. In addition, Search.StrtPoint.com is known to…
  • Roaming Rate Removal Guide

    admin
    27 Mar 2015 | 1:46 am
    Roaming Rate is an adware program, developed by SuperWeb, LLC. This tool is presented as a useful app which finds bargain deals for you on the internet. It will feature comparative advertising and online shopping coupons to lure you into using its services. Though that may seem useful, the tool is not considered safe to use, as it links to ads from various sources it does not take responsibility for. This is stated in the EULA on Roaming Rate's official website. The program has stated it is not affiliated to the ad providers and has disclaimed any warranties related to the ads. Roaming Rate…
  • Metal Maker Removal Guide

    admin
    27 Mar 2015 | 1:42 am
    Metal Maker falls under the categories of adware and potentially unwanted programs (PUP). This is a typical ad-supported program, created by the developers of SuperWeb, LLC. The tool will show you various products from the web and try to lure you to follow its ads by pointing at bargain deals and offering coupons. The sources Metal Maker uses are various and not affiliated to the program itself. The developers of this tool take no responsibility for the reliability of the ads. This is typical for adware and can commonly lead to malware infections. Metal Maker can also track and use the data…
  • Fragile Fixer

    admin
    27 Mar 2015 | 1:38 am
    Fragile Fixer is a program which offers services to optimize your browsing experience. This includes comparative advertising and product ads. The tool is developed by SuperWeb, LLC. It typically works on all known web browsers, though the latest version of Google Chrome blocks its activity. This is an indication that Fragile Fixer is actually an adware application. It is also commonly referred to as a potentially unwanted program (PUP). The reasons for this utility to be labeled as such are the ways it functions. Fragile Fixer displays many advertisements each time you use your browser - a…
  • add this feed to my.Alltop

    NSS Labs

  • Detecting the Invisible Part 3: "Retreat from the Breach"

    5 Mar 2015 | 12:00 am
    Our approach to securing the enterprise has changed, and breach detection technology has been largely instrumental in this process. This report from NSS Labs is the final in a three-part series on the impact of the breach detection system (BDS). As the breach detection market continues to mature, several points are worth noting:
  • The Best Place for Yesware is Nowhere

    5 Mar 2015 | 12:00 am
    A talented security colleague came across a tweet from a company called Yesware and remarked to me that it could be construed as spear phishing with specific language for legal protection. I can see his point, but in pedantically technical language, no, this is not spear phishing. Yesware certainly could be a tool in a spear phisher’s toolbox, but that is not what it is designed for. Is Yesware Spyware?
  • Detecting the Invisible Part 2: "Once More Unto the Breach, Dear Friends"

    4 Mar 2015 | 12:00 am
    Our approach to securing the enterprise has changed, and breach detection technology has been largely instrumental in this process. This report from NSS Labs is the second in a three-part series on the impact of the breach detection system (BDS).
  • Breached? Continuous Forensic Analytics Speeds Incident Response

    3 Mar 2015 | 12:00 am
    Over the course of the last few years, the number of publicized breaches has risen dramatically, ultimately costing some CXOs their jobs. The irony is that in many cases, the breach itself is not the cause of their dismissal, but rather it is the handling of the situation after the breach is discovered and how quickly the executives can assemble the answers. It takes considerable talent and time (often weeks or months) to work through the incident response (IR) process within most organizations.
  • Detecting the Invisible

    2 Mar 2015 | 12:00 am
    Our approach to securing the enterprise has changed, and breach detection technology has been largely instrumental in this process. This report from NSS Labs is the first in a three-part series on the impact of the breach detection system (BDS).
  • add this feed to my.Alltop

    Private WiFi

  • Cyber Security Training Just As Important at C-Level

    Eva Velasquez
    24 Mar 2015 | 4:21 am
    The need for better online safety training to prevent data breaches is a hot topic right now. Coupled with stronger computer and network policies, companies want to prevent the hacking events that leave businesses susceptible to a data breach. While it’s no secret that employees in both the private sector and government service can unintentionally expose organizations to hackers, what is surprising is a report by Wombat Security that shows that 33% of CEOs fell for phishing attacks that led to network access. Why are they falling for this kind of internet activity? First, there’s a key…
  • E-filing: The Fastest and Safest Way to File Taxes?

    Eva Velasquez
    9 Mar 2015 | 9:54 am
    At this time of year, you’d be hard pressed to find someone who doesn’t love the idea of electronic tax filing. E-filing your annual return to the IRS offers speed and convenience and when coupled with industry-approved software that can plug in the values for you, a lot of the headaches traditionally associated with doing your taxes are eliminated. Of course, there are bound to be some drawbacks, so keep the following in mind when deciding whether to file returns with the IRS electronically or via the old-fashioned paper and mail method. One of the single biggest conveniences associated…
  • FTC Says Hotel WiFi is Dangerous

    Kent Lawson
    23 Feb 2015 | 8:15 am
    Recently, the FTC posted an article on their website stating that hotel WiFi is dangerous and that users should not assume that just because they pay for Internet access that their connection is secure. We couldn’t agree more. In fact, I have been stating this fact since we launched PRIVATE WiFi nearly five years ago.  This is an important topic because hotel travelers rank WiFi access at hotels as the number one amenity that they look for when booking hotel rooms. Why Hotel WiFi is Dangerous The FTC’s announcement is important because many travelers assume that using a WiFi network at a…
  • How Are You Celebrating Safer Internet Day 2015?

    Jared Howe
    9 Feb 2015 | 2:18 pm
    Safer Internet Day (SID), which falls on February 10th this year, helps promote safe and more responsible use of technology and mobile phones, especially for young children and teenagers.   This day of awareness and education gets more important every year because, for better or worse, the Internet is a part of our everyday lives; it’s become commonplace to upload selfies to Instagram, tweet our every thought, and check-in at our local coffee shop everyday. But what exactly can be done to really ensure our online privacy and security? That is where Safer Internet Day comes in. Created in…
  • Managing BYOD Security Threats: VPNs Mitigate The Risks

    Kent Lawson
    28 Jan 2015 | 7:35 am
    Small- and medium-sized businesses are facing the struggles of a  constantly changing technical landscape: they must provide the latest and greatest devices to their employees in order to stay competitive, and at the same time figure out how to do this with smaller budgets. One solution to this dilemma has been for companies to establish a BYOD (bring your own device) policy that allows employees to use their own mobile phones and tablets while doing work remotely. But while BYOD has allowed more employee freedom in terms of how and where they get work done, it’s also created huge security…
 
  • add this feed to my.Alltop

    Pivot Point Security

  • IT Continuity Plan Cost Factors

    Bob Cohen
    24 Mar 2015 | 8:06 am
    You would think that a guy who has spent the better part of twenty years doing just about every aspect of business continuity planning (BCP), including teaching, would have done a better job when a potential client asked: “Why is my IT service provider telling me they can do an IT continuity plan (ITCP) for $3,000 and you are saying yours will cost $15,000?” That’s not to say I didn’t answer his question… I did, for almost 10 minutes. My response was accurate, compelling and full of the passion I feel about the subject and Pivot Point’s methodology. The problem? I wasn’t…
  • You’ve Already Been Breached—The Challenge is to Find Out Where and How

    Mosi
    19 Mar 2015 | 8:04 am
    In the Security Weekly podcast’s year-end episode, the following provocative statement was made during a panel discussion on breaches: Every organization’s mindset for information security management should start with the assumption there’s already been a breach, and thus efforts should be focused on finding where the breach occurred. This is diametrically opposite from the prevailing information security management mindset of “preventing breaches from happening.” Is this message only for the CSOs of major corporations? Absolutely not! Every large organization knows it’s being…
  • Avoiding the Phishing Attacker’s Hook, Line and Sinker

    David Newman
    12 Mar 2015 | 7:32 am
    Whether you wear a black hat or a white hat, working in IT security gives you insight into human behavior that people in other professions might not have. For example, knowing how people tend to respond in situations—what they assume, what they don’t consider, what they won’t question because they want it to be true—and using that to illicit advantage, is what phishing and social engineering attacks are all about. Take the case of my friend’s father, a successful and respected anesthesiologist. This highly trained and intelligent man didn’t think twice when he got a phone call…
  • Why the Smartest Guy in the Room Shouldn’t be Your CSO

    John
    10 Mar 2015 | 7:38 am
    It would seem logical that the right response to the high-profile breaches at Target, Staples, Home Depot, and JP Morgan Chase would be to take your best and brightest Information Security player and put him in charge of keeping you secure. Unfortunately, I think that’s a recipe that’s likely to be wrong as often as it’s right. I think that for two reasons: 1) Smartest Person in the Room Disorder (SPIRD) and 2) Intellectual Attention Deficit Disorder (IADDD). And no, I didn’t make those up… although I am taking some liberty with them. SPIRD Really smart people are unfortunately…
  • Are you a Target for Cyber Attack? (Hint: Check Your Client List)

    Andrew Shumate
    5 Mar 2015 | 7:30 am
    The recent hack on Sony Pictures is being called the most destructive cyber attack reported to date against a company on US soil. The scope of the attack is unique, in that it was designed to (at a minimum) destroy property, curtail business activities, harass employees and others, and make confidential information public to inflict both reputational and financial damage. While the extent of the damage to the studio’s network, reputation and bottom line remain unknown—as does the identity and motivation of the perpetrators—two things are clear. First, the attackers were a highly…
  • add this feed to my.Alltop

    HOTforSecurity

  • Slack Got Hacked. Change Your Password Now!

    Bogdan Botezatu
    27 Mar 2015 | 5:20 pm
    Popular team messaging service Slack has just started notifying users about a security breach suffered earlier in February. According to the blog entry detailing on the incident, a group of unknown hackers have gotten access to a database containing user information like usernames and their corresponding e-mail addresses, hashed and salted passwords, as well as additional profile fields. The window of opportunity stretched for roughly four days in February. The notification received today emphasizes that, due to the strong password encryption and salting mechanism, hackers would be unable to…
  • Hackers hijack school Twitter account, post photoshopped image of teacher in his underpants

    Graham Cluley
    27 Mar 2015 | 8:51 am
    We all know that kids can get up to japes and mischief at school. I myself remember rallying together a crack squad of classmates to kidnap our school’s Christmas tree in 1987, for instance. Chances are many of us have similar tales to tell of tomfoolery. But now a British school has found itself the victim of an online prank, with its Twitter account hacked and revealing images purportedly of its head teacher posted online. Twitter followers of Oriel High, a secondary school in Crawley, West Sussex, found a stream of explicit language, claims that head teacher Philip Stack had joined a…
  • Spammers are After Apple Credentials, Bitdefender Warns

    Alexandra Gheorghe
    25 Mar 2015 | 8:37 am
    Emails claiming to come from Apple are being sent to English-speaking users to lure them into giving away their financial data, Bitdefender warns. Attackers ask unsuspecting users to review their billing information in a well-crafted message. Once they click on the “Reset now” link, the login screen asks them to enter their Apple ID and password. Next, users are asked to fill in account information, including credit card number, CVV and expiration date. After completing the form, a message reassures them the account has been secured using two-factor authentication. Bitdefender advises…
  • Fugitive posts on Snapchat that he’s hiding in the cupboard, while police search his house

    Graham Cluley
    25 Mar 2015 | 6:24 am
    Is this the dumbest fugitive ever? Meet 24-year-old Christopher Wallace, wanted by police in Somerset County, Maine, in connection with the theft of a wood stove earlier this year from a sporting camp, and violation of administrative release. Well, this weekend, Wallace made it remarkably easy for police officers to find him. The first thing he did was post a message on Snapchat, telling his friends that he was at a house in Fairfield, Somerset County. Someone tipped off the police, who duly went to search the residence. Two officers from Somerset County Sherrif’s Office, accompanied by…
  • Post-hack, Twitch users told to reset passwords… but they don’t have to make them too long

    Graham Cluley
    24 Mar 2015 | 6:32 am
    Video game streaming service Twitch posted a security alert yesterday, announcing that hackers had compromised its systems and users’ personal details may have been exposed. An email sent out to some users, described the type of information that online criminals may have been able to access: …there may have been unauthorized access to some of your Twitch user account information, including possibly your Twitch username and associated email address, your password, the last IP address you logged in from, limited credit card information (card type, truncated card number and…
 
  • add this feed to my.Alltop

    Data In Motion

  • What It Feels Like to Take Control of Your Files

    Tom Scearce
    3 Mar 2015 | 7:00 am
    Share and Enjoy Share on Facebook Retweet this Submit this to Stumble this Reddit this Over the last several weeks, we’ve examined the risks of using the public cloud in the enterprise workplace. From unauthorized file access to regulatory noncompliance, the potential scenarios vary from dire to more dire – and it’s up to decision makers to take control of their organization’s enterprise file sync-and-share (EFSS) procedures. But what does it feel like to have that control? If you’re currently trying to figure out how and where users are keeping their files, regaining control may…
  • 4 Benefits of Automating File Management Tasks

    Tom Scearce
    17 Feb 2015 | 7:00 am
    Share and Enjoy Share on Facebook Retweet this Submit this to Stumble this Reddit this In an effort to address an array of file-related challenges, many organizations automate file management tasks. Automation can enhance security, free up IT resources, and help you achieve order and control in an otherwise inadequately regulated file transfer environment. Let’s take a closer look at how automating file management can improve IT processes. Here are four fundamental benefits of ditching manual file maintenance in favor of automation. 1.   Save administration hours Your IT staff is busy.
  • Passing the Audit: Which Reports Demonstrate Compliance?

    Tom Scearce
    3 Feb 2015 | 7:00 am
    Share and Enjoy Share on Facebook Retweet this Submit this to Stumble this Reddit this Come audit time, many organizations must demonstrate that data security protocols align with regulatory standards. In an era when consumer applications in the public cloud are hijacking enterprise file sync-and-share (EFSS) processes, how can you ensure your organization will pass a compliance audit? While requirements vary by industry, there are a few data-related standards that nearly every compliance-burdened organization should be able to demonstrate. Here, we’ll examine all of those, paying…
  • How to Make a Business Case for Secure EFSS

    Tom Scearce
    20 Jan 2015 | 7:00 am
    Share and Enjoy Share on Facebook Retweet this Submit this to Stumble this Reddit this When properly implemented and managed, secure enterprise file sync-and-share (EFSS) applications can improve project management and empower your workforce. Unfortunately, making the business case for secure EFSS isn’t always easy – especially when users and management aren’t aware of the risks existing applications pose. Don’t get discouraged, though! The arguments in favor of change are strong. If you’re pushing your organization to eliminate public cloud use from the workplace, the following…
  • 3 Ways to Crank More Value Out of Existing IT Infrastructure

    Tom Scearce
    9 Dec 2014 | 9:16 am
    Share and Enjoy Share on Facebook Retweet this Submit this to Stumble this Reddit this From an IT manager’s perspective, there’s only one thing better than investments in valuable new infrastructure: getting more value from the IT assets you already have. Unfortunately, finding ways to harness that value isn’t always obvious. If you’re like most organizations we work with, you’re probably not sure how much of your utilized server capacity consists of files nobody needs or uses. What’s more, you may not be aware of how available server space can be utilized to increase security and…
  • add this feed to my.Alltop

    Seculert Blog on Breach Detection

  • Cybersecurity Needs to be a Higher Priority for Boards

    Liora R. Herman
    26 Mar 2015 | 12:33 am
    A cybersecurity awareness survey has revealed that today’s bad actors may have an unintentional and unwitting ally in very high places: board members in the UK’s FTSE 350 Index. According to the survey, which was conducted by KPMG on behalf of the UK government’s FTSE 350 Cyber Governance Health Check (a.k.a. Cyber Health Test): 65% […] The post Cybersecurity Needs to be a Higher Priority for Boards appeared first on Seculert Blog on Breach Detection. [[Read more...]]
  • Seculert’s Blog Recognized as one of the 50 Best Cloud Security Blogs of 2015

    Dudi Matot
    10 Mar 2015 | 2:40 am
    Fresh on the heels of being named as one of the 100 Coolest Cloud Security Vendors by CRN, it is my pleasure to share that Seculert’s blog has been recognized as one of the 50 Best Cloud Security Blogs of 2015 by GetVoIP. “Along with outlining cyberthreats, [Seculert’s] blog also provides cybersecurity tips, vendor news, […] The post Seculert’s Blog Recognized as one of the 50 Best Cloud Security Blogs of 2015 appeared first on Seculert Blog on Breach Detection. [[Read more...]]
  • US Data Breaches Reach Record High in 2014

    Liora R. Herman
    24 Feb 2015 | 5:38 am
    According to a new report from the Identity Theft Resource Center (ITRC), the number of US data breaches reached a record high of 783 in 2014 — a 28% jump over 2013, and 18% higher than the previous record of 662 data breaches tracked in 2010. Other key findings from the ITRC report include: For […] The post US Data Breaches Reach Record High in 2014 appeared first on Seculert Blog on Breach Detection. [[Read more...]]
  • Spamhaus Botnet: No Signs of a Slowdown Ahead

    Liora R. Herman
    18 Feb 2015 | 6:13 am
    The Spamhaus Project, an international nonprofit organization whose mission is to track the Internet’s spam operations and sources, has published its “Spamhaus Botnet Summary 2014” — and the synopsis isn’t inspiring, to say the least. According to the report, Spamhaus researchers found: 7,182 distinct IP addresses that hosted a botnet controller (C&C server) — a […] The post Spamhaus Botnet: No Signs of a Slowdown Ahead appeared first on Seculert Blog on Breach Detection. [[Read more...]]
  • Cybersecurity Tips for Financial Advisory Firms

    Liora R. Herman
    17 Feb 2015 | 5:48 am
    While safeguarding assets has always been core priority for financial advisory firms, in today’s world the list of threats isn’t comprised of just brazen thieves and rogue employees: it must also include hackers who want nothing more than to slip past their cybersecurity defenses, breach their network, and steal their private data for financial gain. […] The post Cybersecurity Tips for Financial Advisory Firms appeared first on Seculert Blog on Breach Detection. [[Read more...]]
  • add this feed to my.Alltop

    Managed File Transfer and Network Solutions

  • What is a Digital Signature?

    John Carl Villanueva
    26 Mar 2015 | 3:38 pm
    Overview Digital signatures help enforce security during data transfers. They're mainly responsible for establishing authentication, data integrity, and non-repudiation. Today, we'll be talking about the basic concepts behind digital signatures, where they're used, how they work, and why they're always an integral part of highly secure file transfers.
  • Understanding Hashing

    John Carl Villanueva
    23 Mar 2015 | 9:53 am
    Overview Hashes are essential to secure file transfers. You can find them in operations involving passwords, file integrity checks, digital signatures, digital certificate thumbprints or fingerprints, and others. But what are hashes? In this post, we'll introduce you to hashes, the concept of hashing, and its applications in various areas of security.
  • Symmetric vs Asymmetric Encryption

    John Carl Villanueva
    14 Mar 2015 | 11:35 pm
    Overview Secure file transfer protocols generally employ a combination of symmetric and asymmetric encryption to preserve the confidentiality of data while in transit. So why the need for two kinds of encryption? In this post, we take a closer look at the main functions of symmetric and asymmetric encryption, their strengths, their weaknesses, and why we'd prefer having both.
  • What Is WebDAV?

    John Carl Villanueva
    14 Mar 2015 | 2:36 am
    Overview Web Distributed Authoring and Versioning or WebDAV is a protocol whose basic functionality includes enabling users to share, copy, move and edit files through a web server. It can also be used to support collaborative applications with features like file locking and revision tracking. This blog post will introduce you to the basic functions of WebDAV, its similarities and differences with FTP and other file transfer protocols, and a few examples showing what you can do with it.
  • How To Delete Old Files From Your Server

    John Carl Villanueva
    3 Mar 2015 | 5:47 pm
    Overview Here's another task many customers want to automate on their SFTP, FTPS, or FTP server. They want their server to monitor certain directories and delete old files found there as soon as the files have reached a certain age. In this tutorial, we're going to show you how to automatically delete old files from JSCAPE MFT Server using triggers. These instructions apply irrespective of the file transfer protocol you activate on the server, so if you think this is something you can use, feel free to read along.
 
  • add this feed to my.Alltop

    Radware Blog

  • New Findings: State of the Union for Ecommerce Page Speed and Web Performance [Spring 2015]

    Kent Alstad
    22 Mar 2015 | 10:43 pm
    There are compelling arguments why companies – particularly online retailers – should care about serving faster pages to their users. Countless studies have found an irrefutable connection between load times and key performance indicators ranging from page views to revenue. For every 1 second of improvement, Walmart.com experienced up to a 2% conversion increase. Firefox reduced average page load time by 2.2 seconds, which increased downloads by 15.4% — resulting in an estimated 10 million additional downloads per year. And when auto parts retailer AutoAnything.com cut load times in…
  • NFV: What You Should Consider in Your ADCs

    Jim Frey
    12 Mar 2015 | 7:25 am
    Jim Frey is Vice President of Research, Network Management for Enterprise Management Associates (EMA) and is a featured guest blogger. Network functions virtualization (NFV) is one of the best-accepted and most-understood spinoffs of the SDN craze that has taken root over the past few years. The concept is straightforward: take features and capabilities that are typically implemented in the network and repackage them in forms that can be invoked automatically, without requiring the deployment of new hardware. Since the “deploy once, reuse many” formula is one that is well…
  • 3 Myths about Internet Connectivity – And How They Could Affect Your Business

    Nir Ilani
    10 Mar 2015 | 2:37 am
    Today’s Internet Service Providers (ISPs) invest money and effort in ensuring that the Internet links they provide to their customers work properly.  But is the investment delivering?  Let’s do a reality check and review some common myths related to Internet connectivity – and see if there is really any truth behind them. Myth #1: My Internet connectivity is reliable enough. Throughout my business travels I’ve had the opportunity to meet with many customers and all of them want their application service levels to be met.  When we talk about their link connectivity…
  • Meet Radware’s New Commercial-Grade Attack Mitigation Platform – Built to Defeat the Largest Cyberattacks

    Yotam Ben-Ezra
    3 Mar 2015 | 2:45 am
    Modern cyberattacks are sophisticated and are often launched over long periods of time.  The complexity of these attack campaigns can result in attack detection and mitigation algorithms becoming less effective.  This in turn, can create an increased need for talent and staffing as well as drive large processing needs for service providers and large enterprises. Organizations that used to rely on their service provider’s in-the-cloud protection service to stop DDoS found that the attacks that hit their business were bypassing the provider’s protection layer.  Why?  Because…
  • Can a CDN Stop Cyber-Attacks?

    David Hobbs
    26 Feb 2015 | 10:25 am
    In previous articles, we’ve reviewed content delivery networks (CDNs) from a variety of security perspectives – from how hackers have used them as weapons of DDoS to how bad actors can use free services to create astronomical billing issues.  CDNs are often used as a mask, to levy API abuse and web reflector attacks that plague the Internet via bots and scrapers.  Today, it is estimated that 65% of the traffic on the Internet is from such abuse.  If you were to reflect on that idea, would you think that a CDN can protect you?  That is the falsehood that is often believed. At a…
  • add this feed to my.Alltop

    Milton Security

  • The Art of the Spread

    Milton Security Group
    27 Mar 2015 | 2:26 pm
    There have always been many ways to get into a network.  You can come in through the internet/remote, through the wireless, through the client machines, etc.  Really the art of the spread comes down to combining all ways to infiltrate our secure networks until the attackers are in.  It’s not just one line of attack with one possible route of success.  Rather, a shotgun effect would be a more accurate and compelling argument for the technique employed. So how is this? How do attackers combine these methods to be able to take over our systems and hack our data?  Well, let’s…
  • Slack Database Breached

    Milton Security Group
    27 Mar 2015 | 11:15 am
    Popular real-time office communication service, Slack has announce that a database carrying user information was compromised.  The database carried personal information including usernames, email addresses, phone numbers, Skype identification and encrypted passwords. “We are very aware that our service is essential to many teams. Earning your trust through the operation of a secure service will always be our highest priority. We deeply regret this incident and apologize to you, and to everyone who relies on Slack, for the inconvenience,” Skype said in their announcement. After…
  • GiHub Under Attack

    Milton Security Group
    27 Mar 2015 | 9:34 am
    GitHub is currently under a massive DDos attack, which appears to be originating from China, and is causing intermittent service outages at the their code-sharing and collaboration site. The attack, which has been happening for more than 24 hours, appears to be escalating in response to Github’s mitigation efforts. GitHub has been tracking their efforts on their status page.  They discovered the attack Thursday after a brief outage. Since then, you can see that they’ve been fighting the DDoS attack, and occasionally winning.  However, their most recent update indicates that the war is…
  • Smart Bracelets Fall Prey to Attack

    Milton Security Group
    26 Mar 2015 | 1:57 pm
    Russian researcher, Roman Unuchek has hacked his own smart bracelet, although he refuses to say which type it is. Unuchek built a mobile app that that could connect with multiple devices and, unsurprisingly, found that he could connect to his own wearable tech.  His app scans for the devices, most of which are bluetooth and credential free, making them easy targets.  He tested his app by spending an hour in the gym, and two hours on the subway with his app.  He connected to 54 different devices. Of course once he connected to the wearables, he needed to convince them that his app was their…
  • Two Vulnerabilities Discovered in Cisco IP Phones

    Milton Security Group
    24 Mar 2015 | 9:52 am
    Cisco Small Business SPA300 and SPA500 Series IP Phones have an unauthenticated remote dial vulnerability. The vulnerability was discovered by Australia-based researcher, Chris Watts, and Cisco is currently working on a fix. “A vulnerability in the firmware of the Cisco Small Business SPA 300 and 500 series IP phones could allow an unauthenticated, remote attacker to listen to the audio stream of an IP phone,” according to Cisco’s advisory. The vulnerability stems from improper authentication settings when the phones are in default configuration.  A carefully crafted XML request could…
  • add this feed to my.Alltop

    Cyberoam : Securing You

  • Angler Exploit Kit Uses Domain Shadowing and Fast Flux Technique to Evade Detection

    Anurag Singh
    20 Mar 2015 | 3:56 am
    In recent times Angler Exploit Kit has become a hot favourite amongst threat actors. Now a new technique known as ‘Domain Shadowing’ is gaining prominence. In this technique, hackers steal domain registrant credentials and create thousands of sub-domains that are used in covering tracks while re-directing victims to the compromised websites and hosting malicious viruses online. Another similar technique used by hacktivists involves changing of IP Address allocated to a domain to avoid blocking, blacklisting and filtering. While Domain Shadowing rotates sub-domains associated with…
  • Are you ready to dive into the Deep Web?

    Keyur Shah
    18 Mar 2015 | 10:53 pm
    Before we dive into the “Deep Web”, consider this – the amount of digital information created in 2010, if stored completely on 16GB iPads stacked one on top of the other, would have erected a 339 mile high tower. That’ quite high, considering the tallest building on earth is not even a mile high. And it is 2015 now; thousands of websites come into existence every day, yet search engines can display or access only 3 percent of the total data available on Internet. You might wonder where on earth the remaining data is. What is Deep web? The so called surface web, which we all normally…
  • Crypto Fortress – The latest ransomware

    Anurag Singh
    17 Mar 2015 | 11:11 pm
    Another new variant of a ransomware has been discovered in the unsafe neighborhoods of Internet namely – Crypto Fortress. It was found and analyzed somewhere in the last week of February 2015. Network Security solution vendors are still analyzing if it has different variants and whether it will modify its stealth techniques and communication behavior with Command and Control Center. What is it? It seems it is an evolved version of TorrentLocker Ransomware with some very dangerous and new attributes. CryptoFortress uses a 2048 bit RSA-AES encryption key which is generated on the infected…
  • Popular WordPress plugin (WordPress-seo) by Yoast, vulnerable!

    Cyberoam Threat Research Labs
    13 Mar 2015 | 6:08 am
    Blind SQL injection vulnerability was discovered today in the popular WordPress SEO by Yoast version 1.7.3.3 WordPress SEO by Yoast is a popular WordPress plugin (WordPress-seo) used to improve the Search Engine Optimization (SEO) of WordPress sites. The latest version at the time of writing (1.7.3.3) has been found to be affected by two authenticated (admin, editor or author user) Blind SQL Injection vulnerabilities. An attacker can add their own administrative user to the target WordPress site, allowing them to compromise the entire web site. The severity of the vulnerability is critical…
  • The FREAK attack and why you need to beware

    Cyberoam Threat Research Labs
    11 Mar 2015 | 4:08 am
    The month of March woke up to a new vulnerability – a SSL/TLS vulnerability named FREAK (Factoring Attack on RSA-EXPORT Keys). It exists in OpenSSL versions 1.01k and earlier, and Apple’s Secure Transport. The vulnerability (CVE-2015-0204) allows hackers or intelligence agencies to force clients (browsers, etc.) to use older, weaker encryption which are also known as the export-grade 512-bit RSA keys. It was discovered by security researchers of French Institute for Research in Computer Science and Automation (Inria) and Microsoft. 36% SSL Websites out of 14 million, were found…
 
  • add this feed to my.Alltop

    Cognoscape, LLC

  • 4 Critical Ways IT Support Improves Your Business

    Cognoscape
    19 Mar 2015 | 12:39 pm
    If you’re afraid that IT support is going to be more costly for your business than without it, think again. The ways that companies do business with one another continuously changes as technology rapidly advances. In order to keep up, you need to be up to date with your servers, computers, phone systems, Internet connection and mobile devices. IT support from a company like Cognoscape with their CognoCare services will benefit your business by taking the burden off of in-house tech “experts” so you can focus on making a profit. To understand the benefits better, here are 4 critical…
  • 5 Critical Technologies To Keep Your Business Running During the Zombie Apocalypse

    Cognoscape
    4 Mar 2015 | 7:03 am
    It’s no secret that zombies have taken over the entertainment world in the past few years, thanks to The Walking Dead. You don’t have to be a fan of the show to appreciate zombies, since they have been a fascination of humans since the B.C. era. The question is: when the apocalypse happens, will you be ready? Everyone will be running for food and water, but how will you protect your business from the invasion of these flesh-eating monsters? Here are 5 critical technologies your business needs to stay afloat during the zombie apocalypse.   Cloud Storage Storing your…
  • Welcome To Our New Website

    Cognoscape
    19 Feb 2015 | 10:09 am
    We’re pleased to announce our new and improved website! We’ve been working hard to make sure that we’ve made the necessary adjustments to make this a more aesthetically pleasing and user-friendly version of our website. Since the announcement of our original site, several things have changed, and we’ve learned that our presentation and documentation needed a little updating, so we’ve spent significant time improving our site with more modern tools and principles in mind. Aside from the beautiful, new layout, we’ve also implemented a more modern and user-friendly design that’s…
  • 3 Tips To Help You Prevent Data Loss

    Cognoscape
    22 Jan 2015 | 1:00 am
    Data loss has been a hot issue lately, especially after the hacking of iCloud and the resulting leak of celebrity photos, as well as the attack on Sony Pictures, releasing massive amounts of confidential and personal employee data. Whether you’re a large multinational corporation or an independent technology company, your information is important and should be kept as safe as possible. Here are a few basic tips on how to make sure your data is secure and remains that way.   Backup Your Data By now, backing up your data should be common sense. Too many things can go wrong not to have…
  • 3 Leadership Lessons Learned From NBA Basketball

    Cognoscape
    8 Jan 2015 | 1:00 am
    It is undeniable that sports offer invaluable lessons and offer essential leadership roles for people of all ages. The NBA provides many essential examples for success. Ifyou consider yourself a leader, or you are in the beginning stages of becoming one, at work, home, in the community, or in an educational setting, the NBA offers more than entertainment; it is a critical leadership model for every stage of life for high-end results. 1. Adopt the three Cs: charisma, challenge, and control To be an effective leader, you need to know how to inspire and challenge others to do their very best.
  • add this feed to my.Alltop

    TutorialsLodge

  • Application Model in VB.Net 2

    temmydahyour
    26 Mar 2015 | 6:29 am
    Welcome back guys, last time we talk about the different property and their description which we need to understand before we can manipulate our programs to our own taste, we will be concluding on  it today RightToLeft : Indicates whether the form should draw right-to-left for RTL languages. ShowInTaskbar :Determines whether the form appears in… Read More »The post Application Model in VB.Net 2 appeared first on TutorialsLodge.
  • JavaScript For Learners

    Chimezie Michael
    26 Mar 2015 | 2:57 am
    Welcome guys to another tutorial series, this time we will be looking that the JavaScript programming language. As the title of the series states “JavaScript For Learners”, this tutorial is aimed that those that have never programmed in the JavaScript language before. I will be covering all about the JavaScript language form basics to advance.… Read More »The post JavaScript For Learners appeared first on TutorialsLodge.
  • Application Model in VB.Net

    temmydahyour
    24 Mar 2015 | 5:06 am
    Welcome back guys , today we will be discussing on Application Model and the way its works in visual basic.Net frame work. Windows Forms is the new platform for Microsoft Windows–based application development. It is based on the .NET Framework and provides a clear, object oriented, extensible set of classes that enable you to develop rich Windows-based applications.… Read More »The post Application Model in VB.Net appeared first on TutorialsLodge.
  • Simple CRUD Application In PHP And MySQL – Part 5

    Chimezie Michael
    21 Mar 2015 | 3:28 am
    Welcome guys to the fifth and final part of the Simple CRUD application In PHP and MySQL. In the previous part, we looked at displaying all staffs details from our staff table and also how we can display each staff details. If your just joining, please refer to the previous parts so as to catch up.… Read More »The post Simple CRUD Application In PHP And MySQL – Part 5 appeared first on TutorialsLodge.
  • Basic Controls in Visual Basic.Net

    temmydahyour
    19 Mar 2015 | 3:13 am
    Basic Controls VB.Net provides a huge variety of controls that help you to create rich user interface. for you to be able to use the visual basic. net perfect you have to fully understand the controls and their functions and how to deploy them into your programs. the Basic controls in VB.NET makes its easier for u… Read More »The post Basic Controls in Visual Basic.Net appeared first on TutorialsLodge.
  • add this feed to my.Alltop

    Guardian Network Solutions

  • 3 Dangers of Using Hotel Wi-Fi

    Cody Blake
    17 Mar 2015 | 12:20 pm
    If you are living out of a suitcase, it would not be far off the mark to say that at least once in your life you have accessed the Wi-Fi connection of the hotel where you have stayed. However, if … Continue reading >>> The post 3 Dangers of Using Hotel Wi-Fi appeared first on Guardian Network Solutions.
  • 6 Warning Signs That Your Network is Infected by a Virus

    Cody Blake
    7 Mar 2015 | 2:19 am
    Computer virus symptoms, like human viral symptoms, keep evolving over time. These mayusually take days or even weeks to evolve. With time they only end up getting smarter and stronger. However, not all symptoms mean that your computer is infected. … Continue reading >>> The post 6 Warning Signs That Your Network is Infected by a Virus appeared first on Guardian Network Solutions.
  • Important Specs to Look for in Antivirus Programs for your Business

    Cody Blake
    25 Feb 2015 | 11:43 am
    Antivirus program is a very important requirement for all businesses that use computers. Yet, no Antivirus Program can be said to be the best. If one program tops the list, it may lose its ranking the very next month. Yet, … Continue reading >>> The post Important Specs to Look for in Antivirus Programs for your Business appeared first on Guardian Network Solutions.
  • 5 Things Businesses Need to Know About Internet of Things

    Cody Blake
    13 Feb 2015 | 9:45 am
    Internet of things or IoT refers to all those devices and sensors, apart from tablets, computers and smart phones that transmit information or communicate with each other using internet. They include many wearable fitness trackers and also camera and televisions … Continue reading >>> The post 5 Things Businesses Need to Know About Internet of Things appeared first on Guardian Network Solutions.
 
  • add this feed to my.Alltop

    Trend Micro Simply Security

  • Trend Micro Recognized as a 2015 CRN 5-STAR Partner Program Winner

    Partha Panda
    26 Mar 2015 | 6:00 am
    Trend Micro is committed to delivering the highest level of service to our partners and we have been consistently recognized for our work. Now, we have another honor for which we are grateful. We’ve been awarded the prestigious 5-Star rating in The Channel Company’s CRN 2015 Partner Program Guide, and we are truly humbled. The CRN Partner Program Guide is a resource that solution providers rely on to discover, research and evaluate various vendor partner programs. The information is important as providers weigh and compare the benefits and incentives offered by manufacturers when…
  • Targeted Attack: The Game

    Rik Ferguson (VP, Security Research)
    25 Mar 2015 | 8:29 am
    April 2015 sees the release of a project that has been a year in the making for us. Something that we had affectionately been calling “Choose Your Own Adventure” for most of its lifetime as we laid it out, put some meat on the bones and finally stitched it all together (no we weren’t making Frankenstein’s monster). The project came initially from a conversation in the car on the way home from the office. We were discussing the challenges of changing the “security mind-set;” the difficulty in moving someone who believes that their “method” is successful mostly because they…
  • Trend Micro Worry Free: Number 1 for Small Business – Again

    Eric Skinner
    24 Mar 2015 | 11:21 am
    At Trend Micro, we’ve always placed the same emphasis on protecting our small and medium-sized business customers as the largest enterprises and government agencies which use our products. After all, the larger organizations might be the ones that grab the headlines, but small firms make up over 99% of all US firms and contribute significantly to the economy. That’s why they’re increasingly targeted by cyber criminals. So it was great to see Trend Micro’s ongoing commitment to securing smaller businesses validated by Canalys recently when the market watcher placed us number one…
  • Ensuring Internet Safety for Kids Requires Careful Mix

    Rik Ferguson (VP, Security Research)
    23 Mar 2015 | 7:00 am
    Ensuring Internet safety for kids is more complex than ever before because it now includes all your family’s home computers, cell phones, and tablets. Every device should be a part of the safety program. Creating a safer Internet environment for kids requires a careful mix of parental authority and family trust. Parental authority extends to using computer software with parental controls. Trust includes educating your kids on the do’s and don’ts of living a safe digital life, and showing them the best, most interesting uses of the Internet. Here are a few tips to get you started.
  • Are You Ready for Windows Server 2003 End of Support? Trend Micro Is

    Mike Smith
    20 Mar 2015 | 12:28 pm
    If you’re like thousands of other organizations in North America, you’ll currently be running Windows Server 2003. In fact, your business probably relies on it. But when Microsoft withdraws support for the platform on July 14, all bets are off as to the potential impact on your mission critical systems. At the very least, we can expect the black hats to research new exploits and target corporate users of the platform with renewed vigor. It is advisable for all firms to migrate to a newer version eventually, but for those that can’t do so by the July deadline, Trend Micro Deep Security…
  • add this feed to my.Alltop

    Effect Hacking

  • Hackers Took Down Nigeria Electoral Commission Website

    Gokul G
    28 Mar 2015 | 7:54 am
    Hacker group Nigerian Cyber Army hacked and took down the electoral commission's website on Saturday. They posted a banner : "Strucked by Nigerian Cyber Army", "Security is just an illusion." <!-- adsense --> Hackers also posted cartoons of incumbent President Goodluck Jonathan and Muhammadu Buhari on the site with a message "If you attempt to rig, you will pay." Hack didn't affect the
  • Google Adwords Displays Phishing Site For "Bing Ads"

    Gokul G
    28 Mar 2015 | 12:19 am
    Searching on Google to advertise with bing ? Beware, Google currently displays a phishing site link as a top result (Ads) for the query "Bing ads". <!-- adsense --> The search result looks official, the displayed URL on Google is bingads.microsoft.com, which is the domain for Microsoft's Bing ads network. But when you click on the search result, it will take you to a page that looks
  • Malware Hijacks Routers To Insert Ads and Porn Into Websites

    Gokul G
    27 Mar 2015 | 2:48 am
    Researchers at Ara Labs has uncovered a new ad-fraud scheme where fraudsters are using hijacked router DNS settings to intercept Google Analytics tags and replace them with pornography and ads. ATTACK SCENARIO First,  the attacker infects the router with DNS hijacking malware by taking advantage of default credentials and bugs on the routers. Then the malware changes the DNS settings on
  • Adult Site XTube Hacked, Serving Exploits

    Gokul G
    26 Mar 2015 | 2:28 am
    Researchers at security firm Malwarebytes have identified that the popular adult site Xtube is serving Exploits to infect visitors with malware.  <!-- adsense --> Malwarebytes said in a blog post, "Unlike other attacks we have seen in recent times, this one does not use malicious ads (malvertising) to compromise users. Instead, it injects a malicious snippet of code directly into Xtube
  • GCHQ To Find Next Generation Cyber Security Experts

    Gokul G
    25 Mar 2015 | 10:41 pm
    GCHQ, U.K based intelligence agency has launched a scheme called "Cyber First" to train talented people to become UK's next generation cyber security experts. Cyber First will conduct Cyber Security Challenge Programme and maths competitions in schools to select candidates. <!-- adsense --> Scheme offers financial assistance for those studying relevant science, technology, engineering
  • add this feed to my.Alltop

    Bishop Fox » Blog

  • Beyond Security Requirements: Secure Requirements

    Brenda Larcom
    17 Mar 2015 | 12:58 pm
    History shows that people are unlikely to develop or purchase secure software by accident. Back in the Dark Ages (think the 1990s), people built software and then tried to add security. This was rarely successful and frequently expensive. Progress, of a Sort As an industry, we’ve moved on to more efficient and more effective strategies, like building security in from the beginning. Developers talk to security folks earlier, and many projects identify security requirements before design completes. Progress, yes, but not as much as one would hope, because most of us are just bolting on…
  • Rethinking & Repackaging iOS Apps: Part 1

    Carl Livitt
    23 Feb 2015 | 4:11 pm
    In October 2014, Jonathan Zdziarksi (“JZ”) wrote a blog post about a little-known feature of the iOS app ecosystem: it’s possible to patch App Store apps and redeploy them on to non-jailbroken devices. (You should probably read his post before reading this one.) This is the first installment of a two-part series in which we will build on JZ’s work to present a more flexible, powerful means of modifying App Store apps on jailed iOS devices. To play along, you will need an Apple iOS account. iOS Tools on Jailbroken Devices We’re used to using our favorite tools like CydiaSubstrate and…
  • Stand Your Cloud: A Three-Part Series on Securing AWS

    Ruihai Fang
    13 Feb 2015 | 11:47 am
    This blog post is the first in a three-part series about AWS security best practices. Amazon Web Services (AWS) is arguably the most popular cloud computing platform. With the platform’s recent reduced pricing and added features, moving infrastructure to AWS is now more attractive for businesses and consumers looking to lower cost and maintenance while improving productivity. Interested in migrating to AWS as well? That’s a great idea, but you need a strong security foundation first. This series will discuss several recommendations for securing AWS. In this first blog post, we will cover…
  • Tastic RFID Thief: Silent, But Deadly

    Fran Brown
    24 Sep 2014 | 10:59 am
    You’re a professional. You’re equipped with the latest in elite, customized RFID hacking tools. So, it’s high time you put a silencer on your Tastic RFID Thief – the weaponized, long-range badge reader. We’ll show you how to avoid the embarrassingly loud beep when turning on your RFID badge stealer during your next physical penetration test. Because after all, silence is golden. Silencer for Your Weaponized RFID Reader So, you’ve built yourself a customized Tastic RFID Thief. Nice work. Fortunately, all the hard work is now done. It’s time for the finishing touches. Tastic…
  • In Heartbleed’s Wake: A Password Primer

    Christie Grabyan
    16 Sep 2014 | 10:05 am
    Passwords are the most commonly required authentication for website and email access, and they are effective when they work as designed – to prevent unauthorized access to an account or system. The Heartbleed vulnerability disclosure in April 2014 put the topic in the national spotlight, but the concerns about password security are no less diminished in light of the Apple iCloud incident and the news of the outdated Gmail password disclosure. In the wake of multiple published security incidents revolving around passwords, it is helpful to revisit how implementing leading practices can…
 
Log in