Network Security

  • Most Topular Stories

  • Beware!!! Ransomware threats have just started their second round!

    Spyware news
    28 Jan 2015 | 2:43 am
    You may have heard about a seriously dangerous ransomware, which is called FBI virus. This threat has been spreading around as an official notification from various governmental authorities, such as FBI, Police Central e-crime Unit, etc. After blocking the entire PC system this fake warning starts claiming that victim has to pay a fine for the […]
  • WiIl Millennials Be The Death Of Data Security?

    Dark Reading:
    Chris Rouland
    27 Jan 2015 | 8:00 am
    Millennials, notoriously promiscuous with data and devices, this year will become the largest generation in the workforce. Is your security team prepared?
  • Police Using Radar that Sees Through Walls

    Schneier on Security
    schneier
    27 Jan 2015 | 11:08 am
    In the latest example of a military technology that has secretly been used by the police, we have radar guns that can see through walls.
  • Outsourcing by small businesses increases

    Techwatch Tech News
    Brian Turner
    10 Jul 2014 | 8:03 am
    A survey of 2200 small businesses in the UK for Freelancer.co.uk reveals that the rate of outsourcing to the developing world by UK small businesses grew by 35% this year. Most jobs were outsourced to India, Pakistan and the Phillippines, … Continue reading →
  • World's largest DDoS attack reached 400Gbps, says Arbor Networks

    Latest Security Articles from Techworld
    27 Jan 2015 | 5:32 am
    NTP amplification fuelling era of super-massive DDoS
 
  • add this feed to my.Alltop

    Techwatch Tech News

  • Sony Xperia Z4 specs update

    Brian Turner
    13 Jan 2015 | 2:04 am
    The Xperia Z4 failed to show at CES 2015, but expectations remain high for Sony’s flagship smartphone, which is expected to launch around the end of September in the UK. At least two variations had already been expected – an … Continue reading →
  • PMC offers new business calls, lines, and broadband services

    Brian Turner
    10 Jul 2014 | 8:04 am
    PMC Telecom has announced a new package of calls, lines, and broadband services for business, with tariffs claimed to beat BT prices. It means the company becomes the latest ISP for small businesses, now able to offer both lines and … Continue reading →
  • Outsourcing by small businesses increases

    Brian Turner
    10 Jul 2014 | 8:03 am
    A survey of 2200 small businesses in the UK for Freelancer.co.uk reveals that the rate of outsourcing to the developing world by UK small businesses grew by 35% this year. Most jobs were outsourced to India, Pakistan and the Phillippines, … Continue reading →
  • Sony Xperia Z2 to launch

    Brian Turner
    27 Feb 2014 | 12:40 pm
    Sony are about to launch the Xperia Z2 – the successor to the highly successful Xperia Z1 – less than a month after releasing the Z1 compact. However, if you’re looking for an innovative upgrade you may be disappointed – … Continue reading →
  • Amazon offers 20% off all Kindles

    Brian Turner
    27 Feb 2014 | 12:16 pm
    Amazon have announced 20% off all Kindles – including the Kindle Fire HD and HDX editions. This results in the following current new prices for the different Kindle models: Kindle Fire HD: from £95.20 Kindle Fire HDX: from £159.20 Kindle … Continue reading →
 
 
 
  • add this feed to my.Alltop

    TaoSecurity

  • How to Answer the CEO and Board Attribution Question

    27 Jan 2015 | 2:27 pm
    Elements of the Q Model of Attribution, by Thomas Rid and Ben BuchananEarlier today I Tweeted the following:If you think CEOs & boards don't care about #attribution, you aren't talking to them or working w/them. The 1st question they ask is "who?"I wrote this to convey the reality of incident response at the highest level of an organization. Those who run breached organizations want to know who is responsible for an intrusion.As I wrote in Five Reasons Attribution Matters, your perspective on attribution changes depending on your role in the organization.The question in the title of…
  • The Next Version of testmyids.com

    24 Jan 2015 | 6:52 pm
    Longtime TaoSecurity Blog readers are likely to remember me mentioning www.testmyids.com. This is a Web site that returns nothing more thanuid=0(root) gid=0(root) groups=0(root)This content triggers a Snort intrusion detection system alert, due to the signaturealert ip any any -> any any (msg:"GPL ATTACK_RESPONSE id check returned root"; content:"uid=0|28|root|29|"; fast_pattern:only; classtype:bad-unknown; sid:2100498; rev:8;)You can see the Web page in Firefox, and the alert in Sguil, below.A visit to this Web site is a quick way to determine if your NSM sensor sees what you expect it to…
  • Is an Alert Review Time of Less than Five Hours Enough?

    23 Jan 2015 | 4:45 pm
    This week, FireEye released a report titled The Numbers Game: How Many Alerts are too Many to Handle? FireEye hired IDC to survey "over 500 large enterprises in North America, Latin America, Europe, and Asia" and asked director-level and higher IT security practitioners a variety of questions about how they manage alerts from security tools. In my opinion, the following graphic was the most interesting:As you can see in the far right column, 75% of respondents report reviewing critical alerts in "less than 5 hours." I'm not sure if that is really "less than 6 hours," because the…
  • Try the Critical Stack Intel Client

    23 Jan 2015 | 4:01 am
    You may have seen in my LinkedIn profile that I'm advising a security startup called Critical Stack. If you use Security Onion or run the Bro network security monitoring platform (NSM), you're ready to try the Critical Stack Intel Client.Bro is not strictly an intrusion detection system that generates alerts, like Snort. Rather, Bro generates a range of NSM data, including session data, transaction data, extracted content data, statistical data, and even alerts -- if you want them.Bro includes an intelligence framework that facilitates integrating various sources into Bro. These sources can…
  • Notes on Stewart Baker Podcast with David Sanger

    22 Jan 2015 | 6:43 am
    Yesterday Steptoe and Johnson LLP released the 50th edition of their podcast series, titled Steptoe Cyberlaw Podcast - Interview with David Sanger. Stewart Baker's discussion with New York Times reporter David Sanger (pictured at left) begins at the 20:15 mark. The interview was prompted by the NYT story NSA Breached North Korean Networks Before Sony Attack, Officials Say. I took the following notes for those of you who would like some highlights.Sanger has reported on the national security scene for decades. When he saw President Obama's definitive statement on December 19, 2014 -- "We…
  • add this feed to my.Alltop

    Spyware news

  • Beware!!! Ransomware threats have just started their second round!

    28 Jan 2015 | 2:43 am
    You may have heard about a seriously dangerous ransomware, which is called FBI virus. This threat has been spreading around as an official notification from various governmental authorities, such as FBI, Police Central e-crime Unit, etc. After blocking the entire PC system this fake warning starts claiming that victim has to pay a fine for the […]
  • What should be known after the end of Windows 7 Mainstream Support?

    16 Jan 2015 | 7:01 am
    You may have already heard about the end of Windows 7 mainstream support. What does it mean for a typical PC user? As this Windows platform is known to be one of the most popular ones (it is believed that almost 56.26 percent of global PCs are still using it) we decided to dedicate some […]
  • 4 dangerous methods used by hackers that may turn your Christmas into hell

    15 Dec 2014 | 6:23 am
    Christmas is just around the corner, so we believe that there are thousands of people who are surfing thru online stores right know. If you are also one of those who are looking for presents that could please their darling ones, then you should do this very carefully. Believe us, we say so for a […]
  • ESET joins Facebook to help it in a fight against malware

    4 Dec 2014 | 6:08 am
    Anti-malware protection is a seriously important thing that was underestimated for years. If you have also been thinking that antivirus is the only tool that you need for keeping your PC safe, you were wrong. In reality, there are lots of viruses that can be eliminated only with a help of anti-malware.. The importance of […]
  • Using expired anti-spyware can be as dangerous as having no anti-spyware!

    21 Nov 2014 | 5:54 am
    We have been saying for ages that you should always keep your anti-spyware up-to-date. No matter how insignificant it seems, it can easily save your time that you might need when trying to fix your infected computer. Of course, money is also a great factor because there are lots of viruses that can’t be eliminated […]
  • add this feed to my.Alltop

    Uncommon Sense Security

  • RSA Conference’s new crowdsourced submissions program

    28 Jan 2015 | 10:06 pm
    The US RSA Conference is adding something new for 2015, a crowdsourced submissions track.  RSA gets a stunning number of submissions each year, and it takes a long time to sort through them all- leading to a common grumble about the long lead time between submissions and the conference.  And as with almost any event, some question why certain talks were accepted over others.  RSA has been listening, and is trying this new crowdsourced track to address some of the feedback they have received.  You want a short leadtime for talks to allow for recent topics?  You want a…
  • Infosecurity Europe’s new “Intelligent Defence” conference

    26 Jan 2015 | 11:35 am
    My friends over at Infosecurity Europe have been listening to their attendees- and that’s pretty cool.  From the Intelligent Defence site: “Infosecurity Europe's meticulous research revealed that attendees of the Number 1 exhibition and conference in Europe require more in-depth, technical research sessions.” The folks at Infosecurity listened, and then acted, creating this new conference which will run parallel with Infosecurity Europe.  Again from the Intelligent Defence site: “Infosecurity Intelligent Defence 2015 is a two-day, technical security conference, focusing on…
  • Update on Security BSides

    2 Jan 2015 | 5:50 pm
    Another year is gone, and it was a pretty amazing one for Security BSides.  It is hard to believe that this adventure began five and a half years ago, with the first event happening in July of 2009.  BSides has exploded since then, there have been a total of 167 BSides events globally- with 58 in 2014 alone.  BSides have now been held in 74 cites in 16 countries, on every continent except Antarctica.  2014 brought BSides to more than a dozen new cities across the world, including the first events in Asia.  Some of 2014’s new BSides cities included Dubai (UAE),…
  • “Is your computer working?”

    29 Dec 2014 | 6:33 pm
    As promised, that other hospital tech incident.  I was leaving a friend’s room right after the nursing shift changed and the new nurses were beginning their rounds.  As I was preparing to leave I heard the nurse outside my friend’s room call down the hall “Is your computer working?”.  I paused in saying my goodbyes and we listened to the nurse muttering and typing ever louder on the mobile cart keyboard.  Not good.  Especially since that computer stood between my friend, and every other patient, and medications.  The nurse popped in, said they were having…
  • About that Herbie Hancock book

    16 Dec 2014 | 5:54 pm
    The first Hancock story I mentioned last week is the opening story in his new book.  He tells the story better than I do. I’m not far into the audiobook, but I wanted to hear a bit of it the other day between chapters of Kim Zetter’s new(ish) book on Stuxnet.  That one is good, too- Zetter balances making the story approachable to non-techies with detail enough to keep those with some knowledge of the events engaged.  Unfortunately, the audiobook version means I don’t have access to the extensive footnotes unless I buy a print copy, too- but I spend enough time on the…
 
  • add this feed to my.Alltop

    cissp CISSP training Certified Information Systems Security Professional

  • ISC2 announce changes to the CISSP CBK as of 15 April 2015

    Posted by boss
    16 Jan 2015 | 12:23 am
    NOW IS THE BEST TIME TO GET CERTIFIED -- BEFORE THE CHANGES BELOW WILL BE INTRODUCED LATER IN THE YEAR Good day to all, As you may be aware ISC2® has just released a new Common Body of Knowledge (CBK®) for the CISSP® and SSCP® exam.  This new CBK® will become effective as of the 15 April 2015 along with the new exam being available at that time. There is no need to panic right now.  It is more a refresh than a brand new CBK®.  Even the ISC2® books and resources have not been updated yet.    Over the next few days and weeks I…
  • CCCure New year Wishes and Update on what is happening

    Posted by boss
    3 Jan 2015 | 3:07 am
    Good day to all,First, let me wish you a great year 2015 and success in all of your learning projects or any other projects you may have.    Above all, I wish you HEALTH and happiness for you and all of your family members.   Your loved ones are always the most important thing to look after and protect.Year 2014 was full of success for CCCure but I also had my personal share of personal issues and challenges.   I am looking forward to a more quiet 2015.  I was so involved and working so many hours on providing resources and supporting the CCCure…
  • MY FRIEND SHON HARRIS PASSED AWAY

    Posted by boss
    15 Oct 2014 | 12:09 am
    March 27th, 1968  ~  October 8th, 2014OUCH! A shockwave just hit me this morning.What a devastating news I hear this morning.  My long term friend passed away.  She was so young and such an inspiration to others.  It is a very sad day for sure.On the 16 of September we were trading emails and she did not let her sickness transpire and she did not ever complain once or even mention it.  She was dynamic in her response and she soldier on as long as she could.  I was aware she was very sick but never taught it was progressing that fast.Shon was a lot more to…
  • The Holistic CISSP CBT Tutorial for the BCP and DRP domain of the CBK

    Posted by boss
    8 Aug 2014 | 1:01 pm
    Dear members, The CCCure Learning Portal  is our new Learning Portal and it will eventually replaced CCCure.org.   The CCCure.Org has lots of legacy, it has some spammer posting within articles, and it is due for retirement.   Over the next months we will migrate the relevant content of CCCure.Org to CCCure.Training.  So far I have developed 38 Hours of thorough Computer Based Tutorial on our new portal and I will continue over the next week as well. You can visit the new site at:  The CCCure Learning Portal Good day to all, I have never read as many NIST…
  • The CCCure Holistic Computer Based Tutorials (CBT) for the CISSP Exam

    Posted by
    29 Jul 2014 | 4:57 am
    Good day to all, I am pleased to say that I have just uploaded Part 3 of my Telecommunication and Network Security CBT tutorial to our Learning portal at https://cccure.training/index.php a few minutes ago.   I am now working on the 4th and last portion and it should be ready soon. That's a total of 24 hours of tutorial developed by CCCure/Clement for the CISSP CBK alone. The tutorials are available to Gold and Siver members at: https://cccure.training//m/articles/browse/category/CISSP+Online+CBT The MP3 files were uploaded as well and you can download them to listen while mobile on…
  • add this feed to my.Alltop

    Schneier on Security

  • Subconscious Keys

    schneier
    28 Jan 2015 | 4:39 am
    I missed this paper when it was first published in 2012: "Neuroscience Meets Cryptography: Designing Crypto Primitives Secure Against Rubber Hose Attacks" Abstract: Cryptographic systems often rely on the secrecy of cryptographic keys given to users. Many schemes, however, cannot resist coercion attacks where the user is forcibly asked by an attacker to reveal the key. These attacks, known as rubber hose cryptanalysis, are often the easiest way to defeat cryptography. We present a defense against coercion attacks using the concept of implicit learning from cognitive psychology. Implicit…
  • Police Using Radar that Sees Through Walls

    schneier
    27 Jan 2015 | 11:08 am
    In the latest example of a military technology that has secretly been used by the police, we have radar guns that can see through walls.
  • The IDEA Encryption Algorithm with a 128-bit Block Length

    schneier
    27 Jan 2015 | 4:24 am
    Here's an IDEA-variant with a 128-bit block length. While I think it's a great idea to bring IDEA up to a modern block length, the paper has none of the cryptanalysis behind it that IDEA had. If nothing else, I would have expected more than eight rounds. If anyone wants to practice differential and linear cryptanalysis, here's a new target for you.
  • Basaaly Moalin: The One "Terrorist" Caught by Section 215 Surveillance

    schneier
    26 Jan 2015 | 3:51 am
    Remember back in 2013 when the then-director of the NSA Keith Alexander claimed that Section 215 bulk telephone metadata surveillance stopped "fifty-four different terrorist-related activities"? Remember when that number was backtracked several times, until all that was left was a single Somali taxi driver who was convicted of sending some money back home? This is the story of Basaaly Moalin.
  • My Conversation with Edward Snowden

    schneier
    23 Jan 2015 | 2:57 pm
    Today, as part of a Harvard computer science symposium, I had a public conversation with Edward Snowden. The topics were largely technical, ranging from cryptography to hacking to surveillance to what to do now. Here's the video. EDITED TO ADD (1/24): News article.
  • add this feed to my.Alltop

    Security Uncorked

  • My first year with (ISC)2

    jj
    9 Jan 2015 | 8:00 am
    It’s been a year, and I thought this marked a great opportunity to revisit my positions of a year ago, when I was naive to the inner workings of the organization, and see if they’re still valid and in my cross-hairs. During my campaign in the 2013 elections to serve on the 2014+ Board of Directors, I said things… things which are forever emblazoned on the interwebs and cannot be undone, or forgotten. Here, I hop in the time machine  and take a look back to a year ago, as I campaigned for your support, to see if my points are still valid, or if naivety triumphed. I posted…
  • JJ’s Year-in-Review 2014

    jj
    6 Jan 2015 | 2:00 pm
    The year was a blur, but some great things found their genesis in this calendar so I want to share my wanderings and activities with you here, with a little narrative in my own voice. Here’s the down and dirty of where I was, and where my heart was in 2014. Enjoy! January: RSA Podcast on Neuro-Hacking 101 Kicking off 2014, my good friend and colleague Mike Rothman and I did a podcast with RSA as a lead-in to our talk by the same title this year. Read more and listen online. January: My first (ISC)2 Board Meeting In this sequence of never-to-be-forgotten days, I attended a cacophony of…
  • My Divine Comedy and InfoSec Purgatory: Personal notes from JJ

    jj
    5 Jan 2015 | 4:56 pm
    I’m writing this blog post tonight to share some thoughts, and perhaps solicit some entertaining (if not useful) feedback, which is sure to be the outcome. It’s a new day, a new week and a new year, and I’m ready to expose a few of my more inner thoughts and realizations in hopes of earning your support and, if not your support, perhaps your empathy as a matter of entertainment. Realizing my activity in blogging has been, well, more so an IN-activity as of late, I’ve felt this welling of random thoughts that I must share, lest I burst like an overfilled water balloon. In…
  • InfoSec Life Lessons from Dr. Seuss- keynote debut and BruCon

    jj
    3 Dec 2014 | 4:56 pm
    Recently I had the pleasure of unveiling my new keynote, “InfoSec Life Lessons from Dr. Seuss” at the BruCon conference hosted each year in Gent, Belgium. The event is absolutely amazing, extremely well-managed, features some of the best speakers, and offers actionable content. The energy and collaboration was off the charts and I would highly recommend any colleagues to attend this conference if given the opportunity. The opportunity to share a new message was a key point of my excitement at this conference. For the first time, I stepped completely outside of my comfort zone of…
  • JJ’s Top 10 Reasons to Vote in (ISC)2 Elections

    jj
    28 Nov 2014 | 6:06 pm
    Each year we go through the same cycle of love and hate during the annual (ISC)2 Board of Directors elections. Across the social media worlds, the apathy and frustration come head-to-head with excitement and hope. Disenfranchised members ask “why vote?” and “who cares?”, or make comments about how “nothing will change”. The more engaged crowd, led by hope and motivated by incremental change pushes for engagement and participation. I don’t know about you, but I was in the former before joining the Board myself. From the outside looking in, things…
 
  • add this feed to my.Alltop

    Infosec Events

  • Week 4 In Review – 2015

    md
    26 Jan 2015 | 11:05 am
    Events Related Our Favorite Presentations from ShmooCon 2015 – researchcenter.paloaltonetworks.com Jen and Phil were fortunate to attend this year’s ShmooCon, an annual hacker conference held in Washington, DC. Here are the wrap up of the conference. Resources BSides Columbus 2015 Videos – irongeek.com hese are the videos from the BSides Columbus Ohio conference. You can watch and download the videos from here. Guest Blog: httpscreenshot – A Tool for Both Teams – blog.bugcrowd.com The Shmoocon presentations that Kymberlee recommended last week did not disappoint, and She’s…
  • Information Security Events For February

    sheila
    25 Jan 2015 | 4:16 am
    Here are information security events in North America this month:   SANS Cyber Threat Intelligence Summit 2015: February 2 to 3 in Washington, DC, USA   Suits and Spooks Washington 2015 : February 4 to 5 in Washington, DC, USA   BSides Huntsville 2015 : February 5 to 7 in Huntsville, AL, USA   NDSS Symposium 2015 : February 8 to 11 in San Diego, CA, USA   NDSS Workshop on Usable Security 2015 : February 8 in San Diego, CA, USA   SecureWorld Charlotte 2015 : February 11 Charlotte, NC, USA   BSides Indy 2015 : February 21 in Indianapolis, IN, USA   BSides…
  • Week 3 In Review – 2015

    md
    21 Jan 2015 | 7:48 am
    Events Related Hou.Sec.Con 5.0 Experience (by an 8 year old) – prudentgames.com A 8 year old kid, Reuben Paul, share his feeling about Hou.Sec.Con 5.0 Experience! It was about qualities that kids and hackers share which makes kids really good hackers. For example kids are creative, kids are curious, kids are credible and kids are cool just like hackers. Resources Gitrob: Putting the Open Source in OSINT – michenriksen.com Gitrob is a command line tool that can help organizations and security professionals find such sensitive information. The tool will iterate over all public…
  • Week 2 In Review – 2015

    md
    12 Jan 2015 | 5:11 am
    Resources Win32 Assembly Cheat Sheet – strchr.com The idea is to put all reference information about x86 assembly language on the one page. You will find various kinds of moves (MOV, CMOV, XCHG), arithmetical (ADD, SUB, MUL, DIV) and logical (AND, OR, XOR, NOT) instructions here. The International Conference on PASSWORDS 2014. – video.adm.ntnu.no The International Conference on PASSWORDS 2014, Trondheim, Norway. This is the 7th event of the series, sponsored by the FRISC research network. You can watch and download all presentation videos from here. Clear Apartment. Clear Inbox. Clear…
  • Week 1 In Review – 2015

    md
    5 Jan 2015 | 2:12 pm
    Resources Index of /projects/media.ccc.de/congress/2014/h264-hd/ – mirror.us.oneandone.net Index of 31c3 congress videos are available here. You can watch and download the videos from here. 31C3: a new dawn – media.ccc.de You can browse and watch all the videos of 31c3 congress from here. World’s Biggest Data Breaches – informationisbeautiful.net interactive ‘Balloon Race’ code of World’s Biggest Data Breaches powered by VIZSweet. Selected losses greater than 30,000 records! MyToolZ – aluigi.altervista.org A tools archive containing open source programs created…
  • add this feed to my.Alltop

    Dr Anton Chuvakin Blog PERSONAL Blog

  • Annual Blog Round-Up – 2014

    20 Jan 2015 | 10:19 am
    Here is my annual "Security Warrior" blog round-up of top 10 popular posts/topics in 2014. “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? Well, you be the judge.  Current emergence of open sources log search tools (ELK FTW!), BTW, does not break the logic of that post. “Simple Log Review Checklist Released!” is often at the top of this list – the checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version) “New SIEM Whitepaper on Use Cases In-Depth…
  • Monthly Blog Round-Up – December 2014

    6 Jan 2015 | 2:34 pm
    Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month: “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? Well, you be the judge.  Current emergence of open sources log search tools, BTW, does not break the logic of that post. “Simple Log Review Checklist Released!” is often at the top of this list – the checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version) My classic PCI DSS Log Review series is always…
  • Monthly Blog Round-Up – November 2014

    1 Dec 2014 | 8:50 am
    Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month: “Donn Parker’s “Risks of Risk-Based Security” Summarized”, an old blog post from 2009, somehow made it to my top list this month. A mystery! “Simple Log Review Checklist Released!” is often at the top of this list – the checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version) “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described…
  • Links for 2014-11-12 [del.icio.us]

    Anton Chuvakin
    13 Nov 2014 | 12:00 am
    How Enterprises Can Get The Most From Threat Intelligence
  • Monthly Blog Round-Up – October 2014

    1 Nov 2014 | 11:11 am
    Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month: My classic PCI DSS Log Review series is always popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3.0 as well), useful for building log review processes and procedures , whether regulatory or not. It is also described in more detail in our Log Management book. “Simple Log Review Checklist Released!” is often at the top of this list – the checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the…
 
  • add this feed to my.Alltop

    Security Blog

  • Weekly Intelligence Summary Lead Paragraph: 2015-01-23

    dkennedy
    25 Jan 2015 | 4:42 pm
    Surprise attacks on two new vulnerabilities in Adobe Flash Player were prominent in Verizon Cyber Intelligence Center (VCIC) collections this week.  Wednesday, Kafeine reported the Angler exploit kit (EK) was attacking a previously unknown Flash vulnerability, CVE-2015-0311, as well as Flash vulnerabilities patched in November and December.  Thursday, Adobe released a security bulletin for a different Flash vulnerability, CVE-2015-0310 already being exploited in attacks in the wild.  Friday, Adobe pre-announced a security bulletin for next week to mitigate the risk from CVE-2015-0311. …
  • Weekly Intelligence Summary Lead Paragraph: 2015-01-09

    dkennedy
    9 Jan 2015 | 2:53 pm
    Bitstamp, a bitcoin exchange, had their New Year’s ruined by the theft of 19,000 bitcoins, (US$5.2 million at the time) but nothing has been reported about the method or actor responsible.  But Rex Mundi is keeping to their M.O. and attempted to extort €10K from Swiss Banque Cantonale de Geneve and threatened to publish PII, but not PFI, from thousands of the bank’s clients.  Twelve thousand customers of Massachusetts-based ID Parts are among the victims of a PFI data breach cause by a malware infection of the company’s payment systems.  AOL was the victim of a malvertising…
  • Weekly Intelligence Summary Lead Paragraph: 2014-12-26

    dkennedy
    2 Jan 2015 | 12:31 pm
    Leading the collections of actionable intelligence this week is the joint report from Group-IB and Fox-IT on “the Anunak Group” mostly targeting Eastern European banks, but recently adding retail and media-relations organizations in the US, Australia, Spain and Italy; most of its 14-pages include indicators of compromise (IOC). The “SoakSoak” infections of WordPress sites we began reporting in last week’s INTSUM continued this week. Sucuri reported details and IOC on Monday and Wednesday. ZScaler reported IOC for a different series of compromised WordPress sites with exploit kits…
  • Weekly Intelligence Summary Lead Paragraph: 2014-12-19

    ssimpson
    22 Dec 2014 | 11:07 pm
    Let’s get Sony out of the way first…again. The Guardians of Peace leaked more documents this week stolen during November’s breach. It doesn’t end there. The FBI officially pinned the attack on the government of North Korea. After weeks of listening to anonymous sources peg the attack on the North Korean regime as the US government played a game of will we or won’t we, the VCIC finally has an official statement it can cite regarding attribution. Other noteworthy collections this week includes a report of a successful spear phishing attack against ICANN that resulted in a breach of…
  • The 2014 Data [In]Security Hall of Fame

    kevin.thompson
    18 Dec 2014 | 7:36 am
    Ahh the holidays. A time when we think about goodwill towards our fellow man, exchanging gifts, and of course making lists! All the good boys and girls know that one of our projects here at Verizon Security Labs is the VERIS Community Database (VCDB), a free repository of breach incident data available to the public. As we go through the year adding cases to the dataset, we mark some of them as being “Hall of Fame” (HOF) candidates. So this year, instead of making yet another set of predictions of what to expect in 2015, we decided to review our nominees for the 2014 Data Security Hall of…
  • add this feed to my.Alltop

    symantec.com

  • Linux GHOST vulnerability (CVE-2015-0235) is not as scary as it looks

    Symantec Security Response
    28 Jan 2015 | 4:29 pm
    GHOST appears to be as serious as Shellshock and Heartbleed, but its impact is mitigated by several factors. Twitter Card Style:  summary_large_image read more
  • Short, sharp spam attacks aiming to spread Dyre financial malware

    Nick Johnston
    28 Jan 2015 | 10:55 am
    Spammers linked to the Cutwail botnet are trying to steal financial information by infecting users with Downloader.Upatre and Infostealer.Dyranges. Twitter Card Style:  summary_large_image Contributor: Joseph Graziano Since early January 2015, Symantec has been seeing multiple instances of short-duration, high-volume spam attacks targeting millions of users at a time. While these attacks last only a few minutes at a time, the vast number of emails sent during each burst was interesting. read more
  • Scarab attackers took aim at select Russian targets since 2012

    Gavin O Gorman
    22 Jan 2015 | 5:57 am
    The Scarab attack group has been distributing back door threats, Trojan.Scieron and Trojan.Scieron.B, to Russian-speaking individuals both inside and outside of Russia. Twitter Card Style:  summary Contributor: Yi Li read more
  • Unconfirmed zero-day vulnerability discovered in Adobe Flash Player

    Symantec Security Response
    21 Jan 2015 | 4:22 pm
    An unconfirmed zero-day vulnerability in Adobe Flash Player is being used by the Angler exploit kit to install malware. Twitter Card Style:  summary_large_image read more
  • Tubrosa threat drives millions of views to scammers’ YouTube gaming videos

    Christian Tripputi
    21 Jan 2015 | 9:22 am
    Cybercriminals are fraudulently earning advertising revenue by spreading click-fraud threat Trojan.Tubrosa, which sends compromised computers to their YouTube videos. Twitter Card Style:  summary_large_image read more
  • add this feed to my.Alltop

    Optimal Security

  • Missing the Forest for the Trees: 2015 Data Protection Maturity Trends

    Chris Merritt
    28 Jan 2015 | 6:00 am
    Today, in conjunction with the annual Data Privacy Day, Lumension released the 4th annual Data Protection Maturity Trends report. Based on a survey conducted in late 2014 of more than 700 IT security professionals from around the world, this report examines the issues and concerns facing IT security teams, how effective their data protection efforts have been to date, and their plans for 2015 and beyond. In many areas, improvements in organizational security posture were reported. However, there appears to be trouble lurking, hidden amongst the trees. We asked several questions to understand…
  • Ransomware: The Once and Future Storm?

    Chris Merritt
    27 Jan 2015 | 6:36 am
    Lumension recently released the sixth annual State of the Endpoint Risk report [PDF], based on research by the Ponemon Institute. I’ve blogged about this report several times this year: you can find those posts here and here. This past week I was honored to present the results of this research alongside Dr. Larry Ponemon, in what turned out to be a very lively 90-minute interactive webinar. I thank everyone who participated and especially who provided us with such great questions to discuss. If you missed it, you can view the on-demand version here (along with other cool bits &…
  • Is Your Organization a House of Cards – Part 3

    Orion
    26 Jan 2015 | 6:44 am
    Photo By 朕邦萬広 (CC BY-SA 3.0) In my last 2 posts (part 1, part 2) I explained I will be walking you through the attack of an airline company in order to obtain credit card data I can sell. I’ve identified an airline, Lychee Air, flying out of Hangzhou Airport. I was able to use a not-so-public IP camera to watch and learn the name of the company that caters Lychee’s planes. I’ll use the catering company’s access to get into Lychee’s network. I have confidence the kitchen is a low tech company with little invested in IT security. They are my first target.
  • Infosec Haiku

    Chris Merritt
    25 Jan 2015 | 8:32 am
    Anata no joho sekyuritei konshu no haiku State of the Endpoint Annual Report Now Out To Learn More, Go Here   ### Notes ### * Thanks to Ms. Etsuko vdH for the translation. * Thanks to everyone who’ve contributed their haikus … watch this space to see if yours is published. * Submit Your Own … if yours is published, I’ll send you a $20 Starbux card. Please DM me at infosec-haiku@lumension.com. Contest Rules: all rulings by the judge (me) are final, blah blah blah.
  • Infosec Haiku

    Chris Merritt
    25 Jan 2015 | 8:31 am
    Anata no joho sekyuritei konshu no haiku Data Privacy Day is Here Again – Have We Made Any Progress?   ### Notes ### * Thanks to Ms. Etsuko vdH for the translation. * Thanks to everyone who’ve contributed their haikus … watch this space to see if yours is published. * Submit Your Own … if yours is published, I’ll send you a $20 Starbux card. Please DM me at infosec-haiku@lumension.com. Contest Rules: all rulings by the judge (me) are final, blah blah blah.
 
  • add this feed to my.Alltop

    TRUSTe Blog

  • Meet TRUSTe: Kevin Trilli, VP Product

    kfreeman
    28 Jan 2015 | 9:00 am
    Our latest series will introduce you to a new TRUSTe employee every week to give you an inside look at the talented, knowledgable and friendly people who work at TRUSTe.  Name: Kevin Trilli Job title: VP Product How long have you worked at TRUSTe?: 6+ years (started in November ‘08) Describe your current role, how this has … Continue reading »
  • Data Privacy is a Major Concern for Consumers

    kfreeman
    28 Jan 2015 | 7:00 am
    Consumers consider data privacy to be a hot button issue, according to responses from a recent survey. Despite increasing talk of regulation enforcement, best practices and self-regulatory measures, many consumers consider data privacy a concerning issue. The top concern is that companies will collect personal data and share that data with other companies (38 percent … Continue reading »
  • Privacy Impact Assessments: Creating a Data Map

    kfreeman
    27 Jan 2015 | 9:00 am
    This post is part 3 of a 4 part series about Privacy Impact Assessments (PIAs) that we will be posting weekly. Privacy officers, executives and project managers all benefit from PIA insights to ensure the privacy practices at their organizations are ethical and safe. There are a total of six steps when conducting a PIA. … Continue reading »
  • APEC Member Economies Unanimously Approve TRUSTe’s Renewal as Accountability Agent for Cross Border Privacy Rules System

    kfreeman
    27 Jan 2015 | 6:00 am
    TRUSTe’s request for renewal as an Accountability Agent for the Asia-Pacific Economic Cooperation (APEC) Cross Border Privacy Rules (CBPR) System has been unanimously approved by the 21 APEC member Economies. Being an Accountability Agent, TRUSTe will continue to review, certify, monitor and enforce the privacy practices of participating U.S.-based companies or subsidiaries to ensure compliance … Continue reading »
  • The Upsides and Downsides of Private Messaging Apps

    kfreeman
    26 Jan 2015 | 9:00 am
    By Alexandra Ross, The Privacy Guru  Have we reached the end of the “age of oversharing”? Private messaging apps are the fastest growing category of apps, according to mobile analytics firm Flurry. Recent stats show downloads of private social messaging apps increased 200 percent in 2013 over 2012. From the basic urge to just “say … Continue reading »
 
  • add this feed to my.Alltop

    iViZ Blog

  • Checklist for Secure Code Review of an Enterprise Product

    jitendra.chauhan
    8 Jan 2015 | 3:14 am
    As part of penetration testing and secure code review engagements with product companies, we generally found that 7 to 12 year old product has code base massive in size and scale, what they call internally a “Beast”. Interestingly, we get only few weeks to tame the beast!!! In this blog post, my objective is to describe baseline threat model and checklist to evaluate security of an enterprise product. It will also describe a high-level approach that can be used in any source code / architecture review engagement. Secure Code Review Steps: Create Architecture For a large and complex…
  • SaaS-based Security Testing Provider iViZ being Acquired by Cigital

    admin
    7 Nov 2014 | 2:02 am
        Cigital to leverage iViZ products and technologies to introduce 3D Unlimited Application Security Testing. iViZ Security, an IDG Ventures funded pioneering cloud-based “Web and Mobile Application Security Testing” provider, is getting acquired by Cigital Inc, a leader in software security services and solutions. Founded in 2006 by former IITians Bikash Barai (CEO) and Nilanjan De (CTO), iViZ Security is a pioneer in taking penetration testing or ethical hacking to the cloud and launching its proprietary Software-as-a-Service Platform’. The innovative, 60-people product…
  • Shellshock Bug: A Quick Primer

    Nilanjan De
    30 Sep 2014 | 5:27 am
    What is ShellShock Bug?  Shellshock is a security vulnerability(CVE-2014-6271) in the widely used Unix Bash Shell which was discovered by Stéphane Chazelas on 12 September 2014 and disclosed on 24 September 2014. Subsequently, various researchers have discovered multiple other vulnerabilities in bash. What is the Vulnerability? The Unix Bash Shell stores exported function definitions in environment variables. When a new instance of bash is launched, it reads these specially crafted environment variables, and interprets them as function definitions. Unfortunately, due to insufficient…
  • Anatomy of Heartbleed Bug

    Nilanjan De
    30 Apr 2014 | 5:46 am
    There has been a lot of buzz about Heartbleed[1] in the news recently. In this blog post, we have tried to put together the important things that one should know about Heartbleed. What is Heartbleed? Heartbleed is the popular name given to the recently found vulnerability(CVE-2014-0160) inOpenSSL – an open-source encryption library. More specifically, this is a bug in the OpenSSL Heartbeat protocol which results in a vulnerable server to leak or bleed confidential content in its memory space (and hence the name ‘Heartbleed’).  What’s Heartbleed bug? OpenSSL is the most…
  • Penetration Testing E-commerce Applications

    jitendra.chauhan
    25 Apr 2014 | 3:46 am
    Over the past decade, E-Commerce applications have grown both in terms of numbers and complexity. Currently, E-Commerce application are going forward becoming more personalized, more mobile friendly and rich in functionality. Complicated recommendation algorithms are constantly running at the back end to make content searching as personalized as possible. Why a conventional application penetration testing is not enough for E-commerce Applications? E-Commerce applications are growing in complexity, as a result conventional application penetration is simply not enough. Conventional application…
  • add this feed to my.Alltop

    Networking

  • Get More Out Of Your Tablet, At Work Or Play

    18 Jan 2015 | 7:06 am
    Tablets are wildly popular for many reasons, but sometimes they just fall short of what we need them to do. You might find that the right accessory or two can fill that gap.
  • It's OK To Lie When It Comes To The Internet

    15 Jan 2015 | 3:16 am
    Here's a newsflash- it's OK that the whole world doesn't know your real birthday on Facebook. And when it comes to signing in to public Wi-Fi networks with a social media account, having a fake identity or two may be in your best interest.
  • You Can Say No To Being A Wi-Fi Hotspot For Your Cable Company

    12 Jan 2015 | 5:04 am
    Though I'm all for good wireless connectivity in lots of places, I'm not a fan of the cable companies ramming their public hotspot services down their customers' throats (and modems). Remember, your account is just that- yours. You have the power to say "no".
  • Is Your Home Getting More Wi-Fi Enabled Devices? Give Them A Fighting Chance!

    6 Jan 2015 | 8:44 am
    The average home is seeing a steep uptick in connected device counts, and the trend will only increase as more device types are introduced to the consumer market. A few simple steps can go a long way in helping your growing network environment to stay in top form.
  • Learning to Like Windows 8 Tablet

    23 Dec 2014 | 2:55 pm
    As a wireless network supporter, I have to be in tune with pretty much all client device types likely to hit my Wi-Fi. Some are easy to like, while others... well not so much. For me, Windows 8 in tablet form is hard to embrace- but I found a way to lessen the pain.
  • add this feed to my.Alltop

    SecurityWeek RSS Feed

  • Security Experts Unite to Rewrite Proposed Cyber Laws

    Fahmida Y. Rashid
    28 Jan 2015 | 11:28 pm
    It didn't take long for information security professionals to take to Twitter, blogs, and social media to blast the latest White House proposals for cybersecurity legislation. A small group of civic-minded professionals are calling on the industry to stop complaining and actually do something about it. read more
  • Anti-Fraud Firm InfoArmor Acquires IntelCrawler

    Mike Lennon
    28 Jan 2015 | 2:42 pm
    InfoArmor, a provider of fraud and identify theft protection services, has acquired cybercrime research firm IntelCrawler for an undisclosed sum. read more
  • ZeroAccess Botnet Restarts Click Fraud Activity

    Brian Prince
    28 Jan 2015 | 2:33 pm
    Researchers at Dell SecureWorks say the notorious ZeroAccess botnet has resurfaced and is back distributing click fraud templates to compromised computers. read more
  • Busting the Ghost Security Vulnerability Haunting Linux Systems

    Brian Prince
    28 Jan 2015 | 1:20 pm
    A bug is haunting Linux systems. The Ghost vulnerability recently revealed by researchers at Qualys has triggered comparisons to Shellshock, but some experts say that both the impact and how organizations should approach patching it is different. read more
  • FTC Urges Safeguards for 'Internet of Things'

    AFP
    28 Jan 2015 | 10:51 am
    US Watchdog Urges Safeguards for 'Internet of Things' Washington - A US government consumer watchdog agency called Tuesday for better privacy and security to be built into the myriad of connected devices, for fitness, smart homes or other uses. read more
 
  • add this feed to my.Alltop

    Free IT - Security Magazines and Downloads from alltop.tradepub.com

  • Three Important Reasons for Privileged Access Management (and One Surprising Benefit)

    28 Jan 2015 | 12:00 am
    Download the white paper: Three Important Reasons for Privileged Access Management (and One Surprising Benefit). You'll discover how a privilege access management solution can ensure:Comprehensive compliance such as the Sarbanes-Oxley Act for responsible governance.Ensure business integrity and responsible business processes.Tackle security risks, both inside and outside the organization.Realize bottom-line IT cost benefits.Request Free!
  • InfoSphere Guardium Vulnerability Assessment

    28 Jan 2015 | 12:00 am
    IBM® InfoSphere® Guardium® Vulnerability Assessment scans database infrastructures to detect vulnerabilities, and suggests remedial actions. The solution identifies exposures such as missing patches, weak passwords, unauthorized changes, misconfigured privileges and other vulnerabilities.Request Free!
  • Top 3 Reasons to Give Insiders a Unified Identity

    28 Jan 2015 | 12:00 am
    In this report, you learn the eight most significant cybersecurity threats that could impact your organization (at any time), Forbes cited internal threats as No. 3, noting that internal attacks can be “the most devastating” due to the amount of damage privileged users can inflict and the type of data they can access.Request Free!
  • Privileged User Activity Auditing: The Missing Link for Enterprise Compliance and Security

    28 Jan 2015 | 12:00 am
    This white paper covers how to solve the security, compliance, and third party access challenges organizations face when auditing and monitoring UNIX, Linux and Windows systems; and why traditional approaches like log rollup tools alone will fail to meet requirements of today's demanding IT environment.Request Free!
  • Close the Window on Three Window Server Threat Scenarios

    28 Jan 2015 | 12:00 am
    Companies and government agencies are looking for solutions to mitigate the risks these threats present. This white paper details three common Windows Server threat scenarios and explains the way that they can be neutralized. By following the guidelines in this white paper, organizations can guard against inside and outside threats, protect their Windows Server infrastructure and sensitive data, and meet relevant regulatory requirements.Centrify Server Suite provides organizations with the control they need to thwart these threats. It protects their Windows Server environments by:Granting…
  • add this feed to my.Alltop

    IT-Security

  • Learning to Share? The Potential and Problems for Protected Health Information (PHI) Within Health Information Exchanges

    Bob Chaput
    28 Jan 2015 | 10:00 am
    There is a perfect storm brewing in healthcare. Rapidly advancing technologies and evolving consumer expectations are forcing the industry to face a brave, and scary, new reality. Breakthroughs in how we stay connected, share information and engage online have created endless new possibilities for more coordinated, integrated care. Meanwhile, consumers are increasingly demanding that their encounters in healthcare keep pace with the convenience and tech enabled experiences they enjoy in other areas of their lives, e.g. retail and banking. A great example of this storm in action are Health…
  • New Whitepaper: Preventing Terminal Tampering

    Branden Williams
    28 Jan 2015 | 6:44 am
    Another Broken HDD, by mercuryvapour PCI DSS 3.0 is here, and from what I can see it appears that companies are scrambling to get the pieces in place to appease their assessors. One of those biggies is new requirement 9.9, which switches from a best practice to a requirement in the middle of this year. If you are just now starting to take a look at how this will affect your compliance programs, I’m afraid to say that you are behind. There are plenty of resources available for you to get into the technical, nitty-gritty components of this requirement. What I found was missing was a…
  • OCR Director Announces Open Season on Risk Analysis: Organizations Can Prepare, or Prepare to Pay Up

    Bob Chaput
    26 Jan 2015 | 10:00 am
    The Office for Civil Rights (OCR) has decided enough is enough. As a result, it has laid down the gauntlet. Conduct a bona fide security risk analysis, or else! Risk management must come before compliance Newly named OCR Director Jocelyn Samuels recently spelled out the agency’s stance on risk analysis at the annual HIPAA conference sponsored by OCR and the National Institute of Standards and Technology. Explaining that the agency continues to see a lack of comprehensive and enterprise wide risk analysis and risk management, Samuels was clear in saying that “enforcement is a critical…
  • Copy That? 4 Privacy and Security Tips for Handing over PHI to Patients

    Bob Chaput
    23 Jan 2015 | 10:00 am
    The one-year anniversary of the Omnibus Rule deadline is this week, yet providers are still seeking guidance on some of its harder to navigate specifications, such as how to provision an individual’s right to access his/her protected health information. Individuals have always had the right to request copies of their health records, but the Omnibus Rule expanded that right considerably. Your Requirements Under the law, covered entities must provide an individual with a copy of his/her designated record set that is maintained as electronic protected health information (ePHI) in the…
  • Business Associates: A Greater Security Threat Than Hackers

    Bob Chaput
    21 Jan 2015 | 10:00 am
    When hospital giant Community Health Systems recently experienced a data breach involving 4.5 million patient records, the Franklin, Tenn.-based company identified the culprit as a sophisticated Chinese cyber-espionage team. Yet, as of Aug. 27, 2014, only about 7 percent of healthcare data breaches reported to HHS are the work of hackers. Many of the rest are the result of simple human mistakes – not just by employees but by an organization’s many business associates, according to data reported to HHS’ Office for Civil Rights. These violations include losing laptops containing…
  • add this feed to my.Alltop

    Infosec Communicator »

  • What’s in a Name (and a Price)

    Ben
    8 Jan 2015 | 1:02 pm
    I’ve changed the subtitle of my Kindle eBook on using social media safely to better communicate the subject matter. I’ve also lowered the price point to $0.99. The book sold reasonably well during the week-long reduce price promotion as a Kindle … Continue reading →
  • Shockproofing Your Use of Social Media eBook available!

    Ben
    17 Oct 2014 | 8:25 am
    My Shockproofing Your Use of Social Media: 10 Things You Should Know eBook is now available on Kindle! For those of you who have attended one of my Lightning Talks about Internet Safety, this book fleshes out my recommendations for … Continue reading →
  • The Secure Communicator

    Ben
    17 Aug 2014 | 1:39 pm
    I had the pleasure of discussing information security best practices for technical communicators through an STC webinar. Here’s the presentation: … Continue reading →
  • Updated Shock-proofing your Use of Social Media Presentation

    Ben
    15 Aug 2014 | 11:08 am
    I’ve updated my Shock-proofing your Use of Social Media presentation for the Fall 2014 New Student Orientation program at the Rochester Institute of Technology. I’ve changed the passphrase example, added a new cartoon, and generally worked to make the presentation … Continue reading →
  • A Techcomm Bestiary, Summit14 edition

    Ben
    7 May 2014 | 12:23 pm
    I’ve changed out one slide from the Spectrum14 presentation. Looking forward to presenting this to a crowd at the STC Summit in Phoenix. … Continue reading →
 
  • add this feed to my.Alltop

    Infosec Communicator »

  • What’s in a Name (and a Price)

    Ben
    8 Jan 2015 | 1:02 pm
    I’ve changed the subtitle of my Kindle eBook on using social media safely to better communicate the subject matter. I’ve also lowered the price point to $0.99. The book sold reasonably well during the week-long reduce price promotion as a Kindle … Continue reading →
  • Shockproofing Your Use of Social Media eBook available!

    Ben
    17 Oct 2014 | 8:25 am
    My Shockproofing Your Use of Social Media: 10 Things You Should Know eBook is now available on Kindle! For those of you who have attended one of my Lightning Talks about Internet Safety, this book fleshes out my recommendations for … Continue reading →
  • The Secure Communicator

    Ben
    17 Aug 2014 | 1:39 pm
    I had the pleasure of discussing information security best practices for technical communicators through an STC webinar. Here’s the presentation: … Continue reading →
  • Updated Shock-proofing your Use of Social Media Presentation

    Ben
    15 Aug 2014 | 11:08 am
    I’ve updated my Shock-proofing your Use of Social Media presentation for the Fall 2014 New Student Orientation program at the Rochester Institute of Technology. I’ve changed the passphrase example, added a new cartoon, and generally worked to make the presentation … Continue reading →
  • A Techcomm Bestiary, Summit14 edition

    Ben
    7 May 2014 | 12:23 pm
    I’ve changed out one slide from the Spectrum14 presentation. Looking forward to presenting this to a crowd at the STC Summit in Phoenix. … Continue reading →
  • add this feed to my.Alltop

    Praetorian Prefect

  • Jimmy Kimmel Gets your Password

    Prefect
    17 Jan 2015 | 6:46 pm
    It didn’t take a whole lot of social engineering for people to give up their passwords: ask them what the password consists of (like it’s my cat’s name and birthday), ask the cat’s name, ask a deflecting question, then ask for the birthday.
  • A Superbowl Wifi Problem

    Prefect
    1 Feb 2014 | 9:21 pm
    It’s an annual puff piece, whoever is in charge of security at the Super Bowl appears on the news in front of some barrier or computer screen, talking about the number of security guards, guard dogs, or whatever else passes as some grand measure of the ‘amount’ of security being applied. And as with Super Bowl XLVII when two students just walked right in to the game simply by acting like they belonged, a news feature on Super Bowl XLVIII shows why bragging about your security can backfire: Yup, that’s Marko’s wifi (wireless network) password in the corner of the screen on the…
  • Two Jokers Social Engineer their way into the Superbowl

    Prefect
    9 Feb 2013 | 9:29 pm
    Sneaking in near press/employee access points without going thru them, zigzagging through corridors, and once carrying a box so someone opens a door for them, two jokers from Savannah State University social engineer their way into Super Bowl XLVII for the most part simply by looking like they belong.
  • Anonymous Releases Very Unanonymous Press Release

    Prefect
    9 Dec 2010 | 10:04 pm
    Today, December 10th, Anonymous, an Internet gathering, released a press release which you can read below. In it, a description is provided of what Anonymous is about, what Operation Payback is, and where the media is getting it wrong. Also in it, its author forgot to remove his name in the pdf’s Meta information. Document Properties Um, Alex Tapanaris…? Full Press Release Text ANON OPS: A Press Release December 10, 2010 Who is Anonymous In their most recent public statement, WikiLeaks is the only group of people to identify Anonymous correctly. Anonymous is not a group, but rather an…
  • Paypal Sender Country XSS

    Prefect
    5 Oct 2010 | 11:18 pm
    A new XSS vulnerability was identified on Paypal.com earlier today, found by d3v1l and disclosed on both Security-Shell and XSSed. The problem is with the parameter sender_country in a transaction called nvpsm. NVP is Paypal’s API for Merchants to use when interacting with the Paypal web site, it stands for Name-Value Pair. SM is short for ‘send money’. A problem such as this can be used to capture a user’s session (essentially log in as that user) and perform privileged actions (money transfers) as that user, as well as send a user a valid Paypal URL but then redirect them to a…
  • add this feed to my.Alltop

    F-Secure Antivirus Research Weblog

  • Low Hanging Fruit: Flash Player

    27 Jan 2015 | 7:21 am
    Flash Player version 16.0.0.296 is now available.In Windows, you can check what version you have installed via Flash's Control Panel applet.According to Adobe Security Bulletin APSA15-01, users who have enabled auto-update will have received the update starting on January 24th. Manual downloaders needed to wait a couple of days.We're not exactly sure why manual downloads were delayed, but whatever the reason, auto-updates are recommended.And not only that, but more. At this point, we recommend enabling "click-to-play" options. Here's an example from Firefox with the "Ask to Activate"…
  • Mysterious Turla Linux Backdoor Also For Solaris?

    27 Jan 2015 | 7:21 am
    There have been numerous reports about the mysterious Linux backdoor connected to Turla, an APT family. The malware has some pretty interesting features, the most interesting being its ability to sniff the network interface. More specifically, it can configure its C&C address from the network traffic. This allows the backdoor to sit silently in the network and activate with a specially crafted packet sent by the attackers.When activated, the backdoor tries to connect to specified C&C. The C&C server can then instruct the backdoor with typical RAT features such as downloading,…
  • USA's Double Standard: Don't Hack Like the USA

    27 Jan 2015 | 7:21 am
    Here's a list of companies allegedly hacked by the United States of America:  •  RealTek  •  JMicron  •  C-MediaAnd why did the United States hack three Taiwanese technology companies?To steal digital certificates in order to sign drivers used by Stuxnet and Duqu.…Here's a company allegedly hacked by North Korea:  •  Sony PicturesNow where do you suppose the DRPK got the crazy idea it was okay to hack companies and to steal data from?—————From DER SPIEGEL:…
  • OphionLocker: Joining in the Ransomware Race

    27 Jan 2015 | 7:21 am
    Last August, we wrote about a series of ransomware that included SynoLocker and CryptoWall. In our Cryptowall post, we briefly mentioned the more advanced family of ransomware, CTB-Locker, which uses elliptic curve cryptography for file encryption and Tor for communication with the command & control server.This week, another ransomware emerged using the same cryptography for encryption. It was first spotted by Trojan7Malware from a malvertising campaign that used RIG exploit kit. They dubbed the malware as OphionLocker.Upon infection, this malware uses a Tor2web URL for giving…
  • Security and Military Experts Fall For "Open" Wi-Fi

    27 Jan 2015 | 7:21 am
    Seems like just about everybody will use "open" Wi-Fi — even Swedish security experts.#FacepalmA case of do as I say, not as I do?From Ars Technica: Activist pulls off clever Wi-Fi honeypot to protest surveillance stateA link to our own Wi-Fi experiment report can be found here. On 15/01/15 At 02:31 PM
 
  • add this feed to my.Alltop

    Pcthreat.com

  • Shoppi

    28 Jan 2015 | 8:30 pm
    Shoppi is an advertisement-supported program that should not be installed on your Chrome, Firefox, and Internet Explorer browsers. If you have downloaded the program, it is most likely that other apps have...
  • PC Optimizer Pro

    28 Jan 2015 | 8:30 pm
    Despite the best efforts of the online security industry to secure the exact opposite, many of its consumers continue to fall into the trap set by malicious rogue security tools like PC Optimizer Pro. This...
  • Qone8.com

    28 Jan 2015 | 8:30 pm
    Qone8.com is a search engine which returns search results from Google Search. The search engine is owned by Taiwan Shui Mu Chih Ching Technology Limited, and it very similar to such browser hijackers as...
  • Ads By Medpvid

    28 Jan 2015 | 8:30 pm
    You will definitely see Ads By Medpvid on your screen every day, if you install any version of Medpvid adware on your computer. Ads generated by this program are very intrusive and they might not even allow...
  • V9 Redirect Virus

    28 Jan 2015 | 8:30 pm
    V9 Redirect Virus is a malicious browser hijacker which infects the system while you are browsing insecure websites or when you download spam email attachments. Once the infection gets in the system, the...
  • add this feed to my.Alltop

    Praetorian Prefect

  • Jimmy Kimmel Gets your Password

    Prefect
    17 Jan 2015 | 6:46 pm
    It didn’t take a whole lot of social engineering for people to give up their passwords: ask them what the password consists of (like it’s my cat’s name and birthday), ask the cat’s name, ask a deflecting question, then ask for the birthday.
  • A Superbowl Wifi Problem

    Prefect
    1 Feb 2014 | 9:21 pm
    It’s an annual puff piece, whoever is in charge of security at the Super Bowl appears on the news in front of some barrier or computer screen, talking about the number of security guards, guard dogs, or whatever else passes as some grand measure of the ‘amount’ of security being applied. And as with Super Bowl XLVII when two students just walked right in to the game simply by acting like they belonged, a news feature on Super Bowl XLVIII shows why bragging about your security can backfire: Yup, that’s Marko’s wifi (wireless network) password in the corner of the screen on the…
  • Two Jokers Social Engineer their way into the Superbowl

    Prefect
    9 Feb 2013 | 9:29 pm
    Sneaking in near press/employee access points without going thru them, zigzagging through corridors, and once carrying a box so someone opens a door for them, two jokers from Savannah State University social engineer their way into Super Bowl XLVII for the most part simply by looking like they belong.
  • Anonymous Releases Very Unanonymous Press Release

    Prefect
    9 Dec 2010 | 10:04 pm
    Today, December 10th, Anonymous, an Internet gathering, released a press release which you can read below. In it, a description is provided of what Anonymous is about, what Operation Payback is, and where the media is getting it wrong. Also in it, its author forgot to remove his name in the pdf’s Meta information. Document Properties Um, Alex Tapanaris…? Full Press Release Text ANON OPS: A Press Release December 10, 2010 Who is Anonymous In their most recent public statement, WikiLeaks is the only group of people to identify Anonymous correctly. Anonymous is not a group, but rather an…
  • Paypal Sender Country XSS

    Prefect
    5 Oct 2010 | 11:18 pm
    A new XSS vulnerability was identified on Paypal.com earlier today, found by d3v1l and disclosed on both Security-Shell and XSSed. The problem is with the parameter sender_country in a transaction called nvpsm. NVP is Paypal’s API for Merchants to use when interacting with the Paypal web site, it stands for Name-Value Pair. SM is short for ‘send money’. A problem such as this can be used to capture a user’s session (essentially log in as that user) and perform privileged actions (money transfers) as that user, as well as send a user a valid Paypal URL but then redirect them to a…
 
  • add this feed to my.Alltop

    PC1News.com

  • Websearch.ezsearches.info Removal Guide

    admin
    29 Jan 2015 | 1:11 am
    Websearch.ezsearches.info belongs to the Websearch family. All programs created by this developer function in the same manner and can be identified by the “Websearch” name which they share. The Websearch.ezsearches.info hijacker will trick you into giving your permission for its installation and will then start modifying your browser's settings. The program changes your default search engine and homepage and disturbs you with constant ads every time you use your browser. These advertisements do not belong to the extension itself, but are just distributed by it. For this reason, there is…
  • TheaterMax Removal Guide

    admin
    29 Jan 2015 | 1:06 am
    TheaterMax is one of the many applications developed by the Crossrider framework. TheaterMax functions similarly to other adware of this family, such as PlusTotal and BrowserAppsPlus. The objective of these programs is to display pop-ups and advertisements provided by third parties. The ads you will see are not selected by TheaterMax and their security is not guaranteed by the application. There is a risk that these links are corrupted and can let malware into your system. Our advise is never to follow any of them and delete TheaterMax to keep your system secure. How did TheaterMax get…
  • OptCon Removal Guide

    admin
    29 Jan 2015 | 1:01 am
    OptCon can be categorized as an adware application. It is a program which poses as a reliable tool that can help you find products at low prices and make your online shopping easier. The truth about the ads OptCon displays is that they come from a variety of sources which have not gone through a security check. Some ads may seem genuine, but any of them can be a potential threat. Following them can get your computer infected with malware. We advise you to get rid of any content provided by OptCon to keep your PC's security intact. To prevent the negative effect from having the program running…
  • Dnsbasic.com Removal Guide

    admin
    29 Jan 2015 | 12:56 am
    Dnsbasic.com is a browser hijacker which causes all kinds of chaos upon entering your system. The program is developed to make changes to your internet preferences upon installation and start bombarding you with pop-ups and advertisements. Using your browser becomes not only inconvenient, but also dangerous, as the ads displayed can be hazardous. They derive from various unconfirmed sources and can help spread malware. None of the functions Dnsbasic.com performs are useful for your PC. The tasks are harmful and the program has to be uninstalled to cease any activity. How does Dnsbasic.com…
  • Threatshelpline.com Ads Removal Guide

    admin
    28 Jan 2015 | 7:16 am
    Threatshelpline.com is an adware application which you can easily detect on your PC. Once it penetrates into your system, it starts displaying pop-ups on your screen each time you attempt to use your browser. All the adds are flagged as “Brought to you by Threatshelpline.com”, which makes identifying their source easy. This will help you find out that Threatshelpline.com ads are the cause for the incessant windows appearing. You should by no means pay attention to them or trust their content, as there is no real help the program can provide you with. There are many risks, however, and the…
  • add this feed to my.Alltop

    NSS Labs

  • NSS Research Reveals NGFW has Strengthening Role in Enterprise

    20 Jan 2015 | 12:00 am
    Next generation firewalls (NGFWs) have become perimeter security “table stakes” for enterprise security. Potentially the most important network security investment an enterprise can make, NGFW technology is in high demand. There is considerable differentiation within the market, in spite of the fact that it has yet to reach maturity, and new features such as integrated threat intelligence feeds, cloud forensics, automated black-list population, and sandboxing have made purchasing decisions more complex.
  • 2015: Rethinking Defense Starts With Better Information

    5 Jan 2015 | 12:00 am
    The past year has been rife with an alarming increase in grievous information security incidents. Breaches, widely distributed software critical vulnerabilities, and increasingly sophisticated attacks all appeared with frightening regularity. Everyone who works in information security knows it’s a tough role. Much like public utilities, no one is grateful or concerned until it doesn’t work or isn’t there. Once you have been breached, the resolution will take considerably more time and investment than implementing simple preventative investments in the first place.
  • Unicorn Just Got Real: Malware Analysis

    20 Nov 2014 | 12:00 am
    Analysis of the Dropped Malware Name: v3k.exe MD5: 74CE6CB9F8B983297F936936BCABC698 SHA1: B76B514707CD560F973DD66124D2C1101D75078A SHA-2/256: 11F5F243E07BFD173F8EEC248ADF457540926CD7E0725381DA04C46E8C39A15B The malware is a little different to that which is typically dropped from regular exploit kits and malware campaigns. The difference lies in the way in which this malware is packaged, and in its method of operation.
  • Having Your Virtual Cake and Eating It Too

    18 Nov 2014 | 12:00 am
    Today’s continuously evolving threat landscape and the need for business continuity mandate the need to rethink security workflows. Robust virtual data centers and considerable computing power are the ingredients for a new approach to securing critical data. With an adaptive approach, mission and business functions can continue at the same time that malware is encapsulated and monitored.
  • Unicorn Just Got Real

    18 Nov 2014 | 12:00 am
    Through the Cyber Advanced Warning System, NSS Labs is already observing reliable exploits for CVE-2014-6332 in the wild. Microsoft released security updates on November 11, 2014 to patch this vulnerability.
  • add this feed to my.Alltop

    Private WiFi

  • Managing BYOD Security Threats: VPNs Mitigate The Risks

    Kent Lawson
    28 Jan 2015 | 7:35 am
    Small- and medium-sized businesses are facing the struggles of a  constantly changing technical landscape: they must provide the latest and greatest devices to their employees in order to stay competitive, and at the same time figure out how to do this with smaller budgets. One solution to this dilemma has been for companies to establish a BYOD (bring your own device) policy that allows employees to use their own mobile phones and tablets while doing work remotely. But while BYOD has allowed more employee freedom in terms of how and where they get work done, it’s also created huge security…
  • Identity Protection: 5 Tips to Stay Mobile Secure in 2015

    Eva Velasquez
    8 Jan 2015 | 9:10 am
    We do love our mobile devices, don’t we? We love them so much, in fact, that last year some industry estimates predicted there would be more smartphones than humans on the planet. At just over 7.3 billion anticipated devices, that’s a lot of connectivity happening. Living a mobile lifestyle does not come without risk, especially where our identities are concerned. But staying mobile secure doesn’t have to be complicated. Consider this: 94.2% of identity victims say they are still highly engaged online and via their mobile devices despite having had their personally identifiable…
  • Don’t Get Hacked At CES

    Jan Legnitto
    2 Jan 2015 | 2:58 am
    It’s that time of year again – when more than 150,000 gadget geeks, techies, businesses and journalists from around the world descend on Las Vegas for the mother of all trade shows – the International Consumer Electronics Show. With over 3,200 exhibitors previewing and showcasing their high tech products, CES is the perfect place for tech enthusiasts to network. So you’d think it would be safe for attendees to connect their laptops and mobile devices to the event’s public WiFi hotspot. But you would be wrong. Do You Know What You’re Connecting To At CES? The fact is, events like…
  • Don’t Give Your Data Away: Blur Your Passwords, Payments, and Privacy

    Olivia Campbell
    25 Nov 2014 | 1:00 am
    Now is the time to make your online activity a blur. Why? Well here are some startling reasons: In the last 18 month, over 157 million US credit card holders have been notified of a breach. Furthermore, the typical web surfer is tracked by 11 companies at each site they visit - resulting in over 2,500 unique tracking and data collection attempts weekly. This is the new reality of the Internet in 2014 – and as 2015 approaches, the treat level will only increase. This trend, coupled with the shift to more consumers using online and mobile shopping during the upcoming holiday shopping season…
  • Holiday Shopping Goes Mobile: Be Cyber Secure [INFOGRAPHIC]

    Jillian Ryan
    20 Nov 2014 | 7:32 am
    As the holiday shopping bustle approaches, don't just think about buying the perfect gift and getting a great deal. For a happy and healthy season, remember that being cyber secure when you make your holiday purchases online is just as important! This year PRIVATE WiFi has teamed up with the National Cyber Security Alliance to help consumers be safe online when using their mobile devices as they shop. Check out our infographic below to learn more about the threats of holiday shopping and why the proliferation of mobile shopping is good for online commerce but potentially risky for consumers…
 
  • add this feed to my.Alltop

    Pivot Point Security

  • How to Store Usernames and Passwords for Web Applications

    Bhaumik Shah
    6 Jan 2015 | 4:00 am
    A few days ago I tried to login to a website that I hadn’t visited for quite some time. I didn’t recall the password I’d originally created, and none of the guesses I tried worked. So I clicked the “Forgot your password?” link and quickly received a reply to the email address I’d registered earlier. In the reply email, my original password was included in cleartext. This almost certainly means that the application owner is storing all the passwords associated with that application in a database in cleartext—not even encrypted. Never mind what an embarrassment this is for the web…
  • Physical Penetration Testing in a Retail Environment

    John
    30 Dec 2014 | 4:00 am
    It’s interesting to me that we can start to pick up shifts in our industry through the “Contact Us” form on our website. One unexpected (and at this point still unexplained) recent trend is an emphasis on physical penetration testing. Part of why it’s unexplained is that it has been “hot” across diverse verticals including retail, manufacturing, banking, healthcare and critical infrastructure. The surge in retail makes a lot of sense to me, however. The evolution from standalone cash registers to increasingly connected and sophisticated point-of-sale (POS) systems has increased…
  • Physical Penetration Testing as Security Concerns are on the Rise

    David Newman
    23 Dec 2014 | 4:00 am
    In our practice at Pivot Point Security we’re seeing a distinct increase in the demand for physical penetration testing and a heightened interest in physical security controls. I asked a former coworker about this, and he said his firm is experiencing the same thing. The only explanation we could come up with was that there has been an increase in attention in the news about physical security. The recent “fence jumper” physical security breach at the White House is a well-publicized case in point. The fact that even one of the world’s most highly secured and guarded buildings can be…
  • Google + Dropbox = Simply Secure (We Hope)

    David Newman
    18 Dec 2014 | 4:00 am
    Google and Dropbox, with help from the Open Technology Fund, just announced the creation of Simply Secure, an organization/project focused on making everyday security technology easier to use. According to Simply Secure’s website: “We’re here to help craft usably secure technologies, and make them available to everyone.” The press release accompanying the announcement points out that the biggest problem with today’s security tools is not that they’re ineffective, but that adoption rates are low because the tools are inconvenient and/or confusing. “Security’s got to be easy and…
  • Critical Microsoft Vulnerability in Schannel Impacts Point of Sale Systems

    Chris Berberich
    16 Dec 2014 | 4:00 am
    On November 11, 2014 Microsoft released a critical security update (MS14-066) to patch a “privately reported” vulnerability in the Microsoft Secure Channel (Schannel) security package in Windows. This vulnerability has a significant potential impact on Point of Sale (POS) devices, clients and servers. Any company using a vulnerable POS device, client or server is in danger of falling victim to this exploit. Any system or device that uses Transport Layer Security (TLS) could be compromised. Schannel provides an authentication service that helps enable secure communications between client…
  • add this feed to my.Alltop

    HOTforSecurity

  • Is Data Privacy Vanishing? Not if YOU do something about it

    Alexandra Gheorghe
    28 Jan 2015 | 6:30 am
    We all speak in favor of data protection, but what about our actions? Internet users claim to care about their privacy and financial data but, in reality, an alarming number of them fail to take basic measures to secure their bank accounts or digital identity. Despite fears of being hacked, 30% of Americans reuse their passwords for all their online accounts, as discovered in a recent study  by Bitdefender, a pioneer in data privacy. Almost 30 percent of the interviewees use the same password, on only slightly alter it, for all their accounts. To make matters worse, only 7.2 percent of…
  • Psssh. Taylor Swift Gets New Passwords and Lizard Squad Gets … “NOTHING”

    Alexandra Gheorghe
    28 Jan 2015 | 4:25 am
    The Twitter and Instagram accounts of pop singer Taylor Swift fell victim to a hack that, while lasting only 15 minutes, invited her 51 million fans to follow hackers’ accounts, according to The Guardian. Photo credits: The Guardian The two Twitter handles, @lizzard and @veriuser, allegedly belong to the leader of the Lizard Squad. Both Twitter accounts were briefly suspended. Taylor confirmed the hack on her Tumblr page. My twitter got hacked but don’t worry. Twitter is deleting the hacker tweets and locking my account until they can figure out how this happened and get me new passwords.
  • 404 Plane Not Found – Hackers Claiming to Represent ISIS Hit Malaysian Airlines

    Alexandra Gheorghe
    27 Jan 2015 | 7:24 am
    ISIS, known for gruesome videos of beheading innocent captives, has either developed a sense of humor, albeit a distasteful one, or has attracted a delinquent fan-boy following. Attackers claiming to represent ISIS carried out a denial-of-service attack on the website of national carrier Malaysia Airlines (MAS), compromising its domain name system, according to news reports. The message “404-Plane Not Found” greeted site visitors for a few hours, recalling the the mysterious disappearance of Flight MH370 last year, along with “ISIS WILL PREVAIL” at the top of their browser’s window…
  • Lizard Squad blamed for Facebook downtime. Facebook says “Err.. no”

    Graham Cluley
    27 Jan 2015 | 5:02 am
    Hacking gang jokers Lizard Squad appeared to be taking credit for Facebook and Instagram falling off the web earlier today, but you – and the media – shouldn’t be too quick to believe them. In a tweet the notorious hacking crew, who previously attacked XBox Live and PlayStation Network gaming services over Christmas, referenced the the problems being experienced by various social networks earlier today. And it’s true that for 40 minutes or so several social networking sites were knocked offline, and leaving millions of Facebook addicts without their daily diet of…
  • Empty MS Office Documents Spark Suspicions, Bitdefender Says

    Alexandra Gheorghe
    26 Jan 2015 | 8:13 am
    Bitdefender, the innovative antivirus software provider, is warning MS Office users against a spam campaign that tricks antispam filters to allow spam freely into mailboxes. A clean Microsoft Office file is attached to these e-mails. Or so it seems! If you recently received an odd tax return or a remittance from a bank, you might not want to open the file. For a few days, cybercriminals have sent targeted e-mails to management departments – other departments may receive it too. The e-mails look like a tax return, a remittance or some kind of bill from a bank, and carry a Microsoft Word…
 
  • add this feed to my.Alltop

    Data In Motion

  • How to Make a Business Case for Secure EFSS

    Tom Scearce
    20 Jan 2015 | 7:00 am
    Share and Enjoy Share on Facebook Retweet this Submit this to Stumble this Reddit this When properly implemented and managed, secure enterprise file sync-and-share (EFSS) applications can improve project management and empower your workforce. Unfortunately, making the business case for secure EFSS isn’t always easy – especially when users and management aren’t aware of the risks existing applications pose. Don’t get discouraged, though! The arguments in favor of change are strong. If you’re pushing your organization to eliminate public cloud use from the workplace, the following…
  • 3 Ways to Crank More Value Out of Existing IT Infrastructure

    Tom Scearce
    9 Dec 2014 | 9:16 am
    Share and Enjoy Share on Facebook Retweet this Submit this to Stumble this Reddit this From an IT manager’s perspective, there’s only one thing better than investments in valuable new infrastructure: getting more value from the IT assets you already have. Unfortunately, finding ways to harness that value isn’t always obvious. If you’re like most organizations we work with, you’re probably not sure how much of your utilized server capacity consists of files nobody needs or uses. What’s more, you may not be aware of how available server space can be utilized to increase security and…
  • Micro Focus International Completes Merger with the Attachmate Group

    Bret Fitzgerald
    20 Nov 2014 | 12:15 am
    Share and Enjoy Share on Facebook Retweet this Submit this to Stumble this Reddit this NEWBURY, UK – 20 November, 2014 – Micro Focus International (LON: MCRO) today announced the completion of its merger with the Attachmate Group under the terms of the definitive agreement disclosed on 15 September, 2014. Micro Focus International is a global leader in infrastructure software that understands the technology needs and challenges of the world’s most demanding businesses. The enlarged company has significantly increased scale, with combined revenues of $1.4B, more than 4,500 employees,…
  • Avoid These Unexpected Compliance Challenges

    Tom Scearce
    23 Sep 2014 | 7:00 am
    Share and Enjoy Share on Facebook Retweet this Submit this to Stumble this Reddit this  For a variety of industries, data security must meet rigorous compliance standards. Regulations vary, but one truism among all regulated industries is that confidential business data should reside on secure servers that unauthorized parties can’t touch. But even organizations striving to stay compliant are tempted by file sharing applications hosted in the public cloud. With low costs and intuitive interfaces, these applications make a great first impression on users. However, using these applications…
  • The Attachmate Group announces intention to merge with Micro Focus

    Bret Fitzgerald
    14 Sep 2014 | 11:34 pm
    Share and Enjoy Share on Facebook Retweet this Submit this to Stumble this Reddit this The Attachmate Group a privately-held software holding company owned by an investment group led by Francisco Partners, Golden Gate Capital, Elliott Management and Thoma Bravo, today announced that it has entered into a definitive agreement to merge with Micro Focus. The transaction is expected to close on November 3, 2014. It is subject to customary closing conditions, including Micro Focus shareholder approvals and regulatory approvals under the Hart-Scott-Rodino Act. The Attachmate Group and Micro Focus…
  • add this feed to my.Alltop

    Video Surveillance

  • See Our Article in Ag Innovator Magazine!

    20 Jan 2015 | 8:24 am
    We're at it once again, offering security advice to a wide array of industry professionals like those within the agriculture market and farm equipment segment. VideoSurveillance.com is excited to announce that we recently had an article published in the Winter 2015 issue of Ag Innovator magazine. Our article, focused on warehouse security, provides clear-cut examples of what preemptive measures managers can take to fight off theft and prevent inefficient business practices. We've provided a snapshot of the article below, courtesy of Farm Equipment Manufacturers Association. For a free,…
  • Protect Your Manufacturing Plants with HD Surveillance

    13 Jan 2015 | 4:04 pm
    Surveillance systems are often used to deter theft and vandalism, but your system can do so much more when it comes to protecting manufacturing plants. If safety is a top concern because of the materials or machines used in your facility, surveillance systems allow you to monitor workers to ensure everyone follows the safety protocols. If a workplace accident does happen, video footage can help identify what went wrong, why, and how to prevent it in the future. Surveillance video monitoring is also useful for improving workplace efficiency. By reviewing recorded videos you may see potential…
  • Read Our Latest Case Study Working With Portland Roasting Coffee

    12 Jan 2015 | 11:29 am
    VideoSurveillance.com is honored to have partnered with some of the most reputable companies out there. In our latest case study, read how our project consultants designed a powerful IP video surveillance solution for Portland Roasting Coffee, a widely known purveyor of gourmet coffee in the Pacific Northwest. Portland Roasting formerly had a CCTV security camera system installed in its manufacturing facility before approaching our team. Knowing it was time to upgrade, Portland Roasting put its full faith in us to implement a HD IP surveillance system for better coverage and video detail. You…
  • Get Your System Up and Going with System Integration

    5 Jan 2015 | 2:01 pm
    Will your new video surveillance system include complicated or large-scale components? If you need help configuring or installing the system, our System Integration Services can help. System integration services from VideoSurveillance.com include configuring your NVR, video management software, and IP cameras to work together and with other security systems you may have. While most of the integration and configuration steps can be done our lab prior to shipping, or remotely once installed at your site, local integration partners are available as needed if you experience problems. In addition,…
  • Receive a Free Site Security Audit Now

    2 Jan 2015 | 10:37 am
    Our seasoned team of IP video specialists are available to provide a comprehensive security evaluation of your facility or surveillance project at no charge simply by calling or emailing us now. When you get in touch with us, we will take a close look at the layout and scope of your project to determine your most vulnerable areas and optimal locations for camera placement. Our site security audits are not limited to small or large enterprises - we work with facilities, buildings, and land lots of all sizes. Be sure to take advantage of this complimentary service now. Our security audits…
  • add this feed to my.Alltop

    Infosec Communicator »

  • What’s in a Name (and a Price)

    Ben
    8 Jan 2015 | 1:02 pm
    I’ve changed the subtitle of my Kindle eBook on using social media safely to better communicate the subject matter. I’ve also lowered the price point to $0.99. The book sold reasonably well during the week-long reduce price promotion as a Kindle … Continue reading →
  • Shockproofing Your Use of Social Media eBook available!

    Ben
    17 Oct 2014 | 8:25 am
    My Shockproofing Your Use of Social Media: 10 Things You Should Know eBook is now available on Kindle! For those of you who have attended one of my Lightning Talks about Internet Safety, this book fleshes out my recommendations for … Continue reading →
  • The Secure Communicator

    Ben
    17 Aug 2014 | 1:39 pm
    I had the pleasure of discussing information security best practices for technical communicators through an STC webinar. Here’s the presentation: … Continue reading →
  • Updated Shock-proofing your Use of Social Media Presentation

    Ben
    15 Aug 2014 | 11:08 am
    I’ve updated my Shock-proofing your Use of Social Media presentation for the Fall 2014 New Student Orientation program at the Rochester Institute of Technology. I’ve changed the passphrase example, added a new cartoon, and generally worked to make the presentation … Continue reading →
  • A Techcomm Bestiary, Summit14 edition

    Ben
    7 May 2014 | 12:23 pm
    I’ve changed out one slide from the Spectrum14 presentation. Looking forward to presenting this to a crowd at the STC Summit in Phoenix. … Continue reading →
 
  • add this feed to my.Alltop

    Seculert Blog on Breach Detection

  • Big Data: Analytics not Synonymous with Answers

    Liora R. Herman
    28 Jan 2015 | 4:39 am
    A recent TechCrunch.com article contributed by Neill Occhiogrosso, a partner at Costanoa Venture Capital, is highlighting a key point that organizations racing to get a step ahead of bad actors must heed if they don’t want to put their assets, customers, and reputations at risk: in the world of Big Data, analytics are not synonymous […] The post Big Data: Analytics not Synonymous with Answers appeared first on Seculert Blog on Breach Detection. [[Read more...]]
  • 90% of IT Professionals Worried about a Data Breach

    Liora R. Herman
    26 Jan 2015 | 1:29 am
    A new EiQ Networks survey asked IT professionals to list their biggest cybersecurity challenges for the year ahead — and not surprisingly, suffering a data breach is the #1 worry for 90% of them. However, what may come as a surprise – an alarming one for board members, and an inspiring one for bad actors […] The post 90% of IT Professionals Worried about a Data Breach appeared first on Seculert Blog on Breach Detection. [[Read more...]]
  • Data Breach at Staples Lasted 6 Months

    Liora R. Herman
    20 Jan 2015 | 8:16 am
    In a previous blog post, we cited a Krebs on Security report that pointed to a possible data breach at Staples, which at the time the company referred to as “a potential issue.” Fast forward a bit, and while it’s frankly not surprising that a statement posted by Staples on its website is now confirming […] The post Data Breach at Staples Lasted 6 Months appeared first on Seculert Blog on Breach Detection. [[Read more...]]
  • New Incident Details [Product Update]

    Liora R. Herman
    19 Jan 2015 | 8:26 am
    At Seculert, we believe knowledge is power. That’s why we have updated the Incident Details report to include relevant information from the log source. One of the new fields you can find is the action taken by your web proxy. Your on-premise security device will have marked each communication as either “Blocked” or “Allowed.” In […] The post New Incident Details [Product Update] appeared first on Seculert Blog on Breach Detection. [[Read more...]]
  • Seculert’s Research Lab: A Look Back at 2014

    Liora R. Herman
    30 Dec 2014 | 1:10 am
    2014 was another jam-packed year for Seculert’s Research Lab. Our team of security experts and malware researchers worked extremely hard to keep our customers safe, and the general security community informed of our research and findings. Below, we’re pleased to highlight some of the major discoveries made by Seculert’s Research Lab in 2014: PoS Malware […] The post Seculert’s Research Lab: A Look Back at 2014 appeared first on Seculert Blog on Breach Detection. [[Read more...]]
  • add this feed to my.Alltop

    Managed File Transfer and Network Solutions

  • Setting Up A Trading Partner For Automated FTP

    John Carl Villanueva
    27 Jan 2015 | 5:21 am
    Overview As explained in the first section of the article  Preparing Trading Partner Servers For SFTP Automation, the process of establishing an automated file transfer can be greatly simplified by employing what is known as a trading partner. In this post, we'll teach you how to set up a trading partner designed for automated FTP transmissions. What you'll be able construct by the end of this tutorial can then be used for a variety of automated FTP-based transactions. 
  • JSCAPE MFT Gateway 3.2 Released

    Van Glass
    22 Jan 2015 | 11:52 am
    JSCAPE is pleased to announce the release of JSCAPE MFT Gateway 3.2.  This release is a minor version update and includes the following features:
  • How To Send Large Files Through Email - Part 4

    John Carl Villanueva
    21 Jan 2015 | 11:34 pm
    Overview We're now in the last leg of our 4-part series on how to send large files through email. We wrap up this series by showing you how to configure your MFT server so that users can send large files via email without having to install an Outlook plugin (see Part 3), let alone use MS Outlook at all. Instead, your users will be able to login to your server through their favorite Web browser and email large files from there.
  • How To Send Large Files Through Email - Part 3

    John Carl Villanueva
    19 Jan 2015 | 11:58 pm
    Overview Welcome to Part 3 of our tutorial on sending large files through email. Last time, we walked you through the steps of setting up the ad hoc file transfer service on JSCAPE MFT Server. Today, we'll move on to the client side and show you how to set up the ad hoc file transfer plugin for MS Outlook. With this plugin, your users will be able to conduct large files transfers within the familair interface of Outlook.
  • How To Send Large Files Through Email - Part 2

    John Carl Villanueva
    17 Jan 2015 | 11:38 pm
    Overview We now proceed with Part 2 of our tutorial on sending large files by email. In Part 1, we introduced you to a secure, reliable, and efficient method of sending big files through trusty old email. We called that method ad hoc file transfer. Today, we start getting technical as we show you how to set up the ad hoc file transfer service on your JSCAPE MFT Server. This won't take long, so just sit back, scroll down, and discover the handful of settings that will free your users from the file size limitations of email.
  • add this feed to my.Alltop

    Radware Blog

  • From Point Solutions to Application Centric Services: Cisco ACI and Radware

    Ron Meyran
    28 Jan 2015 | 7:17 am
    For decades IT managers have been deploying application delivery (Layers 4 – 7) and security services as point solutions.  The network provided the basic connectivity and each L4-7 had to be configured manually per each application.  Virtualizing the compute fabric enabled automation at the configuration stage; however, L4-7 and security were still deployed as point solutions.  Each application infrastructure change still required intervention in rewiring the physical network, reconfiguring network nodes and, of course, with testing application integrity end-to-end and performance.
  • Results Rely on Security Confidence

    Travis Volk
    27 Jan 2015 | 7:11 am
    Too often we hear about the success of attackers in today’s cyber threat landscape, those who claim leadership in the ongoing information security war.  But history proves that the successes of those standing guard are rarely publicized.  And in this continuous battle of data protection, we are certain; more attacks are blocked by intelligent solutions than ever before.  As cyber threats continue, our networking teams are often drug into time consuming and complex battles that force reflection given the enormous stress that accompanies them.  As our community of cyber security…
  • Obama’s Cyber-Security Proposals: Does this Safe Platform Translate to a Safer Network?

    Ben Desjardins
    21 Jan 2015 | 8:53 am
    President Obama’s mention of cyber-security in last night’s State of the Union Address came as no surprise.  The Obama camp implemented a novel approach this year of “previewing” the President’s main agenda items through a series of speeches in the week preceding the SOTU. But even without the preview, the comments on cyber-security were rather predictable (and brief). Cyber security threats and their potential impact on organizations and individuals have become a mainstream issue in the past year and they represent a “safe” platform for public…
  • The Right Way to Secure Your Applications Against DDoS Using Signaling

    David Monahan
    12 Jan 2015 | 10:06 am
    David Monahan is Research Director for Enterprise Management Associates (EMA) and is a featured guest blogger. Let’s face it. DDoS are the big, fat, scary bully of the Internet. When organizations have sufficiently tight security or a would-be attacker doesn’t have the skills to overcome a target’s security, he or she can buy capacity on a bot-net or other delivery vehicle and slam packets from all over the world at the target’s site and application(s). Without the proper protections, the target is at the mercy of the attacker and his or her budget. However, with the…
  • Want to Deliver the Best Possible User Experience in 2015? Consider These 8 Web Performance Resolutions.

    Tammy Everts
    5 Jan 2015 | 7:24 am
    In survey after survey, internet users say they want their online experience to be as safe, reliable, and fast as possible. That’s why security, availability, and performance are at the core of everything we do at Radware. And that’s why we’ve compiled this list of resolutions — from managing page bloat to regaining control of rogue third-party scripts — for site owners who want to deliver the fastest possible user experience to their audience. 1. Manage “page bloat” Page size has a close correlation to performance. According to our latest quarterly ecommerce…
 
  • add this feed to my.Alltop

    pfSense Setup HQ

  • Siproxd: Part One

    maximumdx
    23 Jan 2015 | 4:00 pm
    Siproxd is a proxy/masquerading daemon for the SIP protocol. It handles registrations of SIP clients on a private IP network and performs rewriting of the SIP message bodies to make SIP connections work via a masquerading firewall (NAT). It allows SIP software clients or SIP hardware clients to work behind an IP masquerading firewall or NAT router. SIP, or Session Initiation Protocol, is a standardized set of formats for communicating messages used to initiate, control, and terminate interactive Unicast or Multicast user sessions with multimedia services such as Internet telephone calls,…
  • Reader’s Mailbag: 1-7-2015

    maximumdx
    7 Jan 2015 | 4:00 am
    I received an e-mail from a reader stating that even though he had an internet connection, he could not access the internet through his pfSense firewall. It occurred to me that there might be several reasons why this might be the case: pfSense’s WAN interface isn’t connected to the uplink/modem. The local network isn’t connected to pfSense’s LAN interface. The WAN and LAN interfaces are set up correctly, but there may be another configuration issue (e.g., traffic between the WAN and LAN is blocked). I am assuming the user’s setup (when functioning) looks…
  • Nagios Installation and Configuration: Part Two

    maximumdx
    9 Dec 2014 | 2:00 pm
    In the previous article, we introduced Nagios and began covering installation. In this article, we will continue our look at Nagios, covering configuration and installation of plugins. Nagios Configuration Now that Nagios has been installed, it’s time to configure it. Sample configuration files have been installed in the /usr/local/nagios/etc directory. For the most part, the settings in the sample files should work fine for getting started with Nagios. You should, however change the e-mail address associated with the nagiosadmin contact definition to the address you’d like to use…
  • Nagios Installation and Configuration: Part One

    maximumdx
    26 Nov 2014 | 2:00 pm
    Nagios is an open source computer system monitoring, network monitoring and infrastructure monitoring software application. It enables organizations to identify and resolve IT infrastructure problems before they affect critical business processes, and offers monitoring and alerting services. It alerts the users when things go wrong, and alerts them a second time when the problem has been resolved. Nagios was originally designed to run under Linux, but it also runs well on other Unix variants. It is licensed under the terms of the GNU GPL version 2. It was originally created under the name…
  • netio: A Network Benchmark Tool

    maximumdx
    17 Nov 2014 | 2:00 pm
    netio in action under pfSense 2.1.5. netio is a network benchmark utility for OS/2 2.x, Windows, Linux and Unix. It measures the net throughput of a network via TCP and UDP protocols using various different packet sizes. For netio to run a benchmark, one instance has to be run on one computer as a server process, while another instance is used on another computer to perform the benchmark. Starting with version 1.20, multi-threading support is required. While this does not affect anyone using the program under Linux or BSD, it did mean that DOS was no longer supported. netio: Installation and…
  • add this feed to my.Alltop

    blackstratus.com

  • Cloud Security Trends for 2015

    Rich Murphy
    26 Jan 2015 | 9:40 am
    A new year is upon us once again. If 2014 was any indication, cloud security will continue to be something on almost everyone’s mind. Last year saw several high profile hacks that brought concepts like social engineering and two-factor authentication out of the tech sphere and into the public discussion. So where do we go from here? Here’s a look at what some experts are saying will be the most important trends in cloud security and compliance for 2015: The rise of SaaS — By far the biggest trend in cloud computing in the coming year will continue to be the rise of security-as-a-service…
  • Regulatory Compliance Management by Industry

    Rich Murphy
    22 Dec 2014 | 1:00 am
    SIEM monitoring can and should be a part of the network security posture of any organization. But what are your legal requirements? The answer varies by industry, with state and federal regulations mandating different levels of compliance for different types of organizations. Legal requirements change often and can vary from one region to the other. While it’s always best to confirm before making any major decisions, there are some broad industry-specific considerations that should go into regulatory compliance management and planning: Energy — Legal compliance requirements for businesses…
  • ISO 27001 for Law Firms

    Rich Murphy
    9 Dec 2014 | 5:48 am
    Law firms are increasingly becoming the target of cyber attacks, a fact that is partially due to the vulnerable working habits of many lawyers. It’s also due to the lack of strong regulation within the industry. Unlike financial and healthcare organizations, there are no federal regulations governing how data is stored and protected in law firms. And when you consider that many lawyers need to access information on the go, from a variety of devices, it’s clear why firms of all sizes have become a prime target for hackers. One of best ways to keep your firm’s data safe is by adopting ISO…
  • How Safe Is Cloud Security?

    Rich Murphy
    18 Nov 2014 | 9:49 am
    Over the past year, the initial wave of enthusiasm for all things cloud-based has generally subsided, with a growing tide of skepticism emerging about the limits of its usefulness as a platform. Inspired by a number of high-profile security breaches, there is also skepticism about its security. While part of this is the inevitable backlash that occurs whenever something becomes trendy in tech, the security issue in particular is one that merits further investigation. While it’s reasonable to question whether or not your important data is safe in the cloud, it’s equally important to not…
  • Traditional and Software-Defined Networking

    Rich Murphy
    5 Aug 2014 | 3:00 am
    Software-defined networking (SDN) has emerged as a buzzword in recent years, though many outside of the IT sector seem uncertain about what the term actually means — especially in relation to cloud computing. What Is Software-Defined Networking? Software-defined networking was pioneered between 2008 and 2011 by work done at Stanford University and the Nicira Company (now part of VMware). The basic premise behind SDN is that by separating control of network functions from hardware devices, administrators acquire more power to route and direct traffic in response to changing requirements. As…
  • add this feed to my.Alltop

    Milton Security

  • The Ancient Art of Security: Part One

    Jim McMurry
    27 Jan 2015 | 3:17 pm
    by James “McTzu” McMurry I like to think of computer security as a digital analog to war. It’s a good analogy in many different ways, from the tactical aspect of securing local systems to the strategic aspect of creating a high level strategy for protecting an entire enterprise [1701?] Perhaps some of that has come to light in the recent cyber attacks we are seeing proliferated by both freelance players (think of them as mercenaries) and nationals (very much like national armed forces). In war, you try different tactics. A good general knows what has worked in the past and…
  • False Security is Worse than No Security

    Jim McMurry
    23 Jan 2015 | 2:46 pm
    Ostrich? You’ve probably heard the old story about how when an Ostrich gets scared it puts its head in the ground to hide. The idea being that if the Ostrich can’t see it’s threat, the threat can’t see the Ostrich. There is a certain logic and humor in this story which is why it has been around for so long. With the recent attention around the Sony hack as well as all the other large scale hacks (Target, Home Depot, Staples, etc.), the government has felt a need to respond with some reassurance that they are doing something to help Generally the government’s help comes in two…
  • And The Security Envelope Goes To…

    Jim McMurry
    22 Jan 2015 | 10:10 am
    It’s Oscar Season here in Southern California, and everyone is waiting for the envelopes! At Milton though, we are thinking about a different kind of envelope – a Security Envelope. The information age has given us all sorts of conveniences, but as we move ahead towards an even more connected world we have to keep in mind the cost of that convenience. I am, of course, talking about security and, more significantly, the control of collected information. We tend to see security as a war against aggressive attackers bent on gaining access to things we would like to keep confidential, but…
  • Minecraft hacked! 1,800 Accounts Leaked.

    Milton Security Group
    20 Jan 2015 | 10:14 am
    Attention Gamers! Minecraft has been hacked. It’s time to change your passwords! Minecraft is possibly one of the most popular online video games around. Originally created by Swedish programmer, Markus “Notch” Persson, it was eventually picked up by Swedish company, Mojang. The game allows players to build three dimensional structures, explore worlds, gather resources, and combat other players. According to German news outlet Heise, over 1,800 Minecraft accounts, including usernames, passwords, and email addresses were leaked online in a plain text file on Pastebin. Obviously, you’d…
  • The Security of Things

    Jim McMurry
    14 Jan 2015 | 9:01 am
    As I went to CES this year, I noticed a distinctive shift towards a new trend that everyone is referring to as “The Internet of Things” or IoT. People talk about this like it is a new trend, but actually it is a very old concept dating way back to when people started embedding computers in objects. For example, your average car has over 30 computers and luxury cars can have over a hundred! The control systems that constitute the air conditioning of large buildings are actually complex control systems with many embedded devices throughout the building, which report and control the complex…
 
  • add this feed to my.Alltop

    Cyberoam : Securing You

  • Red Hat offers a patch for Critical Vulnerability in RPM Package Manager

    Cyberoam Threat Research Labs
    27 Jan 2015 | 5:54 am
    A code execution vulnerability has been detected in RPM Package Manager, which is a powerful command line interface providing capabilities such as installing, uninstalling, verifying, querying, and updating of software packages to administrators. The vulnerability is due to an integer overflow when parsing the CPIO header in the payload section of an RPM file, leading to a stack buffer overflow. A remote attacker can exploit this vulnerability by enticing a user to install a maliciously modified signed RPM package. Successful exploitation could lead to arbitrary code execution. Red Hat has…
  • Credentials leaked again. Tips to avoid!

    Anurag Singh
    27 Jan 2015 | 5:42 am
    The last month of 2014 saw yet another hack by hackers associated with “Anonymous”. 13 thousand credentials from popular websites including Amazon, Walmart, Xbox Live and Sony PlayStation, were leaked. The text file containing usernames, passwords, credit card numbers and expiration date of the credit cards was posted on the File-Sharing website ‘GhostBin’ on 26th December 2014, which was deleted later. Prior to this leak, on 25th December, a different hackers’ group namely ‘Lizard Squad’ had compromised live gaming networks Sony’s PlayStation…
  • Angler Exploit Kit Locked & Loaded with Flash Zero Day Vulnerability

    Cyberoam Threat Research Labs
    23 Jan 2015 | 2:45 am
    The malicious Angler Exploit Kit is in news again with reports of it being loaded with a brand new Adobe Flash vulnerability. French security researcher Kafeine was the first to report this zero-day vulnerability which he says he came across while analysing an instance of the Angler Exploit Kit. The vulnerability affects several versions of Internet Explorer running on different versions of Windows (including Windows 7 and Windows 8). Some versions of Firefox may also be affected, says the researcher. The exploit is currently being employed used to install a piece of the Bedep malware. It is…
  • Caution: OpenSSL exposed to multiple design flaws

    Cyberoam Threat Research Labs
    12 Jan 2015 | 6:11 am
    Multiple Vulnerabilities have been found in OpenSSL. These vulnerabilities are due to several design weaknesses in the handling of incoming packets. Using these design flaws a remote unauthenticated user can launch an attack leading to a crash of the target daemon or cause information leak, policy bypass etc. The technical details for these vulnerabilities are publicly available and they affect servers in enterprise environments. CVSS Scoring CVSS Base Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C) CVSS Temporal Score: 5.8 (E:U/RL:OF/RC:C) Affected Software OpenSSL Project OpenSSL prior to 0.9.8zd…
  • Multiple PHP Vulnerabilities discovered

    Cyberoam Threat Research Labs
    12 Jan 2015 | 6:02 am
    Multiple critical vulnerabilities have been reported in PHP, which if exploited could enable non-privileged code execution. The exploit code for these vulnerabilities is publically available. A brief description of these vulnerabilities is given below: a) PHP Core unserialize process nested data Use After Free (CVE-2014-8142) This is a code execution vulnerability reported in PHP core. The vulnerability is due to a use after free error which is encountered while handling serialized object with identical keys within the unserialize() function. Using this flaw, a threat actors can remotely…
  • add this feed to my.Alltop

    blackstratus.com

  • Cloud Security Trends for 2015

    Rich Murphy
    26 Jan 2015 | 9:40 am
    A new year is upon us once again. If 2014 was any indication, cloud security will continue to be something on almost everyone’s mind. Last year saw several high profile hacks that brought concepts like social engineering and two-factor authentication out of the tech sphere and into the public discussion. So where do we go from here? Here’s a look at what some experts are saying will be the most important trends in cloud security and compliance for 2015: The rise of SaaS — By far the biggest trend in cloud computing in the coming year will continue to be the rise of security-as-a-service…
  • Regulatory Compliance Management by Industry

    Rich Murphy
    22 Dec 2014 | 1:00 am
    SIEM monitoring can and should be a part of the network security posture of any organization. But what are your legal requirements? The answer varies by industry, with state and federal regulations mandating different levels of compliance for different types of organizations. Legal requirements change often and can vary from one region to the other. While it’s always best to confirm before making any major decisions, there are some broad industry-specific considerations that should go into regulatory compliance management and planning: Energy — Legal compliance requirements for businesses…
  • ISO 27001 for Law Firms

    Rich Murphy
    9 Dec 2014 | 5:48 am
    Law firms are increasingly becoming the target of cyber attacks, a fact that is partially due to the vulnerable working habits of many lawyers. It’s also due to the lack of strong regulation within the industry. Unlike financial and healthcare organizations, there are no federal regulations governing how data is stored and protected in law firms. And when you consider that many lawyers need to access information on the go, from a variety of devices, it’s clear why firms of all sizes have become a prime target for hackers. One of best ways to keep your firm’s data safe is by adopting ISO…
  • How Safe Is Cloud Security?

    Rich Murphy
    18 Nov 2014 | 9:49 am
    Over the past year, the initial wave of enthusiasm for all things cloud-based has generally subsided, with a growing tide of skepticism emerging about the limits of its usefulness as a platform. Inspired by a number of high-profile security breaches, there is also skepticism about its security. While part of this is the inevitable backlash that occurs whenever something becomes trendy in tech, the security issue in particular is one that merits further investigation. While it’s reasonable to question whether or not your important data is safe in the cloud, it’s equally important to not…
  • Traditional and Software-Defined Networking

    Rich Murphy
    5 Aug 2014 | 3:00 am
    Software-defined networking (SDN) has emerged as a buzzword in recent years, though many outside of the IT sector seem uncertain about what the term actually means — especially in relation to cloud computing. What Is Software-Defined Networking? Software-defined networking was pioneered between 2008 and 2011 by work done at Stanford University and the Nicira Company (now part of VMware). The basic premise behind SDN is that by separating control of network functions from hardware devices, administrators acquire more power to route and direct traffic in response to changing requirements. As…
  • add this feed to my.Alltop

    Cognoscape, LLC

  • 3 Tips To Help You Prevent Data Loss

    Cognoscape
    22 Jan 2015 | 1:00 am
    Data loss has been a hot issue lately, especially after the hacking of iCloud and the resulting leak of celebrity photos, as well as the attack on Sony Pictures, releasing massive amounts of confidential and personal employee data. Whether you’re a large multinational corporation or an independent technology company, your information is important and should be kept as safe as possible. Here are a few basic tips on how to make sure your data is secure and remains that way.   Backup Your Data By now, backing up your data should be common sense. Too many things can go wrong not to have…
  • 3 Leadership Lessons Learned From NBA Basketball

    Cognoscape
    8 Jan 2015 | 1:00 am
    It is undeniable that sports offer invaluable lessons and offer essential leadership roles for people of all ages. The NBA provides many essential examples for success. Ifyou consider yourself a leader, or you are in the beginning stages of becoming one, at work, home, in the community, or in an educational setting, the NBA offers more than entertainment; it is a critical leadership model for every stage of life for high-end results. 1. Adopt the three Cs: charisma, challenge, and control To be an effective leader, you need to know how to inspire and challenge others to do their very best.
  • How Our Technology Roadmap Leads You to Business Success

    Cognoscape
    18 Dec 2014 | 1:00 am
    How do you get to your destination without a roadmap to guide you? When you travel alone, you can run into unexpected roadblocks and turbulence, but an effective roadmap is like a sophisticated GPS that leads you down the right path so you can feel safe, secure and supported as you navigate through the business world. You envision the success, and we will guide you toward it with our trusty technology roadmap. Discover how the Cognoscape technology roadmap leads you to business success.   No more downtime and roadblocks When companies switch to new programs, face an IT crisis, or…
  • Don’t get caught by this holiday email scam!

    David Keller
    4 Dec 2014 | 11:03 am
    The holidays are a busy time for all of us and with the advent of online shopping to avoid the crowds we are becoming conditioned to receiving purchase related emails from a variety of sources. The cyber crime community is well aware of this and a new trend in cyber crime using fake order confirmation and other typical purchase-related emails has been noticed, as reported by internet security company Malcovery. The primary payload of these emails is the malware known as ASProx, a particularly nasty trojan that collects email addresses and passwords from it’s victim’s computers,…
  • 5 Ways to Stay Fit When You Sit All Day

    Cognoscape
    4 Dec 2014 | 1:00 am
    The American Medical Association reminds people that sitting is bad for a person’s personal health and some scholars refer to the epidemic as “sitting disease.” The longer you sit, the more likely you are to suffer negative health consequences. On average, some people sit anywhere from 7.7 to 15 hours a day. We are sitting the same amount of time, if not more than, the time we spend sleeping. Good news: some studies suggest that an hour of physical activity a day can make up for an entire day of sitting. Get up and get moving, and the following ways will help you stay fit when all you…
 
  • add this feed to my.Alltop

    TutorialsLodge

  • I’m Friends with the Wizard – Windows Backup

    Uche Gozie
    28 Jan 2015 | 11:35 pm
    I know I’m not being fair when I wrote about backups in Linux. Even if you don’t tell me, I feel my conscience is getting the better part of meRead More → The post I’m Friends with the Wizard – Windows Backup appeared first on TutorialsLodge.
  • Backing Up-It only hurts the first time

    Uche Gozie
    24 Jan 2015 | 12:37 am
    In an introduction to computing class one day, a lecturer classified computer users into several categories. i.e Super Users, … blah blah blah but I think there are only twoRead More → The post Backing Up-It only hurts the first time appeared first on TutorialsLodge.
  • Setting Up Your Web Directory

    Chimezie Michael
    23 Jan 2015 | 12:34 am
    Having a good web directory is very important and necessary for web designers and developers, because it makes your work neat and much more easier in terms of linking andRead More → The post Setting Up Your Web Directory appeared first on TutorialsLodge.
  • Installing Software in Linux

    Uche Gozie
    21 Jan 2015 | 10:53 am
    The below commands when entered into the Linux terminal installs software on the Linux system. These are commands any user who is new to the operating system and wants toRead More → The post Installing Software in Linux appeared first on TutorialsLodge.
  • How To Create A Two Column Layout Using Tables

    Chimezie Michael
    19 Jan 2015 | 12:44 am
    A friend of mine who is new to web designing told me he is having facing some difficulties creating layouts using tables.So I decided to do a tutorial on HowRead More → The post How To Create A Two Column Layout Using Tables appeared first on TutorialsLodge.
  • add this feed to my.Alltop

    Guardian Network Solutions

  • What Small Businesses can learn from the Sony Hack?

    Cody Blake
    21 Jan 2015 | 9:59 pm
    Small business organizations often think that they don’t have to worry much about hackers and network security issues. Yet, an upset customer or a disgruntled ex-employee may target such a business. In this context it is better to take into … Continue reading >>> The post What Small Businesses can learn from the Sony Hack? appeared first on Guardian Network Solutions.
  • Top Five Network Security Companies from 2014

    Cody Blake
    16 Jan 2015 | 11:36 am
    Where there is a network, there are always security risks and vulnerabilities. When this happens, there could be a situation where your legitimate users may be denied access to the server. The worst thing that could happen is a server … Continue reading >>> The post Top Five Network Security Companies from 2014 appeared first on Guardian Network Solutions.
  • 7 Bad Computer Habits You Need To Let Go

    Cody Blake
    14 Jan 2015 | 12:58 am
    Computers have become everyday necessities for most of us. But unfortunately we haven’t respected these great machines and have often misused them. Computers are great valuable tools not only for pleasure but also for business and we ought to take … Continue reading >>> The post 7 Bad Computer Habits You Need To Let Go appeared first on Guardian Network Solutions.
  • The Pros and Cons of Cloud Security Software

    Cody Blake
    7 Jan 2015 | 7:50 am
    Looking for huge savings and resources? Have you had your eyes on unexpected risks and large scale profits since long? Waste no time and turn to cloud computing which however has its own limitations and advantages. More and more businesses … Continue reading >>> The post The Pros and Cons of Cloud Security Software appeared first on Guardian Network Solutions.
  • add this feed to my.Alltop

    Trend Micro Simply Security

  • Healthcare cyber security set to grapple with EHR, regulation and malware in 2015

    Trend Micro
    23 Jan 2015 | 5:09 am
    Cyber security was a top issue for healthcare CIOs and their teams in 2014, as they continued to deal with issues such as targeted attacks, mishandled and lost records and the introduction of new technologies (like cloud computing and wearables) into hospitals and clinics. A November 2014 study by Bitglass discovered that nearly half of data breaches in the U.S. involved healthcare providers, and that the sensitive information lifted from them was up to 50 times more valuable than credit card data. With credit card issuers already beginning the transition to chip-and-PIN technology to replace…
  • New “Zero-day” in Adobe Flash: What You Need to Know

    Christopher Budd
    22 Jan 2015 | 10:41 am
    This morning, we learned of a new problem affecting Adobe’s Flash product. This is a serious situation that affects nearly everyone using Microsoft Windows. Because of that, here’s what you need to know and, most importantly, what you should do about it. What’s the problem? The problem is that there’s a newly discovered vulnerability affecting Adobe’s Flash product on Microsoft Windows. This vulnerability or flaw can be used by attackers to run code or programs on your Windows computer as if you ran it. Anything you can do on your computer the attacker’s program can do. In a worst…
  • Endpoint Security: Protecting against the Next Generation of Attacks

    Eric Skinner
    20 Jan 2015 | 9:00 am
    Endpoint security has changed fundamentally over the past 20+ years, in many ways mirroring the evolution of the wider information security market. From the first basic anti-malware scanners of the ‘90s, through innovations in black- and whitelisting, intrusion detection, web and email filtering, and today’s sophisticated targeted attack detection products – we’ve sure come a long way. But the big question on the minds of CISOs everywhere is: “How do I modernize to stay on top of current threats?” That’s why Trend Micro has commissioned a comprehensive new white paper from…
  • Trend Micro and Best Buy’s Geek Squad Sponsor X Games Snowmobiler

    Richard Medugno
    20 Jan 2015 | 6:45 am
    Brett Turcotte is a world-class snowmobiler who will be competing in this week’s Winter X Games in Aspen, Colorado. He is going to be ripping powder with death-defying tricks while enjoying  the new sponsorship of two companies known for delivering high-quality products and top-flight service that are proud to assist star athletes pursue their passions. A 27-year-old Canadian freestyle snowmobile rider on the McGuire racing team, Turcotte will be vying for a medal in this year’s Snowmobile Speed and Style competition with the financial support of Trend Micro and Best Buy Geek Squad. We…
  • Preparing for the Fight: Best Practices for Healthcare IT and Security Teams

    JD Sherry
    15 Jan 2015 | 2:25 pm
    Every healthcare/hospital administrator’s worst nightmare was realized earlier this year when hospital operator Community Health Systems (CHS) revealed it had suffered a major data breach. The 29-state provider claimed it had been the victim of an Advanced Persistent Threat (APT) originating from China. It later emerged that sensitive information of around 4.5 million patients was exposed. So what can the attack tell us about the cyber threats facing healthcare organizations today, and how can they better defend themselves? A cautionary tale First up, let’s get things clear: CHS wasn’t…
 
Log in