Network Security

  • Most Topular Stories

  • Minecraft used as cover to push Android scareware apps on Google Play

    Latest Security Articles from Techworld
    22 May 2015 | 9:06 am
    Up to three million users might have downloaded bogus apps, says ESET
  • Hacking Virginia State Trooper Cruisers

    Dark Reading:
    Kelly Jackson Higgins
    22 May 2015 | 6:30 am
  • Spying pressure mounting worldwide

    Network Security Blog
    netsecpodcast@mckeay.net (Martin McKeay)
    11 May 2015 | 12:30 am
    It’s been an interesting ride ever since Edward Snowden came out with the revelations about NSA spying efforts two years ago.  There was a huge public outcry at first, both from the side who believes spying on your own citizens is necessary and from the side who believes spying on your own citizens is a vital tool in protecting them.  Both sides of the argument have been trying to sway public opinion, with varying degrees of success, but it’s been the spy organizations that have been getting their way as judges and lawmakers side with them for the most part.  But that’s…
  • VENOM Exploit

    Milton Security
    Milton Security Group
    13 May 2015 | 1:25 pm
    If you thought that Heartbleed was bad, this is worse. A new vulnerability called VENOM (Virtualized Environment Neglected Operations Manipulation) has struck. The vulnerability attacks virtual servers, utilizing the often overlooked shared resource, the virtual floppy drive controller. This allows attackers to access the datastore (Physical Hard Drive) on the servers which means even though your “cloud” server is separated from the others, it shares the physical machine which means all data is open to be stolen. This attack works on all current  VM services, but Oracle has fixed it in…
  • Developing and Assessing your DLP Strategy (Part 2)

    Feed: Articles & Tutorials
    Deb Shinder
    20 May 2015 | 2:28 am
    In this, Part 2, we will start to delve more deeply into the intricacies of DLP, characteristics of good DLP software solutions, and how to implement your DLP plan.
  • add this feed to my.Alltop

    Network Security Blog

  • Spying pressure mounting worldwide

    netsecpodcast@mckeay.net (Martin McKeay)
    11 May 2015 | 12:30 am
    It’s been an interesting ride ever since Edward Snowden came out with the revelations about NSA spying efforts two years ago.  There was a huge public outcry at first, both from the side who believes spying on your own citizens is necessary and from the side who believes spying on your own citizens is a vital tool in protecting them.  Both sides of the argument have been trying to sway public opinion, with varying degrees of success, but it’s been the spy organizations that have been getting their way as judges and lawmakers side with them for the most part.  But that’s…
  • RSA 2015 Interview: Mike Walls, Edgewave

    netsecpodcast@mckeay.net (Martin McKeay)
    7 May 2015 | 3:45 am
    I got a chance to talk to Mike Walls, Edgewave‘s Director of Cyber Operations and ex-Navy pilot on the floor of the RSA conference.  I chose Edgewave to talk to specifically because of their marketing material and the number of buzzwords they used to discribe themselves.  Mike does a fair job of defending and refining their meaning as well as highlighting some of the differences he sees between private sector and DoD incident responders.  Still, he uses ‘cyber’ a lot, one of the tells that he really did work in government. Interview with Mike Walls, Edgewave
  • RSA 2015 Interview: Jason Straight, UnitedLex

    netsecpodcast@mckeay.net (Martin McKeay)
    5 May 2015 | 11:35 am
    I got a chance to sit down with Jason Straight, SVP and Chief Privacy Officer.  Jason works on the legal side of security, meaning as a lawyer, not law enforcement.  The conversation covers international legal concerns, privacy and communicating with your own legal counsel, just to mention a few of the topics. The interview was recorded in a busy tea house and I’ve done my best to remove as much of the noise as possible. http://traffic.libsyn.com/mckeay/NSP-RSA2015-JasonStraight.mp3
  • Dad, I want to learn to hack

    netsecpodcast@mckeay.net (Martin McKeay)
    4 May 2015 | 11:10 pm
    My teenagers, like many teenagers, are curious about what their father does for a living.  They’ve been to maker faires, security conferences, unconferences, Defcon, BSides, Hack in the Box, and they’ve really enjoyed them all. They’ve heard me talk about all sorts of current events in the context of computer security.  Quite frankly, I’m a little surprised they still want to hear about security and privacy considering my propensity to monologue (aka rant) about most things security related at the drop of a hat.  But they’re both sponges and given that…
  • Posting other places

    netsecpodcast@mckeay.net (Martin McKeay)
    21 Oct 2014 | 9:49 am
    I’ve been blogging for some other sources lately.  It’s interesting to be creating articles for someone other than myself, because I put more thought into it and spend more time trying to organize my thoughts and outline the article before I put virtual pen to paper.  I’m writing for IBM’s Security Intelligence blog (they’re an Akamai partner) and InfoSecurity Magazine regularly and contributing to other venues as opportunity comes up and time allows.  Blog post, articles, webinars, presentations, or just shooting the breeze about security, I do it all.
 
 
 
 
  • add this feed to my.Alltop

    TaoSecurity

  • An Irrelevant Thesis

    23 May 2015 | 9:40 am
    This week The Diplomat published an article by Dr Greg Austin titled What the US Gets Wrong About Chinese Cyberespionage. The subtitle teases the thesis: "Is it government policy in China to pass on commercial secrets obtained via cyberespionage to civil sector firms?" As you might expect (because it prompted me to write this post), the author's answer is "no."The following contains the argument:"Chinese actors may be particularly adept in certain stages of economic espionage, but it is almost certainly not Chinese government policy to allow the transfer of trade secrets collected by…
  • What Year Is This?

    10 May 2015 | 12:07 pm
    I recently read a manuscript discussing computer crime and security. I've typed out several excerpts and published them below. Please read them and try to determine how recently this document was written.The first excerpt discusses the relationship between the computer and the criminal."The impersonality of the computer and the fact that it symbolizes for so many a system of uncaring power tend not only to incite efforts to strike back at the machine but also to provide certain people with a set of convenient rationalizations for engaging in fraud or embezzlement. The computer lends an…
  • The Need for Test Data

    30 Apr 2015 | 2:22 pm
    Last week at the RSA Conference, I spoke to several vendors about their challenges offering products and services in the security arena. One mentioned a problem I had not heard before, but which made sense to me. The same topic will likely resonate with security researchers, academics, and developers.The vendor said that his company needed access to large amounts of realistic computing evidence to test and refine their product and service. For example, if a vendor develops software that inspects network traffic, it's important to have realistic network traffic on hand. The same is true of…
  • Will "Guaranteed Security" Save the Digital World?

    28 Apr 2015 | 5:47 pm
    Thanks to a comment by Jeremiah Grossman on LinkedIn, I learned of his RSA talk No More Snake Oil: Why InfoSec Needs Security Guarantees. I thought his slide deck looked interesting and I wish I had seen the talk.One of his arguments is that security products and services lack guarantees, "unlike every day 'real world' products," as shown on slide 3 at left.The difference between the products at left and those protected by security products and services, however, is that security products and services are trying to counter intelligent, adaptive adversaries.Jeremiah does include a slide…
  • Example of Chinese Military Converging on US Military

    13 Apr 2015 | 2:33 pm
    We often hear of vulnerabilities in the US military introduced by net-centric warfare and a reliance on communications network. As the Chinese military modernizes, it will introduce similar vulnerabilities.I found another example of this phenomenon courtesy of Chinascope:PLA Used its Online Purchasing Website for its First Online PurchaseWritten by LKY and AEF   Xinhua reported that on, April 7, the PLA announced that five manufacturers won the bidding, totaling 90 million yuan (US$14.48 million), to supply general and maintenance equipment to the PLA. The article said that these…
  • add this feed to my.Alltop

    Spyware news

  • A new wave of Cryptolocker has just showed up!

    14 May 2015 | 7:54 am
    As the latest announcement of PC security experts claims, people should expect a new wave of Cryptolocker. At the moment of writing, you are at the biggest risk of getting infected with this threat (or other its variants) if you live in Australia and Europe. However, even if you live in USA or Far East countries, you should […]
  • Superfish, Delta Homes and JollyWallet were the most popular ad injectors in 2014

    11 May 2015 | 7:04 am
    According to the latest Google study, in 2014, 5.5% of its users saw malicious ads during their browsing. This is equal to tens of millions of vulnerable uses who might have been involved to such dangerous activities as data theft, hijacked search queries and installed malware. The additional results of the study, which has also involved the University of California, […]
  • Will Rombertik malware try to destroy your computer? We don’t think so!

    7 May 2015 | 6:43 am
    Several days ago one virus received much more attention than other ones. If you haven’t noticed anything unusual, we will have to give you the name of it. This threat is called Rombertik. Why people have been overreacting when discussing about it? The most important thing that was escalated is that, according to the most of posts that can be […]
  • Why do I need backup and what options do I have for that?

    24 Apr 2015 | 6:45 am
    Months after months, security experts have been reporting that ransomware cases are growing at a steady rate and that there is no chance that hackers will stop distributing these viruses. If you have never heard about ransomware, then you should remember the main thing – after infecting the system, such threat can easily encrypt your […]
  • Authorities announce about the takedown of Simda Botnet

    17 Apr 2015 | 6:14 am
    It seems that today we can feel much safer than we were one week before. Why are we saying this? That’s because of the latest Interpol announcement that reports about the takedown of Simda botnet. It is known that this takedown operation involved Interpol,Microsoft, the Federal Bureau of Investigation, the Dutch National High Tech Crime […]
  • add this feed to my.Alltop

    Schneier on Security

  • Story of the ZooKeeper Poison-Packet Bug

    schneier
    25 May 2015 | 7:20 am
    Interesting story of a complex and deeply hidden bug -- with AES as a part of it.
  • Friday Squid Blogging: Giant Squid Washes Up in New Zealand

    schneier
    22 May 2015 | 2:39 pm
    The latest one. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
  • USPS Tracking Queries to Its Package Tracking Website

    schneier
    22 May 2015 | 10:33 am
    A man was arrested for drug dealing based on the IP address he used while querying the USPS package tracking website.
  • Why the Current Section 215 Reform Debate Doesn't Matter Much

    schneier
    22 May 2015 | 3:45 am
    The ACLU's Chris Soghoian explains (time 25:52-30:55) why the current debate over Section 215 of the Patriot Act is just a minor facet of a large and complex bulk collection program by the FBI and the NSA. There were 180 orders authorized last year by the FISA Court under Section 215 -- 180 orders issued by this court. Only five of those orders relate to the telephony metadata program. There are 175 orders about completely separate things. In six weeks, Congress will either reauthorize this statute or let it expire, and we're having a debate -- to the extent we're even having a debate -- but…
  • New Pew Research Report on Americans' Attitudes on Privacy, Security, and Surveillance

    schneier
    21 May 2015 | 11:05 am
    This is interesting: The surveys find that Americans feel privacy is important in their daily lives in a number of essential ways. Yet, they have a pervasive sense that they are under surveillance when in public and very few feel they have a great deal of control over the data that is collected about them and how it is used. Adding to earlier Pew Research reports that have documented low levels of trust in sectors that Americans associate with data collection and monitoring, the new findings show Americans also have exceedingly low levels of confidence in the privacy and security of the…
 
  • add this feed to my.Alltop

    Infosec Events

  • Information Security Events For May

    sheila
    3 May 2015 | 5:36 am
    Here are information security events in North America this month:   Information Security Summit 2015 : May 1 in New York, NY, USA.   IEEE Int. Symposium on Hardware-Oriented Security and Trust (HOST 2015) : May 5 to 7 in VA, USA.   Jailbreak Brewing Company Security Summit 2015 : May 8 in MD, USA.   BSides Boston 2015 : May 9 in MA, USA.   BSides San Antonio 2015 : May 10 in San Antonio, TX, USA.   MetricStream GRC Summit 2015 : May 11 to 13 in VA, USA.   CISO Executive Summit New York : May 11 in NY, USA.   Rocky Mountain Information Security…
  • Week 16 In Review – 2015

    md
    20 Apr 2015 | 1:02 pm
    Events Related Test your hacker skills with DEF CON at the 2015 TRIBECA film festival – tribecafilm.com For the first time ever, the world’s biggest underground hacking conference will travel from Las Vegas to NYC for this year’s TFF. Resources PCI versions 3.0, 3.1 and your SecureSphere deployment – blog.imperva.com This blog entry will focus solely on new requirements that either affect SecureSphere, or requirements that Secure could affect. PCI 2.0 requirements that can be mitigated using SecureSphere are out of scope of this document. Memex (Domain-Specific Search) –…
  • Week 15 In Review – 2015

    md
    15 Apr 2015 | 1:56 pm
    Resources SyScan2015 Conference Slides – syscan.org These are the SyScan2015 Conference Slides. SyScan2015 Conference Slides can be download from here. CanSecWest 2015 Files – cansecwest.com The CanSecWest conference was established in 2000. Archives of presented materials in CanSecWest Vancouver 2015 can be found here. RF Testing Methodology – nccgroup.github.io The RFTM is an Open Source, collaborative testing methodology.It is focussed on providing the information that security researchers and consultants need to know in order to effectively test systems that employ RF…
  • Week 14 In Review – 2015

    md
    6 Apr 2015 | 12:08 pm
    Events Related Black Hat Asia 2015 Recap – blog.fortinet.com For the second year in a row, BlackHat Asia was held in Singapore, at the end of March, in the luxury Marina Bay Sands hotel. As usual, the 2 days briefings were fully loaded of plenty of topics. 3 distinct tracks were offered, plus the business track and of course the technical Arsenal rooms. My experience at Black Hat Asia 2015 -secpod.org With all the frightening stories of hackers at Black Hat, Preeti Subramanian stepped into not-just-yet-another-conference in Singapore. Situated at the plush location of the island country,…
  • Information Security Events For April

    sheila
    2 Apr 2015 | 2:33 am
    Here are information security events in North America this month: SecureWorld Kansas City 2015 : April 1 in Kansas City, MO, USA   10th Cyber and Information Security Research Conference (CISRC 2015) : April 7 to 9 in Tennessee , USA   InfoSec Southwest 2015 : April 10 to 12 in Austin, TX, USA   BSides Charm 2015 : April 11 to 12 in Columbia, MD, USA   BSides Orlando 2015 : April 11 to 12 in Orlando, FL, USA   BSides Nash 2015 : April 11 in Nashville, TN, USA   Symantec Government Symposium 2015 : April 15 in Washington, DC, USA   AtlSecCon 2015 : April 16…
  • add this feed to my.Alltop

    Dr Anton Chuvakin Blog PERSONAL Blog

  • Links for 2015-05-06 [del.icio.us]

    Anton Chuvakin
    7 May 2015 | 12:00 am
    Experts debate the value and future of data loss prevention tools
  • Monthly Blog Round-Up – April 2015

    1 May 2015 | 11:11 am
    Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month: “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? Well, you be the judge.  Current emergence of open source log search tools, BTW, does not break the logic of that post. SIEM requires a lot of work, whether you paid for the software, or not. [282 pageviews] “Simple Log Review Checklist Released!” is often at the top of this list – the checklist is still a very useful tool for many people. “On Free Log Management Tools” is a…
  • Links for 2015-04-06 [del.icio.us]

    Anton Chuvakin
    7 Apr 2015 | 12:00 am
    Cybersecurity at Aetna Is a Matter of Business Risk - The CIO Report - WSJ
  • Links for 2015-04-03 [del.icio.us]

    Anton Chuvakin
    4 Apr 2015 | 12:00 am
    Why you should be spending more on security | Network World
  • Links for 2015-04-02 [del.icio.us]

    Anton Chuvakin
    3 Apr 2015 | 12:00 am
    Do Threat Exchanges Work? - eSecurity Planet
 
  • add this feed to my.Alltop

    Security Blog

  • Weekly Intelligence Summary Lead Paragraph: 2015-05-15

    dkennedy
    17 May 2015 | 6:21 pm
    The InfoSec community was snakebit this week by CrowdStrike’s disclosure of the VENOM vulnerability (CVE-2015-3456) in the Floppy Disk Controller component of virtualized platforms using Xen, KVM or QEMU software. To successfully exploit the vulnerability and compromise a host system, a threat actor would need privileges on a guest virtual machine on that host. To answer your questions: Is VENOM remotely exploitable? No, local privileges are required. Can VENOM be widely exploited? Most likely not. Is exploit code available and are attacks occurring in the wild? The answer to both is no,…
  • Weekly Intelligence Summary Lead Paragraph: 2015-05-08

    dkennedy
    8 May 2015 | 8:28 pm
    The InfoSec risk intelligence collection probably affecting all Verizon Enterprise clients was the WordPress 4.2.2 security release; coming just ten days after the previous security release.  Sucuri reported attacks in the wild on Wednesday.  Enterprises using WordPress probably have security architecture to mitigate the immediate risk and should update normally.  Other risks come from the multitude of unpatched WordPress sites that cybercriminals will subvert for Exploit Kits (EK), spam support (such as taking orders for certain medications) and Trojan download hosts. We collected reports…
  • The Circle of Life: A DBIR Attack Graph

    Gabe Bassett
    7 May 2015 | 1:45 pm
    IntroductionIn the DBIR, the vast majority of our breach analysis consists of statistical analysis of data frames, (i.e. spreadsheets) ,derived from VERIS encoded DBIR data.  The VERIS framework is designed to capture breaches as if everything happening in the breach happened at a single point in time.In this blog however, we will attempt to massage a bit of sequence out the DBIR data.  In doing so, we will generate a basic attack graph from the DBIR data, allowing us to see how precursor attacks can lead to follow-on attacks. MethodologyA caveat up front, VERIS doesn’t provide a way…
  • Getting Started with VERIS (part 1)

    Suzanne Widup
    6 May 2015 | 2:54 pm
    VERIS stands for the Vocabulary for Event Recording and Incident Sharing, and is useful for tracking metrics about security incidents (more information is available on veriscommunity.net). The first step in moving your organization towards evidence-based risk management is to know what kinds of attacks you are facing.  Since it is very difficult to know that without actually measuring it–VERIS is a good place to begin.  We use VERIS to make sense of the volume of security incidents that our contributors provide us when we are working on the Verizon Data Breach Investigations Report,…
  • Weekly Intelligence Summary Lead Paragraph: 2015-05-01

    ssimpson
    1 May 2015 | 4:20 pm
    “By Thor’s DDoS Hammer!” That’s what members of the VCIC said after collecting several noteworthy reports on denial of service attacks this week. Leading the pack is Arbor Networks’ report of a 334 Gbps attack directed at an unnamed network provider in Asia. In the first quarter, they observed twenty-five attacks consuming 100 Gbps or more and the majority involved NTP, SSDP or DNS amplification attacks. CloudFlare provided an excellent overview of how JavaScript-based DDoS attacks work (think the Great Cannon) and Neustar published its April 2015 North American DDoS attack report…
  • add this feed to my.Alltop

    Optimal Security

  • How Does Your Organization Handle Vulnerability Disclosures?

    Orion
    25 May 2015 | 11:30 am
    You’ve probably heard the idiom “No good deed goes unpunished.” It looks like that phrase will survive even the cyber age. There have a been few news stories about how vulnerability disclosures were handled, or mishandled. Some made me laugh, some made me cringe. When IT Security professionals find a vulnerability, they know what to do next. Being part of the industry, they know what responsible disclosure is. The Golden Rule, Karma, or some other form of conscience dictates that they privately notify the organization which can address the problem and give them time to do it, before…
  • Infosec Haiku

    Chris Merritt
    23 May 2015 | 9:48 am
    Anata no joho sekyuritei konshu no haiku When our peers get hacked, we increase security. Ooopps – breach discovered!   ### Notes ### * Thanks to Ms. Etsuko vdH for the translation. * Thanks to everyone who’ve contributed their haikus … watch this space to see if yours is published. * Submit Your Own … if yours is published, I’ll send you a $20 Starbux card. Please DM me at infosec-haiku@lumension.com. Contest Rules: all rulings by the judge (me) are final, blah blah blah.
  • Logjam vulnerability – what you need to know

    Graham Cluley
    20 May 2015 | 11:25 am
    I’ve heard people talking about a new internet security flaw called Logjam. What is it? Logjam is the name given to a newly-discovered encryption vulnerability that could be used by attackers to spy upon your sensitive communications, and threatens the security of many mail servers, HTTPS-protected web servers and other internet services such as VPNs and SSH servers. Rather like the FREAK flaw discovered earlier this year, Logjam is actually an ancient problem introduced in SSL that was inherited by TLS, and has only been unearthed now. Like other attacks and vulnerabilities seen in…
  • Buying Exploits for Zero-Day Vulnerabilities

    Orion
    18 May 2015 | 6:30 am
    A few weeks ago a story appeared on Slashdot about a new marketplace on the Dark Web called The Real Deal. Since it’s already in the press, hopefully there’s no harm in describing it here. I do risk being banned from the site for discussing it, but I’m optimistic they’ll see it as free publicity rather than doxxing. These marketplaces come and go fairly frequently. They typically have a lifespan of 6 to 18 months, with the now defunct market Silk Road being the exception with years of operation. The challenge in building a marketplace is that no one trusts anyone…
  • Infosec Haiku

    Chris Merritt
    16 May 2015 | 1:26 pm
    Anata no joho sekyuritei konshu no haiku Adobe Reader: Critical Patches Released. Please Update Today!   ### Notes ### * Thanks to Ms. Etsuko vdH for the translation. * Thanks to everyone who’ve contributed their haikus … watch this space to see if yours is published. * Submit Your Own … if yours is published, I’ll send you a $20 Starbux card. Please DM me at infosec-haiku@lumension.com. Contest Rules: all rulings by the judge (me) are final, blah blah blah.
 
  • add this feed to my.Alltop

    TRUSTe Blog

  • Ad-Funded Internet Community to Convene at Upcoming DAA Summit

    kfreeman
    21 May 2015 | 10:17 am
    The Digital Advertising Alliance will host its 3rd annual summit on June 2 in New York. At this all day event, DAA participants can engage in discussions about innovation in the ad-funded Internet community as well as listen to presentations and panels from industry thought leaders. Special guest, FTC Commissioner Terrell McSweeny, will discuss key … Continue reading » The post Ad-Funded Internet Community to Convene at Upcoming DAA Summit appeared first on TRUSTe Blog.
  • IoT Privacy Summit: Smart Cities

    kfreeman
    20 May 2015 | 11:16 am
    Leading up to the second annual IoT Privacy Summit on June 17 we’ll be featuring a series of blog posts about the panels and speakers at the upcoming event. The cities of the future are almost here. Connected technology is not just for wearable devices — it can also be utilized to increase the efficiency … Continue reading » The post IoT Privacy Summit: Smart Cities appeared first on TRUSTe Blog.
  • IoT Privacy Summit: Self-Regulation & IoT Panel

    kfreeman
    15 May 2015 | 9:47 am
    Leading up to the second annual IoT Privacy Summit on June 17 we’ll be featuring a series of blog posts about the panels and speakers at the upcoming event.   No one knows for certain the exact impact big data will have on the future of privacy, or how the government might respond to big data’s … Continue reading » The post IoT Privacy Summit: Self-Regulation & IoT Panel appeared first on TRUSTe Blog.
  • Meet TRUSTe: Andrew McDevitt, Senior Privacy Consultant

    kfreeman
    14 May 2015 | 9:00 am
    Each week we give you an inside look at the talented, knowledgeable and friendly people who work at TRUSTe. This week’s Meet TRUSTe post will introduce you to one of our privacy consulting team members.  Name: Andrew McDevitt Job Title: Senior Privacy Consultant – CIPM, CIPP/E/G/US How long have you been a consultant at TRUSTe? I have been with the … Continue reading » The post Meet TRUSTe: Andrew McDevitt, Senior Privacy Consultant appeared first on TRUSTe Blog.
  • New Trust Framework to Address Privacy & Security Challenges of Connected Devices

    kfreeman
    13 May 2015 | 9:00 am
    The Online Trust Alliance (OTA), announced today that it’s welcoming experts to join the working group creating a trust framework for the security, privacy and sustainability risks of the Internet of Things (IoT) devices. The framework will be presented in a special panel at TRUSTe’s IoT Privacy Summit 2015 on June 17 in Menlo Park, … Continue reading » The post New Trust Framework to Address Privacy & Security Challenges of Connected Devices appeared first on TRUSTe Blog.
 
 
  • add this feed to my.Alltop

    Free IT - Security Magazines and Downloads from alltop.tradepub.com

  • 2015 Mobile Threat Report

    20 May 2015 | 12:00 am
    The research illustrates that in 2014, nearly one million (931,620) unique malicious applications were produced, or rather a 391 percent increase from 2013 alone. Android devices continue to be the main target of malware and was 97 percent of all mobile malware developed.Additional key findings from the report include:The ability to take profit from an end user with SMS premium services or ad networks is a capability of each of the top 10 malware threats identified in 2014.The overwhelming majority of Android malware is being developed and distributed in unregulated third party app stores in…
  • Top Trending IT Security Resources for Spring 2015

    19 May 2015 | 7:20 pm
    Top Trending IT Security Resources for Spring 2015, brings together the latest in information, coverage of important developments, and expert commentary to help with your IT Security related decisions.The following kit contents will help you get the most out of your IT Security research:To Increase Downloads, Instill Trust FirstWanted: Guardians to Keep Sensitive Data Safe & ProtectedPractical Guide to IT Security Breach Prevention Part II: Reducing Mobile, Web, and Social Media RisksVideo: Understanding the Demands of the Modern Data CenterRequest Free!
  • The Essentials of Information Security Kit: Includes a Free PC Security Handbook - 2nd Edition eBook

    19 May 2015 | 7:20 pm
    The Essentials of Information Security brings together the latest in information, coverage of important developments, and expert commentary to help with your Information Security related decisions.The following kit contents will help you get the most out of your Information Security research:PC Security Handbook - 2nd EditionTo Increase Downloads, Instill Trust FirstWanted: Guardians to Keep Sensitive Data Safe & ProtectedPractical Guide to IT Security Breach Prevention Part II: Reducing Mobile, Web, and Social Media RisksRequest Free!
  • Government Web Security and the OWASP Top 10: The Big Picture

    19 May 2015 | 12:00 am
    Security on the web is becoming an increasingly important topic for organisations to grasp. Recent years have seen the emergence of the hacktivist movement, the increasing sophistication of online career criminals and now the very real threat posed by nation states compromising personal and corporate security. The Open Web Application Security Project gives us the OWASP Top 10 to help guide the secure development of online applications and defend against these threats. This course takes you through a very well-structured, evidence-based prioritisation of risks and most importantly, how…
  • How To Replace FTP and Increase File Transfer Efficiency by 98% With Biscom Secure File Transfer -- A Customer Success Story

    18 May 2015 | 5:20 pm
    The increase in people sharing data and files, combined with size and security limitations of email and FTP, has forced organizations to seek solutions for sending large and confidential files while complying with a multitude of compliance and regulatory requirements. Biscom Secure File Transfer (SFT), a secure and managed file-transfer solution, handles file transfers easily and tracks all transactions. With its simple user interface, extensive reporting and auditing capabilities, and robust encryption and security technologies, SFT helps organizations meet their most challenging file…
  • add this feed to my.Alltop

    IT-Security

  • March-April 2015 Roundup

    Branden Williams
    4 May 2015 | 11:34 am
    Stay Classy, San Diego! Shush it. I know it’s been a little slow around here. There are some major things in the works! I started a new gig, for one, which is consuming the bulk of my time. I’m also working on a 3.1 addendum to our book, which should be out by the summer. March and April were some busy months for many of us. Three major shows (MAC, ETA, and RSA Conference) all happened in those months. PCI DSS 3.1 was released. You paid your taxes (hopefully). Here’s what you folks liked the most last month: The Only Customer Service Script You Will Ever Need. Maybe the…
  • Verizon Report should be a Wake Up Call for the PCI SSC

    Branden Williams
    24 Mar 2015 | 7:05 am
    Streeter Seidell, Comedian, by Zach Klein Verizon recently released their annual state of PCI Compliance Report, which attempts to give a snapshot of current issues in the space as well as trending data over previous years. To summarize the report, the state of PCI Compliance is “not good.” It’s now 2015, more than 10 years after the first release of the standard, and we continue to struggle with compliance rates. In a Computer Weekly article, the GM of the Council says that “wake-up call for every business that cares about payment security.”…
  • Banks & Merchants are not ready for EMV

    Branden Williams
    19 Mar 2015 | 1:31 pm
    EMV, or that fancy chip thingie that many of you are starting to see in your banking cards here in the US, is an anti-fraud technology released in the 90s with global adoption. US markets are finally taking steps to encourage adoption here, and for the most part, nobody is ready. Chip, by Declan Jewell There is a key date coming up in October of this year. Essentially, merchants who have invested in EMV terminals that are capable of processing a transaction (meaning, the EMV slot can’t just be for show) will benefit from protections if counterfeit cards are used at their location. If…
  • Updates to the Definition of Cardholder Data Post

    Branden Williams
    5 Mar 2015 | 6:57 am
    Put Them Together, by garryknight I wrote a post in 2009 that is now the all-time, third most popular post on this blog entitled, The Definition of Cardholder Data. I wrote it after leaving the 2009 PCI Community Meeting where there was more bickering and positioning on what constitutes cardholder data than I had ever seen. My experiences there prompted the post, and I figured it was time to go back and revisit it for PCI DSS 3.0. Go check out the updates and see if it is any more helpful! On a side note, I have formally accepted a new, exciting position with an amazing company. More on that…
  • IT Security Blog. Mitigating Risks. Enabling Business Strategies. W. Mark Brooks

    Mark Brooks
    4 Mar 2015 | 2:53 pm
    If you’re responsible for protecting your company’s Intellectual Property or Trade Secrets from Cyberattacks, you can improve your Information Security Program by understanding some of the key Strategic givens I’ve found at my Fortune 500 clients on Nation-State Adversaries. I assist companies and organizations that are dealing with known compromises or companies that suspect they have been compromised.  These compromises are increasingly driven by Nation-State Adversaries and often include companies that have physically deployed their high value company assets directly…
 
  • add this feed to my.Alltop

    PC1News.com

  • Surprise Savings Removal Guide

    admin
    25 May 2015 | 1:33 am
    Surprise Savings can be categorized as adware or a potentially unwanted program (PUP). Its selling point is helping the user safe money by showing him promotional advertisements. According to the description on its official website, surprisesavings.com, the program offers coupons, discounts and price comparison. It is compatible with all versions of Windows and all web browsers. Surprise Savings gets installed as a browser extension which shows pop-up ads through your web browser, offering various products. The program's service may sound convenient and harmless, but it is not really safe.
  • ShoppingGid Removal Guide

    admin
    25 May 2015 | 1:27 am
    ShoppingGid is a program directed at e-trade, as its name suggests. It is presented as a browser add-on or extension. The tool is compatible with Google Chrome, Mozilla Firefox, Internet Explorer, Opera and Yandex. It offers a wide array of commercial ads, presented in various ways. They are usually brought to you in the forms of coupon boxes and banners, but could also appear in all other advertising formats. The offers the tool makes are advertised as being from reliable websites, such as Amazon, eBay, and AliExpress. This is not necessarily true, though. The program can falsely use the…
  • RinoReader Removal Guide

    admin
    25 May 2015 | 1:23 am
    RinoReader is an alternative PDF reader. This program offers to give you a different perspective of these kinds of files. Another thing it does is to support commercial ads. This task is not related to the described purpose of the program. For this reason, specialists have labeled RinoReader as adware. It displays promotional content of all kind. You will see pop-ups, coupons, banners, in-text links, embedded ads and all other kinds of adverts each time you use your browser. The tool uses these advertisements as a source of income. Every ad you follow brings profit for the developers of the…
  • Atajitos.com Removal Guide

    admin
    25 May 2015 | 1:19 am
    Atajitos.com is a search website which seems to be just the same as the pages which belong to well-known search providers. There are links on the page which will lead you to some of the most visited websites, including social networks, Google, online games, etc. However, helpful as this page may seem, it cannot provide any different services from these offered by reliable and well-known engines. In fact, not only is this site equal to any search pages you already have used, but it turns out that, unlike them, it may pose a serious risk to your personal details and files. Because of the…
  • Websearch.searchero.info Removal Guide

    admin
    25 May 2015 | 1:05 am
    Websearch.searchero.info is website which belongs to a search provider. In case that you see it for your home page or default search engine, there is no doubt that your browser has been hijacked. Do not think the page belongs to a reliable provider. The truth is that it is aimed at redirecting users to sites it has chosen itself without checking for their reliability. It is not advised to keep this suspicious site on your browser. Instead, remove Websearch.searchero.info and replace it with a well-known and effective search engine. Why is Websearch.searchero.info set for your home page? Often…
  • add this feed to my.Alltop

    NSS Labs

  • New tools for faster security incident responses

    20 May 2015 | 12:00 am
    How quickly could you solve a crime if you had at your fingertips a comprehensive index of all activities occurring at a crime scene before, during, and after the crime? Security professionals have spent considerable amounts of time determining the sequence and timing of events in order to determine how security incidents occurred (e.g., how did attackers obtain access?) and whether data was stolen.
  • NGIPS – HP TippingPoint Update

    24 Apr 2015 | 12:00 am
    In our recently completed Next Generation Intrusion Prevention Systems (NGIPS) test, NSS Labs and HP TippingPoint discovered an anomaly during testing. Fundamentally, the nature of the anomaly was related to a recent CVE, which was being heavily utilized in the wild and as such carried great weight in the Live Stack portion of the NGIPS test.  After working closely together with NSS Labs, HP TippingPoint believes minor adjustments to the profile may provide significant enhancement in the area of security effectiveness in the live stack portion.
  • Security Orchestration – Integration, Process, and Wise Investments Driven by a Security Conductor

    14 Apr 2015 | 12:00 am
    When I am asked by friends to discuss the security breaches that feature ever more frequently in the news, I use a music analogy. Why music? For one thing, I am a fan of traditional classical music; for another, this allows me to describe the roles of security teams without the usual pile of acronyms and product names that are well known to those of us in the security industry but are unfamiliar to those who are not. Most importantly, the music analogy fits because I know that no complex system happens by accident.
  • Detecting the Invisible Part 3: "Retreat from the Breach"

    5 Mar 2015 | 12:00 am
    Our approach to securing the enterprise has changed, and breach detection technology has been largely instrumental in this process. This report from NSS Labs is the final in a three-part series on the impact of the breach detection system (BDS). As the breach detection market continues to mature, several points are worth noting:
  • The Best Place for Yesware is Nowhere

    5 Mar 2015 | 12:00 am
    A talented security colleague came across a tweet from a company called Yesware and remarked to me that it could be construed as spear phishing with specific language for legal protection. I can see his point, but in pedantically technical language, no, this is not spear phishing. Yesware certainly could be a tool in a spear phisher’s toolbox, but that is not what it is designed for. Is Yesware Spyware?
  • add this feed to my.Alltop

    Private WiFi

  • Protecting Your Identity with the Internet of Things

    Eva Velasquez
    21 May 2015 | 11:16 am
    The internet of things—or IOT, as it’s commonly known—was once the stuff of science fiction, a newfangled “wave of the future” concept only experienced at futuristic demonstrations like the World’s Fair. But now many of these devices are already in use in millions of households around the world. They’ve become an interesting yet somehow still unknown entity in the world of technology, and industry experts have stated these products will be the norm just a handful of years from now. IOT really applies to anything that connects via wifi or Bluetooth and either tracks usage, allows…
  • Avira Offers PRIVATE WiFi’s VPN As Part of New Bundle

    Jared Howe
    14 May 2015 | 12:14 pm
    Germany-based security company, Avira, just announced the release of a new bundled product which includes both their Antivirus Pro and PRIVATE WiFi.  This bundle protects users from both malware infection and data theft. “Avira and PRIVATE WiFi have a common mission: to offer people best-in-class digital protection, wherever they are. In a world with increasing mobility, we decided to provide our customers with protection on the move: our German engineered antivirus that fights against all types of viruses, combined with a professional encryption service that prevents any phishing attacks…
  • Online Dating and Pubic WiFi: How Secure Is It?

    Nikki Junker
    5 May 2015 | 3:13 pm
    When online dating first took off in 1995 with the well-known Match.com service, only about 14% of US adults even used the internet, let alone sought companionship online. Now, thanks to greater device penetration and the growth of social media, online dating isn’t the taboo “last resort” that people used to think it was. In fact, according to reports by the Pew Internet group, one out of every five adults between the ages of 25 and 34 has tried online dating, and 5% of marriages today came about as the result of meeting on the internet. One of the cardinal rules of blind dating has…
  • Tips to Protect Your Digital Identity

    Nikki Junker
    29 Apr 2015 | 9:37 am
    Within the last decade, our senses of self and identity have made a major shift.  Whether we’ve noticed it or not, the items that used to define our identities have gone from hard copy items, such as birth certificates and Social Security cards, to online banking passwords, Facebook logins, and mobile wallets stored in our smartphones.  While we still need to safeguard and protect those hard copy documents, we also have to focus on our digital identities. Our digital identities are made up of all kinds of new information, such as smartphone passcodes, Twitter feeds, and Instagram photo…
  • Why I Started Private Communications Corporation

    Kent Lawson
    28 Apr 2015 | 12:52 pm
    With the launch of our new data compression product, DataCompress, it seems like a good time to revisit why I started Private Communications Corporation (PCC). Ever since launching PCC in 2010, many people have asked what motivated me to emerge from a fulfilling retirement to launch a new company. After all, I had spent twenty hectic years running my previous company – you have to throw everything you have into being an entrepreneur. I had retired in 1997 and was very much enjoying the opportunity to relax a bit, travel a lot, and had become heavily involved in several rewarding non-profit…
 
  • add this feed to my.Alltop

    Pivot Point Security

  • 4 Levels of Security Awareness Training for Developers

    Bhaumik Shah
    21 May 2015 | 4:00 am
    Hackers are relentless in their targeted attacks on application-level security vulnerabilities. The way to mitigate these risks is to write more secure code. Cybercrime risk isn’t the only reason to focus on software security. It’s mandated as part of many information security certifications or audits, such as ISO 27001. It’s also part of regulatory mandates. For example, PCI DSS requirement 6.5 states that firms must: Train developers in secure coding techniques, including how to avoid common coding vulnerabilities, and understanding how sensitive data is handled in memory. Yet clearly…
  • “Coming to Terms” with Business Continuity

    Bob Cohen
    18 May 2015 | 4:00 am
    Business continuity management as a domain within information security is one of the least understood. Part of the problem is that the basic terms mean different things to different people. If we’re not all speaking the same language, we can’t accomplish much. So let’s “come to terms” with a common vocabulary. The least complex of IT business continuity planning is contingency planning. Simply put, Contingency plans (ITCPs) provide for the recovery of individual IT systems. The more complex the planning requirement, the more complex the plan. But overall contingency plans are the…
  • Pivot Point Security Talks ISO 27001 at 27K Security Summit

    Scott
    18 May 2015 | 4:00 am
    Press Release: http://www.prweb.com/releases/2015/05/prweb12725154.htm Pivot Point Security was well-represented by John Verry, Security Sherpa and Principal Consultant, at the 27K Security Summit for the Americas. On May 13, 2015, Verry gave his presentation on “Developing Your Company’s ISO 27001 Roadmap” to an eager audience all bound together by information security concerns. The 27K Security Summit for the Americas was promoted as a gathering of experts in the ISO/IEC 27001 standard together with those who are on the front lines of international IT security to promote…
  • Privilege Creep: Do Your Part to Stamp it Out

    BobB
    5 May 2015 | 12:13 pm
    What is privilege creep? It’s the gradual accumulation of access privileges beyond what an employee needs to do his or her job—thus facilitating potential abuse of privileges. If a hacker gains access to a user account that has excessive privileges, more damage can potentially be done. Also, an employee with excess privileges could potentially use them to access data and applications in an unauthorized or malicious way. Privilege creep is a silent menace that exposes your organization to elevated information security risk from insider threats and malware, as well as regulatory…
  • Dark Data: An Information Security Risk for Law Firms?

    John
    30 Apr 2015 | 12:23 pm
    Dark data is a term for data that is hard to identify and manage. Generally speaking, it’s unstructured data (e.g., legal contracts, customer proposals, sensitive client data, internal business data, marketing material, matters related research) located in a growingly diverse number of places (e.g., file shares, SharePoint sites, “the cloud” (e.g., box.com, DropBox). Law firms are swimming in a sea of data. Across a typical firm, a broad array of ever-growing amounts of data (structured and unstructured, current and old, matter sensitive and trivial) is increasingly being recognized as…
  • add this feed to my.Alltop

    HOTforSecurity

  • Best Security News? Yes, You’re in the Right Place

    Alexandra Gheorghe
    25 May 2015 | 1:57 am
    If you’ve landed on this page, then you must like us, right?  Then, please vote for us at EU Security Blogger Awards 2015! We’re happy to have been nominated, once again, at the European Security Blogger Awards 2015, held in London, June 3rd 2015. HotForSecurity is competing against top security blogs in three major categories: Best European Corporate Security Blog Grand Prix Prize for the Best Overall Security Blog Best European Corporate Security Blog If you’d like to support us, please cast your vote for us before midnight GMT on Friday the 29th of May 2015. VOTE HERE Thank you,…
  • Vile troll uses Twitter ads to urge transgender people to commit suicide

    Graham Cluley
    21 May 2015 | 8:08 am
    We all know there’s some fairly horrible stuff that goes on on social networks. Sadly many have used the detachment of sites like Facebook and Twitter to say hateful things that they would never be brave enough to say to another living person’s face. But a Twitter troll went one step further yesterday, not only describing transgender people as “deformed freaks” who should kill themselves, but using the paid-for Promoted Tweets service of Twitter to make sure that the messages appeared in as many people’s timelines as possible. Oh, and to cap it all, they did all…
  • Money or Data? The Ultimate Guide to Understanding Ransomware – Part I

    Alexandra Gheorghe
    18 May 2015 | 3:01 am
    Not long ago, a man committed suicide after an automatically generated notice from a computer virus threatened him with jail unless he paid a ransom thousands of dollars. The year was 2014. As incredible as the story seems, it marked the first known time a computer virus actually killed somebody. The next generations stole cash from users around the globe, and Cryptolocker raised the stakes – holding data of hundreds of thousands of users hostage. Despite successive short-lived take downs, the malware has made a comeback as CTB (Curve-Tor-Bitcoin) Locker. This challenging breed of…
  • How the Washington Post was hijacked by the Syrian Electronic Army (again)

    Graham Cluley
    15 May 2015 | 5:09 am
    The Syrian Electronic Army appears to have successfully scalped another high profile media outlet, briefly hijacking the mobile version of the Washington Post website to display pop-up messages claiming that the media is not telling the truth. For a period of approximately 30 minutes, visitors to m.washingtonpost.com found they were greeted not by the latest news, but by alert boxes saying: “You’ve been hacked by the Syrian Electronic Army” “US govt is training the terrorists to kill more Syrians” “Saudi Arable and its allies are killing hundreds of Yemens…
  • The Trouble with Installing Unofficial Browser Extensions

    Alexandra Gheorghe
    14 May 2015 | 8:38 am
    Google has extended its ban on unofficial Google Chrome extensions. This means developers and Mac users will have to install extensions from the official Chrome Web Store, according to recent news reports. The initiative, launched a year ago, aimed to eradicate malicious browser extensions that ruined users’ browsing experience by slowing the system down, injecting adware or silently tracking browsing activity. However, Google has said in a blog post “it is crucial that our users stay safe from the reaches of malicious software developers. Extending this protection is one more step to…
 
  • add this feed to my.Alltop

    Video Surveillance Blog

  • Updating Your Milestone License

    21 May 2015 | 9:52 am
    A major benefit of IP surveillance systems in the flexibility you have to add new cameras as your security needs change. But if you've added new cameras to your system, you will need to update your Milestone license to accommodate the new cameras. The easiest way to update your account is to activate your license online. To being, open the Milestone XProtect Management Application. Click on the File menu. Select the Activate License Online option. A screen will pop up, prompting you to enter your Milestone user name and password. After you have entered this information and logged into your…
  • New & Exciting Products Added to Our Online Store

    20 May 2015 | 10:06 am
    VIdeoSurveillance.com has just added a trove of new and exciting security cameras to its online store, including cameras from trusted manufacturers like Axis, Vivotek, and Mobotix. The new Axis cameras include the P1365, P1365-E, P5624-E, P5635-E, and the new Axis IP Video Store Station. The P1365 & P1365-E are two powerful fixed box IP surveillance cameras offered by Axis, both with 1080p HD video resolutioin. The P1365-E camera is built for arctic weather conditions, allowing it to thrive in temperatures between -40 F and 122 F. The P5624-E and P5635-E are high-performance PTZ IP…
  • Product Spotlight: Optica Cameras

    11 May 2015 | 2:40 pm
    Optica cameras are now more affordable than ever! Looking for a high-definition IP camera to safeguard your property or business? VideoSurveillance.com highly recommends Optica's sleek line of HD cameras, all packed with premium features to boost overall security. Optica features mini domes, domes, bullets, mini bullets, and even a powerful 18x zoom PTZ camera for large applications such as malls or parking lots. What makes Optica so unique? HD Video Resolution All Optica network cameras come with HD video resolution to produce clear, incredibly detailed images that make the act of…
  • What's the difference between HD analog and HD IP cameras?

    7 May 2015 | 9:41 am
    If you want to use surveillance video for license plate reading, facial recognition, or evidence of a crime, you'll want a camera with high definition. But with such a wide range of cameras available, how do you know which one is right for you? Analog cameras have been used in surveillance systems for over 30 years. The surveillance industry is moving away from CCTV and toward IP, but many businesses are still using analog systems. If you want to continue using your analog equipment but want the HD resolution of newer cameras, you'll want to switch to HD analog cameras. HD analog cameras…
  • Introduction to Port Forwarding: Step Three

    30 Apr 2015 | 4:28 pm
    This is the last of three posts that will walk you throught the process of setting up port forwarding with Milestone software. Go back to Step One. Go back to Step Two. To access your router, enter the IP address into your web browser of choice. If you do not know the IP address you can find it by opening your start menu and searching for "cmd" to open the command prompt menu. Once the command prompt opens, enter the command "ipconfig" and hit enter. The information for your router will be listed under Default Gateway. Now that you have your IP address, enter it into your preferred web…
  • add this feed to my.Alltop

    Dice Insights » Security

  • New Bug-Hunt Bounty: Frequent-Flyer Miles

    Nick Kolakowski
    15 May 2015 | 7:44 am
    Bug-bounty programs: They’re not just for software giants anymore. United Airlines recently announced that it would pay out a million frequent-flyer miles to anyone who discovers a remote code execution bug in its websites, apps, other online properties, or third-party programs loaded by United.com. Check out the latest QA jobs. The airline is also willing to give a quarter-million frequent-flyer miles to anyone who discovers bugs that enable timing attacks, personally identifiable information (PII) disclosure, brute-force attacks, and authentication bypass. Those developers and bug-hunters…
  • Is an Ethical Hacking Certification Worth Earning?

    Myra Thomas
    25 Sep 2014 | 8:53 am
    It seems like every other month that a major corporation suffers an epic hack, with millions of customers’ data stolen. In the aftermath of those attacks, many companies are turning to ethical or “white hat” hackers to test their defenses. But is ethical hacking an effective counter to unethical hacking, especially when those who practice the latter can do pretty much whatever they want with a wide variety of tools? Ethical hacking’s cause isn’t helped by the fact that the EC-Council, the Albuquerque, New Mexico-based organization that offers a certification in ethical hacking, was…
  • Is Cyber-Liability Insurance Worth the Cost?

    Myra Thomas
    25 Sep 2014 | 8:06 am
    A growing number of companies ask vendors to buy cyber-liability insurance—and for a tech startup or an independent IT consultant, that cost can put a real dent in the bottom line. Cyber-liability insurance might include coverage for losses related to denial-of-service attacks, threats to intellectual property, business interruption, cyber extortion, and a variety of security breaches. An advisor such as an attorney or insurance agent can help firms properly assess the type and amount of cyber-liability insurance they might need, according to Veronica Somarriba, senior vice president and…
  • Can Defense Companies Hire Hackers on Their Terms?

    Mark Feffer
    13 Aug 2014 | 6:15 am
    Big-name aerospace and defense contractors like Boeing, Raytheon and Northrop Grumman are beginning to think that one answer to their cybersecurity recruiting needs  lies in the hacker community. After all, if you want to combat attacks from people who think out of the box, why not hire people who think out of the box? It’s ironic because all of these companies are known for being somewhat conservative—they work for the Defense Department, after all, and security to them is a high-stakes thing. The idea of recruiting from the ranks of the somewhat anarchic hacker community might seem…
  • Internet of Things Increases Need for Security Pros

    Susan Hall
    21 Jul 2014 | 8:56 am
    The sheer number of “things” to be secured in the Internet of Things is expected to create a rash of jobs in cybersecurity over the next several years. “You’re going to have to secure the device or the sensor, you need to secure the data, and you’re going to have to secure that across an open network,” Intel’s head of business marketing, Stuart Dommett, told an IoT roundtable in May. “It really is a massive, massive change.” Click here to find cybersecurity jobs. Intel has argued previously that the IoT, which is expected to see 26 billion connected devices by 2020,…
  • add this feed to my.Alltop

    Seculert Blog on Breach Detection

  • Perimeter Security as the Proverbial Goldfish

    Liora R. Herman
    21 May 2015 | 2:13 am
    In a new article for Infosecurity Magazine, Vectra Networks CTO Oliver Tavakoli uses an analogy of a goldfish circling a fishbowl to illustrate a defining characteristic of perimeter security: it has no memory. “While perimeter security has its place in a defense-in-depth security strategy, the reality is that perimeter security has the same perfect amnesia […] The post Perimeter Security as the Proverbial Goldfish appeared first on Seculert Blog on Breach Detection. [[Read more...]]
  • IT Security Spending for the Year Ahead

    Liora R. Herman
    20 May 2015 | 5:12 am
    Citi Research, a division of Citigroup Global Markets Inc., has released its “2015 CISO Survey.” According to the 54 CISOs who participated in the survey, here’s how the spending intentions of this representative group will likely shape the enterprise IT security landscape in the year ahead: As it has for the last several years, IT […] The post IT Security Spending for the Year Ahead appeared first on Seculert Blog on Breach Detection. [[Read more...]]
  • Cybersecurity Reporter: “How Can You Expect to Stop Hackers if You Don’t Know You’ve Been Hacked?”

    Liora R. Herman
    18 May 2015 | 6:46 am
    In a recent article, The Hill’s cybersecurity reporter Elise Viebeck has posed a provocative question that should be top-of-mind among CSOs in both private and public organizations: how can you expect to stop hackers if you don’t know you’ve been hacked? The inquiry stems from the growing number of examples — Target, Home Depot, Sony, […] The post Cybersecurity Reporter: “How Can You Expect to Stop Hackers if You Don’t Know You’ve Been Hacked?” appeared first on Seculert Blog on Breach Detection. [[Read more...]]
  • Cyber Security Staff Salaries are Booming

    Liora R. Herman
    13 May 2015 | 4:30 am
    As reported by the Wall Street Journal, salaries for mid-level software engineers capable of helping enterprises thwart advanced malware and prevent data leaks are booming. Add the fact that many CSOs tasked with on-boarding new talent are hindered by strict salary caps, and the problem of recruiting and retaining cyber security staff has become even […] The post Cyber Security Staff Salaries are Booming appeared first on Seculert Blog on Breach Detection. [[Read more...]]
  • Machine Learning: The Revolution of Possibilities

    Liora R. Herman
    6 May 2015 | 6:10 am
    Data scientists, CISOs, entrepreneurs, and everyone else who wants a snapshot of the promise and potential of machine learning should check out the stirring talk delivered by Jeremy Howard at TEDxBrussels. In his talk, Howard, who is a renowned Australian data scientist and entrepreneur, shared a brief overview of some of machine learning’s greatest hits […] The post Machine Learning: The Revolution of Possibilities appeared first on Seculert Blog on Breach Detection. [[Read more...]]
 
  • add this feed to my.Alltop

    Managed File Transfer and Network Solutions

  • 10 Tasks Your File Transfer Server Should Be Doing On Its Own This Weekend

    John Carl Villanueva
    23 May 2015 | 11:52 pm
    Overview Weekend is supposed to be reserved for undwinding; a time for re-charging before another long week of work. However, for system administrators, it's also the best time to carry out tasks that are usually difficult to accomplish during weekdays, when everyone's connecting to the server and the network's bustling with activity. But who says you can't get the best of both worlds? It would be nice to accomplish those tasks even while relaxing on the beach, your couch, your bed, or wherever. Here are 10 tasks you can and should be automating on your file transfer server so you can…
  • Meeting AES 256 Encryption Requirements For Data In Transit

    John Carl Villanueva
    19 May 2015 | 8:59 pm
    Overview Not many organizations require AES 256 encryption to secure their sensitive documents. But those who do might find this post quite useful. Here, we'll show you how to enable FTPS, SFTP, HTTPS, WebDAVS, OFTP, and AS2 file transfers with AES 256 bit encryption. Does that look like something you can use? Read on!
  • What AES Encryption Is And How It's Used To Secure File Transfers

    John Carl Villanueva
    19 May 2015 | 12:45 am
    Overview First adopted by the US government to protect classified information, AES has long gained global acceptance and is used for securing sensitive data in various industries - most likely including yours. In this post, you'll learn about AES encryption and understand its vital role in securing sensitive files you send over the Internet. 
  • File Transfers Have a Much Bigger Impact On Time-To-Market Than You Think

    John Carl Villanueva
    14 May 2015 | 2:57 pm
    A growing number of businesses are finding it imperative to get certain products out in the market FAST. To beat extremely tight deadlines, most of them employ IT systems to accelerate business processes. Whenever these processes require file exchanges across departments, cities, or continents, file transfer systems start to play a crucial role. And that role doesn't just involve moving files from point A to point B.        
  • An Introduction To Stream Ciphers and Block Ciphers

    John Carl Villanueva
    12 May 2015 | 4:52 am
    Overview Secure file transfer protocols like SFTP, FTPS, HTTPS, and WebDAVS encrypt data through symmetric key ciphers. These ciphers can be classified into two groups: stream ciphers and block ciphers. Today, we'll discuss what a stream cipher is and what a block cipher is. We'll also talk about the popular encryption algorithms that fall under each group. 
  • add this feed to my.Alltop

    Radware Blog

  • Does NFV Have a Place in the Enterprise?

    Jim Metzler
    18 May 2015 | 10:20 am
    Jim Metzler is a Distinguished Research Fellow and Co-Founder of Ashton Metzler & Associates and is a featured guest blogger. Many people associate NFV exclusively with service providers. That’s understandable because the organizations that are most closely associated with the definition and development of NFV, such as the European Telecommunications Standards Institute (ETSI) and the TM Forum, focus almost exclusively on service providers. The service provider orientation of these organizations shows up in all of their documents. For example, according to ETSI, NFV is applicable…
  • Are ADCs Another Layer of Defense Against Cyber Attacks?

    Yaron Azerual
    14 May 2015 | 10:40 am
    Application Delivery Controllers (ADCs) were once ubiquitous hardware-based appliances seen in data centers for the sole purpose of load balancing.  However, this role has changed and the use of ADCs has expanded beyond their original purpose in an effort to keep up with the needs of the today’s IT pros. The result is that ADCs now operate in a much less narrow function.  According to collaborative research by Radware and the Enterprise Strategy Group (ESG), the current and future utilization strategies of ADCs is evolving and part of this evolution is an ADC’s role in the security…
  • Leveraging SDN and NFV for Comprehensive and Cost-effective Cyber Network Defense & Application Delivery

    Mike O'Malley
    12 May 2015 | 9:40 am
    Last week I spent a few days in sunny (and crowded) San Jose, California at the NFV World Forum.  The theme this year was largely about open environments and interoperability, ushered on by the standardization efforts behind NFV, along with the related topics of carrier-grade service assurance and reliability.  I was fortunate to speak about how Radware is actively investing in open environments as the architecture becomes common platforms for commercial implementations.  Radware is implementing SDN and NFV in network security and application delivery domains to help service providers…
  • Protecting Your Applications Everywhere – Are You in Good Hands?

    Shira Sagiv
    28 Apr 2015 | 7:39 am
    Cloud migration – one of the top trends this past year and predicted by many to be a top trend in 2015 – brings with it many benefits to the organization.  You can enjoy cost savings, scalability, flexibility, and productivity benefits for your organization, your customers and your partners.  Regardless of the industry they belong to, today’s enterprises are finding that the cost and speed advantages of cloud cannot be ignored.  But as is always the case, there are challenges – migration to the cloud means a more distributed network infrastructure.  As the traditional…
  • The Road to Cyber-Safety is Shifting to Hybrid Cloud WAF Protection

    Michael Groskop
    20 Apr 2015 | 4:27 am
    Hybrid Cloud WAF is the answer.  Now what was the question? Let’s back up a minute.  There is an ancient riddle which goes something like this: You are walking down a path and come upon a fork in the road. One side is the good path and the other side is the bad path. However, you don’t know which one is which and both paths are guarded by identical twins. One guard tells the truth and the other, always tells lies. If you want to take the good path, what should you ask the guards? You would ask "which path would your brother go?" Then, take the path opposite from where they…
  • add this feed to my.Alltop

    blackstratus.com

  • Efficiency-Boosting Strategies for Managing Enterprise Data

    Rich Murphy
    20 May 2015 | 4:00 am
    The task of managing and monitoring enterprise data is an increasingly time- and resource-consuming one. In 2012, IBM estimated that over 2.5 exabytes of data was generated every day — a number that has only increased in the years since. While there is a growing market for enterprise network monitoring software, the sheer amount of data being produced means that effective management must begin at the organizational level. In this article, we’ll look at some strategies for managing enterprise data that organizations of any size can use to streamline their processes and make the best use of…
  • Preventing Network Threats With an Intrusion Protection System

    Rich Murphy
    15 May 2015 | 11:44 am
    The threats against your network are constantly evolving. Next-generation security solutions need to be able to adapt to changing situations and respond appropriately. It’s this versatility that has led many IT professionals to include an intrusion prevention system (IPS) as part of their overall security posture. Is investing in an intrusion protection device the right choice for your organization? Read on to learn more. Detection and Prevention: Some Key Distinctions Before making any decisions, it’s important to understand what an intrusion protection system is — and what it…
  • Security Investment Trends: What’s New for 2015

    Rich Murphy
    9 Feb 2015 | 1:00 am
    There’s no question that cyber security was a hot topic in 2014. As we begin a new year, the economic impacts will be felt even more strongly, with ambitious startups and investors working together to find new solutions to a problem that has reached its cultural tipping point. In 2015, you can expect to see cyber security investment trends such as: Increased security spending — Security spending has risen steadily through 2014, a trend that is expected to continue throughout the next year and beyond. As high-profile attacks continue to draw scrutiny on the security postures of some of…
  • Cloud Security Trends for 2015

    Rich Murphy
    26 Jan 2015 | 9:40 am
    A new year is upon us once again. If 2014 was any indication, cloud security will continue to be something on almost everyone’s mind. Last year saw several high profile hacks that brought concepts like social engineering and two-factor authentication out of the tech sphere and into the public discussion. So where do we go from here? Here’s a look at what some experts are saying will be the most important trends in cloud security and compliance for 2015: The rise of SaaS — By far the biggest trend in cloud computing in the coming year will continue to be the rise of security-as-a-service…
  • Regulatory Compliance Management by Industry

    Rich Murphy
    22 Dec 2014 | 1:00 am
    SIEM monitoring can and should be a part of the network security posture of any organization. But what are your legal requirements? The answer varies by industry, with state and federal regulations mandating different levels of compliance for different types of organizations. Legal requirements change often and can vary from one region to the other. While it’s always best to confirm before making any major decisions, there are some broad industry-specific considerations that should go into regulatory compliance management and planning: Energy — Legal compliance requirements for businesses…
 
  • add this feed to my.Alltop

    Milton Security

  • Bettys.Co.UK Hit by Data Breach: Over 100,000 Affected

    Milton Security Group
    19 May 2015 | 2:30 pm
    Bettys and Taylors Group, which owns and runs an impressive range of specialty foods shops, online stores, multiple Cafe Tea Rooms, a Craft Bakery, Cookery School, AND blends the third best selling tea  in the UK, has announced that their website, Bettys.co.uk has suffered a data breach. The company discovered the breach on May 8th of this year.  They found that their database had been breached, and that customer information had been copied. According to their online statement, the breach  had to do with a third-party software they were using, and “was a result of the industry-wide…
  • Multiple Vulnerabilities in Google

    Milton Security Group
    18 May 2015 | 11:04 am
    Security Explorations, a research group in Poland, is claiming to have discovered multiple vulnerabilities in Google’s App Engine for Java. According to the information they gave to Full Disclosure, Security Exploration has not received any response from Google denying or confirming Issues 37-41.  They also never received a response on whether or not Issues 35-36 had been fixed, but they had.  According to Security Explorations’ founder and CEO, Adam Gowdiak, if they fixed it, “This is the 3rd time we experience this “silent fix” approach from the…
  • Sally Beauty Confirms Data Breach

    Milton Security Group
    14 May 2015 | 10:14 am
    Sally Beauty confirmed today that it has indeed suffered another payment card data breach in just over a year. It was revealed a couple of weeks ago that Texas-based retailer, Sally Beauty, was investigating the possibility of a breach at some of it’s U.S. locations.  In March 2014, Sally Beauty announced their last data breach, which affected 25,000 customer records. The extent of the current breach has yet to be determined. “We are working diligently to address the issue and to care for any customers who may have been affected by the incident,” Sally CEO Chris Brickman…
  • VENOM Exploit

    Milton Security Group
    13 May 2015 | 1:25 pm
    If you thought that Heartbleed was bad, this is worse. A new vulnerability called VENOM (Virtualized Environment Neglected Operations Manipulation) has struck. The vulnerability attacks virtual servers, utilizing the often overlooked shared resource, the virtual floppy drive controller. This allows attackers to access the datastore (Physical Hard Drive) on the servers which means even though your “cloud” server is separated from the others, it shares the physical machine which means all data is open to be stolen. This attack works on all current  VM services, but Oracle has fixed it in…
  • MacKeeper’s Remote Code Execution Vulnerability

    Milton Security Group
    12 May 2015 | 10:31 am
    If you have MacKeeper, you should be aware that a critical remote code execution vulnerability has been discovered in it.  Of course, if you have MacKeeper, you should also get rid of  it for a myriad of other reasons. If you’re not quite sure what MacKeeper is, think back to all of those annoying times when a pop-up would tell you that your Mac was in desperate need of a “clean up”, and that you should really download MacKeeper this instant.  You have to close the pop-up multiple times before it goes away.  So, what is this annoyance?  It’s anti-virus software designed for Mac…
  • add this feed to my.Alltop

    Cyberoam : Securing You

  • SSL/TLS protocols hit by LogJam Vulnerability

    Cyberoam Threat Research Labs
    22 May 2015 | 4:52 am
    SSL/TLS protocols are becoming an ungainly spectacle, yet again. Researchers at the University of Michigan and the French research institute Inria have together unveiled a new hidden vulnerability in the encryption procedures used in keeping communication secure for internet users. It is major flaw as it affects more than 8 percent of the Alexa top one million HTTPS domains, raising questions about the methods used for keeping user information safe on Internet. The vulnerability is present in the way browsers communicate with web or email servers. Browsers usually rely on SSL or TLS protocols…
  • A lethal variant of Win32/AutoRun.IRCBot detected in the wild

    Cyberoam Threat Research Labs
    21 May 2015 | 3:41 am
    Cyberoam Threat Research Labs (CTRL) recently reported a botnet (Win32/AutoRun.IRCBot) affecting Windows. Now another variant of this malware, named as Variant.Symmi, has come into the picture. This malware showcases improved capabilities and can spread via removable drives. According to the CTRL Team, this malware is “similar to any Botnet”. A Botnet usually refers to a system or a network of computers which has been compromised by drive-by-downloads of a malicious software, providing hackers with partial or full control, without the users’ knowledge. Such drive-by-downloads are…
  • Caution: Win32/AutoRun.IRCBot is on prowl

    Cyberoam Threat Research Labs
    19 May 2015 | 2:42 am
    Cyberoam Threat Research Labs (CTRL) has detected a new malware which is capable of affecting all versions of Windows at present. Known as Win32/AutoRun.IRCBot, the bot agent has capabilities to spread via removable drives. It may also be dropped by Trojans such as Trojan.Win32.Buzus.cjdb. Cyberoam was one of the first vendors to detect this botnet in the wild. According to the CTRL Team, this malware is “similar to any Botnet”. A Botnet usually refers to a system or a network of computers which has been compromised by drive-by-downloads of a malicious software, providing hackers with…
  • Vulnerability in Microsoft HTTP.sys can lead to Remote Code Execution

    Cyberoam Threat Research Labs
    17 Apr 2015 | 5:22 am
    A remote code execution vulnerability has been found in Microsoft HTTP.sys. The vulnerability is due to an issue with the processing of HTTP messages in the HTTP protocol stack. A remote unauthenticated user could exploit this vulnerability by sending a specially crafted HTTP request to a vulnerable server. At present, the vulnerability affects MS Windows 8.1, MS Windows 8, MS Windows 7, MS Windows Server 2012 R2 and MS Windows Server 2012. Microsoft has released an advisory regarding this vulnerability: CVE ID CVE-2015-1635 CVSS Scoring CVSS Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVSS…
  • Credential Harvester Banking Trojan – Vawtrak aka NeverQuest

    Anurag Singh
    8 Apr 2015 | 9:53 pm
    According to reports, Vawktrak is infecting banking, gaming and social network users mainly across United Kingdom, the United States, Germany, Australia, New Zealand, and many other countries across Europe are also affected. Rated amongst the most dangerous of all banking Trojans, Vawtrak aka NeverQuest has this time hit the Internet Security radar in form of a new improved variant which is capable of sending and receiving data using encrypted favicons over Dark Web of Tor Network. Once executed on a host system, it can disable antivirus and inject custom code in banking web-pages so that it…
  • add this feed to my.Alltop

    blackstratus.com

  • Efficiency-Boosting Strategies for Managing Enterprise Data

    Rich Murphy
    20 May 2015 | 4:00 am
    The task of managing and monitoring enterprise data is an increasingly time- and resource-consuming one. In 2012, IBM estimated that over 2.5 exabytes of data was generated every day — a number that has only increased in the years since. While there is a growing market for enterprise network monitoring software, the sheer amount of data being produced means that effective management must begin at the organizational level. In this article, we’ll look at some strategies for managing enterprise data that organizations of any size can use to streamline their processes and make the best use of…
  • Preventing Network Threats With an Intrusion Protection System

    Rich Murphy
    15 May 2015 | 11:44 am
    The threats against your network are constantly evolving. Next-generation security solutions need to be able to adapt to changing situations and respond appropriately. It’s this versatility that has led many IT professionals to include an intrusion prevention system (IPS) as part of their overall security posture. Is investing in an intrusion protection device the right choice for your organization? Read on to learn more. Detection and Prevention: Some Key Distinctions Before making any decisions, it’s important to understand what an intrusion protection system is — and what it…
  • Security Investment Trends: What’s New for 2015

    Rich Murphy
    9 Feb 2015 | 1:00 am
    There’s no question that cyber security was a hot topic in 2014. As we begin a new year, the economic impacts will be felt even more strongly, with ambitious startups and investors working together to find new solutions to a problem that has reached its cultural tipping point. In 2015, you can expect to see cyber security investment trends such as: Increased security spending — Security spending has risen steadily through 2014, a trend that is expected to continue throughout the next year and beyond. As high-profile attacks continue to draw scrutiny on the security postures of some of…
  • Cloud Security Trends for 2015

    Rich Murphy
    26 Jan 2015 | 9:40 am
    A new year is upon us once again. If 2014 was any indication, cloud security will continue to be something on almost everyone’s mind. Last year saw several high profile hacks that brought concepts like social engineering and two-factor authentication out of the tech sphere and into the public discussion. So where do we go from here? Here’s a look at what some experts are saying will be the most important trends in cloud security and compliance for 2015: The rise of SaaS — By far the biggest trend in cloud computing in the coming year will continue to be the rise of security-as-a-service…
  • Regulatory Compliance Management by Industry

    Rich Murphy
    22 Dec 2014 | 1:00 am
    SIEM monitoring can and should be a part of the network security posture of any organization. But what are your legal requirements? The answer varies by industry, with state and federal regulations mandating different levels of compliance for different types of organizations. Legal requirements change often and can vary from one region to the other. While it’s always best to confirm before making any major decisions, there are some broad industry-specific considerations that should go into regulatory compliance management and planning: Energy — Legal compliance requirements for businesses…
 
  • add this feed to my.Alltop

    Cognoscape, LLC

  • Benefits of Network Security

    Cognoscape
    14 May 2015 | 1:30 am
    You’ve spent countless hours, days, months, maybe even years building your business…what if everything you had worked for was ruined because of a security breach? All it takes is one bad security breach and you’re out of business. This is why your company needs CognoSecurity. Let’s look at the benefits of network security. Reduced Stress With CognoSecurity you will never lose sleep over stressing about your business’ security. We will handle everything so that you don’t have to. Now you have more time to focus on making your business even more successful, because you know it’s…
  • How Technology Makes For Safe Smartguns

    Cognoscape
    23 Apr 2015 | 2:00 am
    There is a great divide when it comes to guns. After the devastating Newtown massacre that left 20 elementary students dead, the debate over gun control became heated, with a call for more safety. Gun enthusiasts argue that firearms are safe when the owner is properly trained, while those opposed feel we need stricter laws. Whether you’re anti-gun or a card carrying member of the NRA, there is one thing everyone can agree on: guns in the wrong hands make them exponentially more dangerous. It could be a child or criminal that makes the gun turn even more deadly because of lack of…
  • 10 Tips To Keep Your Data Safe From a Phishing Attack

    Cognoscape
    9 Apr 2015 | 9:10 am
    Any IT consultant will tell you, hackers keep finding new ways to steal our personal information. As technology becomes more advanced, these criminals have to find better ways to trick unsuspecting computer users into getting their passwords and other confidential information. “Phishing” has become an epidemic and it usually takes places in the form of pop-ups, spam, fraudulent emails and contacts through social media. Don’t become a victim of this scheme and read our 10 tips to keep your data safe from a phishing attack.   1. Recognize Suspicious Emails Phishing emails have…
  • 4 Critical Ways IT Support Improves Your Business

    Cognoscape
    19 Mar 2015 | 12:39 pm
    If you’re afraid that IT support is going to be more costly for your business than without it, think again. The ways that companies do business with one another continuously changes as technology rapidly advances. In order to keep up, you need to be up to date with your servers, computers, phone systems, Internet connection and mobile devices. IT support from a company like Cognoscape with their CognoCare services will benefit your business by taking the burden off of in-house tech “experts” so you can focus on making a profit. To understand the benefits better, here are 4 critical…
  • 5 Critical Technologies To Keep Your Business Running During the Zombie Apocalypse

    Cognoscape
    4 Mar 2015 | 7:03 am
    It’s no secret that zombies have taken over the entertainment world in the past few years, thanks to The Walking Dead. You don’t have to be a fan of the show to appreciate zombies, since they have been a fascination of humans since the B.C. era. The question is: when the apocalypse happens, will you be ready? Everyone will be running for food and water, but how will you protect your business from the invasion of these flesh-eating monsters? Here are 5 critical technologies your business needs to stay afloat during the zombie apocalypse.   Cloud Storage Storing your…
  • add this feed to my.Alltop

    TutorialsLodge

  • Help! I Want To Create A Chat Application But Don’t Know Where To Start

    Uche Gozie
    25 May 2015 | 6:04 am
    Have you ever felt trapped in your own code? I have actually so don’t feel bad if along the way you begin to doubt your programming skills. Programming is just like every human language. You might be fluent in some and might need help developing your skills in others. I have done some really funny… Read More »The post Help! I Want To Create A Chat Application But Don’t Know Where To Start appeared first on TutorialsLodge.
  • Google Play Store On Andriod – How To Filter Downloaded Contents

    Uche Gozie
    21 May 2015 | 5:19 am
    If you are a concerned parent and want to moderate what your child can access on the Google Play Store, here is some good news for you. You can filter apps and other content on your child’s device according to specified levels of maturity. It may sound complicated, but it is really a piece of… Read More »The post Google Play Store On Andriod – How To Filter Downloaded Contents appeared first on TutorialsLodge.
  • How to free up Google Drive space

    temmydahyour
    21 May 2015 | 5:04 am
    Need more space in your Gmail inbox? Time to clear out Google Drive. Sit back and relax as we unlock this Google gives you 15GB of free space in Google Drive which seems like a pretty good deal compared to Dropbox’s 2GB and Box’s 10GB. But there’s a catch — that 15GB limit includes not… Read More »The post How to free up Google Drive space appeared first on TutorialsLodge.
  • Recover Your iPhone Contacts With iCloud

    Uche Gozie
    20 May 2015 | 8:10 am
    iCloud is a massive set of computer servers located in Apple data centers around the world. They store your contacts for you. Plus, they can store other kinds of data such as documents written with the Google Docs or Microsoft Office apps for iOS. You can also use iCloud to store the photos, email, and… Read More »The post Recover Your iPhone Contacts With iCloud appeared first on TutorialsLodge.
  • Why Does It Take Longer For A Computer To Respond To An Incorrect Password?

    Uche Gozie
    20 May 2015 | 2:27 am
    Have you ever entered the wrong password on your computer by accident and noticed it takes a few moments to respond in comparison to entering the correct one? Why is that? Today’s SuperUser Q&A post from super user has the answer to a curious reader’s question. Today’s Question & Answer session comes to us courtesy of… Read More »The post Why Does It Take Longer For A Computer To Respond To An Incorrect Password? appeared first on TutorialsLodge.
  • add this feed to my.Alltop

    Guardian Network Solutions

  • 3 Routines Businesses Need to Ensure a Healthy Computer Network

    Cody Blake
    1 May 2015 | 4:57 am
    Computers are a must to run any business successfully and when an organization has many employees, having a computer network will become very much essential. Not every company can afford to have an IT department. This is why most choose … Continue reading >>> The post 3 Routines Businesses Need to Ensure a Healthy Computer Network appeared first on Guardian Network Solutions.
  • 4 Things Businesses Learned from Cyber Threats of 2014

    Cody Blake
    19 Apr 2015 | 12:22 am
    Cyber-crimes, data privacy risks on clouds and BYOD threats at workplace have been the biggest cyber threats in the year 2014. Lots of companies and government organizations were faced with such threats and some even had to compromise the security … Continue reading >>> The post 4 Things Businesses Learned from Cyber Threats of 2014 appeared first on Guardian Network Solutions.
  • The State of Malware in 2015

    Cody Blake
    9 Apr 2015 | 10:39 am
    Cyber-attacks, advanced malware and breaches have been increasing over the last few years. Destructive threats similar to Crypto Locker and denial-of-service attacks made it difficult for cyber security professionals to maintain security in organizations. The malware situation is not going … Continue reading >>> The post The State of Malware in 2015 appeared first on Guardian Network Solutions.
  • 5 Critical Network Security Applications Businesses Need

    Cody Blake
    4 Apr 2015 | 12:56 pm
    Data is something that is important to every business. Any attack on the network of a business can lead to leakage of such data or misuse which could prove harmful to the business. With the kind of advancement that is … Continue reading >>> The post 5 Critical Network Security Applications Businesses Need appeared first on Guardian Network Solutions.
 
  • add this feed to my.Alltop

    Trend Micro Simply Security

  • This Week in Security News

    Gavin Donovan
    22 May 2015 | 6:00 am
    Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!   Federal Reserve Bank of St. Louis Confirms a Hacker Attack The bank confirmed Tuesday that the attack was redirecting users of its online research services to fake websites in this DNS attack. Trend Micro Releases Q1 Security Roundup…
  • What You Need to Know about the CareFirst Breach

    Christopher Budd (Global Threat Communications)
    21 May 2015 | 1:29 pm
    On May 20, CareFirst BlueCross BlueShield announced that they were the victim of a data breach in June 2014 that affects 1.1 million current and former customers. This is the third major healthcare data breach affecting an affiliate of the BlueCross BlueShield network coming after the Anthem data breach announced in February and the Premera data breach announced in March. Compared to those two data breaches, this latest is less severe. The number of people affected is less. And the information lost is less severe. According to CareFirst, the data breach affects: member-created user names…
  • Malvertising: Silent but Deadly

    Rik Ferguson (VP, Security Research)
    21 May 2015 | 9:00 am
    The malvertising phenomenon is not a new thing; it has been a criminal tactic for over a decade. Back in 2004, visitors to the technology website, “The Register” were hit by a rogue advertisement, which took advantage of a zero-day vulnerability in Internet Explorer to push the BOFRA malware. Over the course of the last decade, many high profile websites have, through their advertising networks been the unwitting routes to market for enterprising online criminals. Victims include the New York Times, Google and the Huffington Post among innumerable others. Over the years,…
  • The Easiest Way to Get the Gold Out of Fort Knox: The Rising Threat of DNS Hacks

    Christopher Budd (Global Threat Communications)
    21 May 2015 | 8:00 am
    We’ve learned recently that the St. Louis Federal Reserve was the victim of a cyberattack. It appears to be a classic “watering hole” technique going after victims where they’re known to gather. What’s notable is that none of the Federal Reserve’s systems, or their network, were compromised. Instead, users of the St. Louis Federal Reserve were redirected to the attacker’s websites by hacking the DNS recorders for the bank. Once at the malicious sites, attackers may have forced malware on to user systems, or intercepted email and other network traffic to acquire sensitive…
  • Trend Micro Premium Security Wins Network World Review

    Jon Clay
    21 May 2015 | 7:00 am
    Network World recently did a review of 7 vendors who have been delivering security solutions since the 1990s. Titled, Old-school antivirus vendors learn new tricks, is intended to identify if these vendors are able to detect today’s more sophisticated threats. “The winner in our testing was Trend Micro Premium Security, which has one of the best overall packages for building a defense-in-depth across multiple devices. It was one of only two packages to catch 100% of exploits, with no false positives. And it has an easy to use interface, a quick install process, and a huge maintenance…
  • add this feed to my.Alltop

    Effect Hacking

  • Xprivacy - A Must Have App For Hackers

    Gokul G
    25 May 2015 | 6:16 am
    You care about your privacy more than anything? This app is just for you then. Introducing Xprivacy.... A simple android application (module) that allows you to change the app permissions just for $999.99!... Just kidding, It's free. Let's talk about it. <!-- adsense --> Xprivacy is actually an xposed module developed by M. Bokhorst (M66B) to prevent leaking of your private data. It
  • Hackers Use SVG Files To Deliver Crypto-Malwares

    Gokul G
    24 May 2015 | 3:38 am
    SVG (scalable vector graphic), the XML based vector image format for two-dimensional graphics with support for interaction and animation is now being used to deliver malwares that encrypts your files and hold them to ransom. Researchers at AppRiver have identified a malicious email campaign with zipped svg files attached in the messages. These SVG files contains a malicious JavaScript
  • Top 10 Best Hacking Scenes From Movies

    Gokul G
    23 May 2015 | 3:03 am
    Yet another article on the "List-Articles" category, "Top 10 Best Hacking Scenes From Movies". This list is completely based on an average user perspective (I have tried to watch every single hacking scenes from an average viewer perspective). That is, the list is not the collection of realistic hacking scenes, but fun to watch. I honestly love watching these kind of unrealistic hacking
  • Spammers Hide Adult Site URL In YouTube Videos

    Gokul G
    22 May 2015 | 1:37 am
    Symantec researchers have found a new SMS spam campaign that's hiding adult site URLs in YouTube videos to avoid URL filters. The campaign disguised the sender as a woman looking to date the message's recipient.  <!-- adsense --> Attackers added the link to a YouTube video along with the following message: "Hey there [CLASSIFIEDS WEBSITE] Im assuming ? Im Alexis.. heres a video [
  • Shark For Root - Android App For Hackers

    Gokul G
    21 May 2015 | 9:07 am
    Shark For Root is an android version of wireshark for security experts and hackers. It is basically a traffic sniffer which works on WiFi, 3G and FroYo tethered mode. The app is based on tcpdump, so you can use tcpdump commands in this android version. <!-- adsense --> Your android device must be rooted (have root access) to use this app. How To Use It ? First enter the
  • add this feed to my.Alltop

    Bishop Fox » Blog

  • ISO 27018: The Long-Awaited Cloud Privacy Standard

    Birgit Thorup Mullen
    20 May 2015 | 11:24 am
    ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) released a new privacy standard for public cloud computing environments in August of 2014. This new standard, ISO 27018, joins the family of standards supporting the ISO 27001 standard for establishing and operating an Information Security Management System (ISMS). The standard takes into consideration other compliance requirements for privacy, so it can be used as an agnostic and uniform tool for evaluating privacy controls. What Is It? The main ISO 27018 standard lists the ISO…
  • Rethinking & Repackaging iOS Apps: Part 2

    Carl Livitt
    4 May 2015 | 12:38 pm
    In the first part of our series, we looked at how to modify an iOS application binary by inserting load commands to inject custom dynamic libraries. In Part 2, we take this a step further by introducing a toolchain designed to make some of our favorite iOS application hacking tools available on non-jailbroken devices. To facilitate this, we forked the fantastic Theos project by DHowett. For the uninitiated, Theos is basically a build environment that allows you to (among other things) easily write, build, and deploy Cydia Substrate tweaks for apps on jailbroken devices. Theos takes care of…
  • Security Should Be Application-Specific

    Brenda Larcom
    27 Apr 2015 | 11:06 am
    I’m looking for the perfect pants. They’re brown. They’re sturdy. They’re business casual. They have many huge pockets, artfully arranged so that I don’t look like a pack rat even after I stash my stuff in them. They don’t cost a fortune. And of course, they fit me perfectly. I have never met these pants. But if I did, I certainly wouldn’t give them to my cousins, who wish for black leather and pajama jeans respectively, or my friend from college, who is into purple cargo pants, or my brother, who is a good five inches taller than I am, even though every one of these…
  • Vulnerable by Design: Understanding Server-Side Request Forgery

    Mike Brooks
    17 Apr 2015 | 11:55 pm
    Sometimes, walls get in the way, and when that happens, we need a door. A door needs a proper lock, or a security vulnerability may result. Server-side request forgery (SSRF) vulnerabilities can manifest in a number of ways, but usually it’s because a door was installed without a lock. The same-origin policy (SOP) is a wall every browser uses to keep users safe. If this wall didn’t exist, then while you are reading this blog post, JavaScript on this page would be allowed to interact with arbitrary domains. For example, malicious JavaScript could make a request to https://gmail.com, and…
  • AirDroid: How Much Do Your Apps Know?

    Matt Bryant
    15 Apr 2015 | 6:00 am
    The AirDroid app for Android has surpassed 20 million downloads from the Google Play store and has received raving reviews from the likes of USA Today and Lifehacker. The app’s function is to help a user organize his or her life by providing the remote ability to send text messages, edit files, manage other apps, and even perform GPS tracking. Unfortunately, for all its accolades, AirDroid is vulnerable to a pretty serious authentication bug. This bug allows a remote attacker to essentially take over an otherwise unsuspecting victim’s phone. All an attacker needs to do is to send a…
 
Log in