Network Security

  • Most Topular Stories

  • BREAKING NEWS: pfSense 2.2.2 Released

    pfSense Setup HQ
    15 Apr 2015 | 2:25 pm
    pfSense 2.2.2 has been release, containing 2 low-risk security updates. I will update the links on the downloads page ASAP. You can read all about the newest version at the official pfSense blog. The page also has links to the download mirrors, although it’s easier to update pfSense from within the web GUI. The post BREAKING NEWS: pfSense 2.2.2 Released appeared first on pfSense Setup HQ.
  • Siproxd: Part One

    pfSense Setup HQ
    23 Jan 2015 | 4:00 pm
    Siproxd is a proxy/masquerading daemon for the SIP protocol. It handles registrations of SIP clients on a private IP network and performs rewriting of the SIP message bodies to make SIP connections work via a masquerading firewall (NAT). It allows SIP software clients or SIP hardware clients to work behind an IP masquerading firewall or NAT router. SIP, or Session Initiation Protocol, is a standardized set of formats for communicating messages used to initiate, control, and terminate interactive Unicast or Multicast user sessions with multimedia services such as Internet telephone calls,…
  • What's Hot in the IT Job Market: Cybercrime specialists

    Feed: Blogs
    Debra Shinder
    29 Apr 2015 | 12:39 pm
    Some experts say fewer than 1000 people in the world are really qualified.
  • CareerBuilder Attack Sends Malware-Rigged Resumes To Businesses

    Dark Reading:
    Jai Vijayan
    30 Apr 2015 | 8:30 pm
  • Protecting Against Google Phishing in Chrome

    Schneier on Security
    30 Apr 2015 | 7:11 am
    Google has a new Chrome extension called "Password Alert": To help keep your account safe, today we're launching Password Alert, a free, open-source Chrome extension that protects your Google and Google Apps for Work Accounts. Once you've installed it, Password Alert will show you a warning if you type your Google password into a site that isn't a Google sign-in page. This protects you from phishing attacks and also encourages you to use different passwords for different sites, a security best practice. Here's how it works for consumer accounts. Once you've installed and initialized Password…
  • add this feed to my.Alltop


  • The Need for Test Data

    30 Apr 2015 | 2:22 pm
    Last week at the RSA Conference, I spoke to several vendors about their challenges offering products and services in the security arena. One mentioned a problem I had not heard before, but which made sense to me. The same topic will likely resonate with security researchers, academics, and developers.The vendor said that his company needed access to large amounts of realistic computing evidence to test and refine their product and service. For example, if a vendor develops software that inspects network traffic, it's important to have realistic network traffic on hand. The same is true of…
  • Will "Guaranteed Security" Save the Digital World?

    28 Apr 2015 | 5:47 pm
    Thanks to a comment by Jeremiah Grossman on LinkedIn, I learned of his RSA talk No More Snake Oil: Why InfoSec Needs Security Guarantees. I thought his slide deck looked interesting and I wish I had seen the talk.One of his arguments is that security products and services lack guarantees, "unlike every day 'real world' products," as shown on slide 3 at left.The difference between the products at left and those protected by security products and services, however, is that security products and services are trying to counter intelligent, adaptive adversaries.Jeremiah does include a slide…
  • Example of Chinese Military Converging on US Military

    13 Apr 2015 | 2:33 pm
    We often hear of vulnerabilities in the US military introduced by net-centric warfare and a reliance on communications network. As the Chinese military modernizes, it will introduce similar vulnerabilities.I found another example of this phenomenon courtesy of Chinascope:PLA Used its Online Purchasing Website for its First Online PurchaseWritten by LKY and AEF   Xinhua reported that on, April 7, the PLA announced that five manufacturers won the bidding, totaling 90 million yuan (US$14.48 million), to supply general and maintenance equipment to the PLA. The article said that these…
  • Network Security Monitoring Remains Relevant

    13 Apr 2015 | 12:25 pm
    Cylance blogged today about a Redirect to SMB problem found in many Windows applications. Unfortunately, it facilitates credential theft. Steve Ragan wrote a good story discussing the problem. Note this issue does not rely on malware, at least not directly. It's a problem with Microsoft's Server Message Block protocol, with deep historical roots.(Mitigating Service Account Credential Theft on Windows [pdf] is a good paper on mitigation techniques for a variety of SMB problems.)Rather than discussing the technical problem, I wanted to make a different point. After reading about this…
  • Please Support OpenNSM Group

    12 Apr 2015 | 8:25 am
    Do you believe in finding and removing intruders on the network before they cause damage? Do you want to support like-minded people? If you answered "yes," I'd like to tell you about a group that shares your views and needs your help.In August 2014, Jon Schipp started the Open (-Source) Network Security Monitoring Group (OpenNSM). Jon is a security engineer at the National Center for Supercomputing Applications at the University of Illinois at Urbana-Champaign. In his announcement on the project's mailing list, Jon wrote:The idea for this group came from a suggestion in Richard Bejtlich's…
  • add this feed to my.Alltop

    Spyware news

  • Why do I need backup and what options do I have for that?

    24 Apr 2015 | 6:45 am
    Months after months, security experts have been reporting that ransomware cases are growing at a steady rate and that there is no chance that hackers will stop distributing these viruses. If you have never heard about ransomware, then you should remember the main thing – after infecting the system, such threat can easily encrypt your […]
  • Authorities announce about the takedown of Simda Botnet

    17 Apr 2015 | 6:14 am
    It seems that today we can feel much safer than we were one week before. Why are we saying this? That’s because of the latest Interpol announcement that reports about the takedown of Simda botnet. It is known that this takedown operation involved Interpol,Microsoft, the Federal Bureau of Investigation, the Dutch National High Tech Crime […]
  • Newly designed ransomware starts spreading in Russian-speaking countries

    8 Apr 2015 | 7:28 am
    Normally, ransomware-type virus infiltrates computer, scans the system and then encrypts such files as documents, images and databases. For decrypting these files, victim has to enter a special key that can be received only by paying a ransom. However, several days ago researchers at Trend Micro have discovered a new type of crypto-ransomware, which is […]
  • Threatening truth about Vawtrak malware

    27 Mar 2015 | 8:04 am
    It seems that today everyone is discussing about Vawtrak or Neverquest. If you have no idea what this virus can be used for and how does it spread, this article is just for you. The main reason why we decided to write about this malware is its increased distribution rate. It is known that this […]
  • Adware in Apple Mac OS X? Yes, it’s possible!

    20 Mar 2015 | 7:31 am
    Steadily, year by year, adware-type programs have been bothering Windows users. After being installed in a bundle with third-party downloads, they have been interrupting people with annoying pop-up ads, in-text links, banner ads and other commercial content. It should be mentioned that such applications are not considered malicious. Nevertheless, security experts recommend avoiding them. It seems that […]
  • add this feed to my.Alltop

    Uncommon Sense Security

  • IEMs, In Ear Monitors

    18 Apr 2015 | 1:27 pm
    I’m old. My hearing sucks.  Years of power tools, especially air tools, a few concerts with the volume cranked to 11, and age have combined with male selective hearing to leave me with a bit of hearing loss.  Not bad mind you, but I know I’ve lost a lot of hearing range.  But I recently gambled on an inexpensive pair of IEMs, and was amazed at how much better they are than any earbuds I’ve ever tried.  Even the bottom end of the Shure IEM line lets me hear things in music that I haven’t heard in years.  I’m not likely to get much value from high-end IEMs,…
  • Software Stockholm Syndrome

    9 Mar 2015 | 8:53 am
    Q: Why do you use that software? It’s horrible! A: Because it’s what I know, and once you get used to it it isn’t so bad. Sound familiar?  It’s what I like to call “Software Stockholm Syndrome”, and we’re all victims. Take the application I’m using to write this post, Windows Live Writer.  Writer used to be a sweet little WYSIWYG blog editor, lightweight and versatile.  Sure, a little light on features, but a great little app.  Microsoft put their stamp on the app they acquired with the Onfolio acquisition until it had a few more features and a stunning…
  • We need to talk about attribution.

    10 Feb 2015 | 7:09 pm
    One of the InfoSec community’s greatest distractions lately has been attribution, both specifically and generically. Let’s start with the Sony fiasco and the FBI’s pinning the attribution tail on the North Korean donkey.  Many people have beaten this to death, there has even been name calling over it.  And I don’t care.  There are certainly questions unanswered, but I’m not opposed to the idea that it was North Korea, I’m just not convinced “beyond a reasonable doubt”.  The argument is lost in the greater public, everyone believes it, just like they believe…
  • But Jack, community and stuff…

    30 Jan 2015 | 4:40 am
    A few folks have asked me about my roles on the advisory board for Intelligent Defence and as a judge for RSA’s new crowdsourced track.  I’m often thought of as “Mr. BSides”, which is unfair to a lot of people who do a lot more than I do to build and sustain the Security BSides movement and community, and unfair to the thousands of organizers, volunteers, speakers, sponsors, and participants who make BSides what it is.  This also overlooks the fact that I have long been engaged with a variety of groups and events, and I work in the security industry. The short version of the…
  • RSA Conference’s new crowdsourced submissions program

    28 Jan 2015 | 10:06 pm
    The US RSA Conference is adding something new for 2015, a crowdsourced submissions track.  RSA gets a stunning number of submissions each year, and it takes a long time to sort through them all- leading to a common grumble about the long lead time between submissions and the conference.  And as with almost any event, some question why certain talks were accepted over others.  RSA has been listening, and is trying this new crowdsourced track to address some of the feedback they have received.  You want a short leadtime for talks to allow for recent topics?  You want a…
  • add this feed to my.Alltop

    Schneier on Security

  • Friday Squid Blogging: Ceramic Squid Planters

    1 May 2015 | 2:16 pm
  • Digital Privacy Public Service Announcement

    1 May 2015 | 12:43 pm
    I thought this was very well done.
  • Ears as a Biometric

    1 May 2015 | 10:46 am
    It's an obvious biometric for cell phones: Bodyprint recognizes users by their ears with 99.8% precision with a false rejection rate of only 1 out of 13. Grip, too. News story. EDITED TO ADD: I blogged this in 2011.
  • Measuring the Expertise of Burglars

    30 Apr 2015 | 12:22 pm
    New research paper: "New methods for examining expertise in burglars in natural and simulated environments: preliminary findings": Expertise literature in mainstream cognitive psychology is rarely applied to criminal behaviour. Yet, if closely scrutinised, examples of the characteristics of expertise can be identified in many studies examining the cognitive processes of offenders, especially regarding residential burglary. We evaluated two new methodologies that might improve our understanding of cognitive processing in offenders through empirically observing offending behaviour and…
  • Protecting Against Google Phishing in Chrome

    30 Apr 2015 | 7:11 am
    Google has a new Chrome extension called "Password Alert": To help keep your account safe, today we're launching Password Alert, a free, open-source Chrome extension that protects your Google and Google Apps for Work Accounts. Once you've installed it, Password Alert will show you a warning if you type your Google password into a site that isn't a Google sign-in page. This protects you from phishing attacks and also encourages you to use different passwords for different sites, a security best practice. Here's how it works for consumer accounts. Once you've installed and initialized Password…
  • add this feed to my.Alltop

    Infosec Events

  • Information Security Events For May

    3 May 2015 | 5:36 am
    Here are information security events in North America this month:   Information Security Summit 2015 : May 1 in New York, NY, USA.   IEEE Int. Symposium on Hardware-Oriented Security and Trust (HOST 2015) : May 5 to 7 in VA, USA.   Jailbreak Brewing Company Security Summit 2015 : May 8 in MD, USA.   BSides Boston 2015 : May 9 in MA, USA.   BSides San Antonio 2015 : May 10 in San Antonio, TX, USA.   MetricStream GRC Summit 2015 : May 11 to 13 in VA, USA.   CISO Executive Summit New York : May 11 in NY, USA.   Rocky Mountain Information Security…
  • Week 16 In Review – 2015

    20 Apr 2015 | 1:02 pm
    Events Related Test your hacker skills with DEF CON at the 2015 TRIBECA film festival – For the first time ever, the world’s biggest underground hacking conference will travel from Las Vegas to NYC for this year’s TFF. Resources PCI versions 3.0, 3.1 and your SecureSphere deployment – This blog entry will focus solely on new requirements that either affect SecureSphere, or requirements that Secure could affect. PCI 2.0 requirements that can be mitigated using SecureSphere are out of scope of this document. Memex (Domain-Specific Search) –…
  • Week 15 In Review – 2015

    15 Apr 2015 | 1:56 pm
    Resources SyScan2015 Conference Slides – These are the SyScan2015 Conference Slides. SyScan2015 Conference Slides can be download from here. CanSecWest 2015 Files – The CanSecWest conference was established in 2000. Archives of presented materials in CanSecWest Vancouver 2015 can be found here. RF Testing Methodology – The RFTM is an Open Source, collaborative testing methodology.It is focussed on providing the information that security researchers and consultants need to know in order to effectively test systems that employ RF…
  • Week 14 In Review – 2015

    6 Apr 2015 | 12:08 pm
    Events Related Black Hat Asia 2015 Recap – For the second year in a row, BlackHat Asia was held in Singapore, at the end of March, in the luxury Marina Bay Sands hotel. As usual, the 2 days briefings were fully loaded of plenty of topics. 3 distinct tracks were offered, plus the business track and of course the technical Arsenal rooms. My experience at Black Hat Asia 2015 With all the frightening stories of hackers at Black Hat, Preeti Subramanian stepped into not-just-yet-another-conference in Singapore. Situated at the plush location of the island country,…
  • Information Security Events For April

    2 Apr 2015 | 2:33 am
    Here are information security events in North America this month: SecureWorld Kansas City 2015 : April 1 in Kansas City, MO, USA   10th Cyber and Information Security Research Conference (CISRC 2015) : April 7 to 9 in Tennessee , USA   InfoSec Southwest 2015 : April 10 to 12 in Austin, TX, USA   BSides Charm 2015 : April 11 to 12 in Columbia, MD, USA   BSides Orlando 2015 : April 11 to 12 in Orlando, FL, USA   BSides Nash 2015 : April 11 in Nashville, TN, USA   Symantec Government Symposium 2015 : April 15 in Washington, DC, USA   AtlSecCon 2015 : April 16…
  • add this feed to my.Alltop

    Dr Anton Chuvakin Blog PERSONAL Blog

  • Monthly Blog Round-Up – April 2015

    1 May 2015 | 11:11 am
    Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month: “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? Well, you be the judge.  Current emergence of open source log search tools, BTW, does not break the logic of that post. SIEM requires a lot of work, whether you paid for the software, or not. [282 pageviews] “Simple Log Review Checklist Released!” is often at the top of this list – the checklist is still a very useful tool for many people. “On Free Log Management Tools” is a…
  • Links for 2015-04-06 []

    Anton Chuvakin
    7 Apr 2015 | 12:00 am
    Cybersecurity at Aetna Is a Matter of Business Risk - The CIO Report - WSJ
  • Links for 2015-04-03 []

    Anton Chuvakin
    4 Apr 2015 | 12:00 am
    Why you should be spending more on security | Network World
  • Links for 2015-04-02 []

    Anton Chuvakin
    3 Apr 2015 | 12:00 am
    Do Threat Exchanges Work? - eSecurity Planet
  • Monthly Blog Round-Up – March 2015

    2 Apr 2015 | 9:40 am
    Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month:“Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? Well, you be the judge.  Current emergence of open source log search tools, BTW, does not break the logic of that post. SIEM requires a lot of work, whether you paid for the software, or not. [326 pageviews]“Simple Log Review Checklist Released!” is often at the top of this list – the checklist is still a very useful tool for many people. “On Free Log Management Tools” is a…
  • add this feed to my.Alltop

    Security Blog

  • Weekly Intelligence Summary Lead Paragraph: 2015-05-01

    1 May 2015 | 4:20 pm
    “By Thor’s DDoS Hammer!” That’s what members of the VCIC said after collecting several noteworthy reports on denial of service attacks this week. Leading the pack is Arbor Networks’ report of a 334 Gbps attack directed at an unnamed network provider in Asia. In the first quarter, they observed twenty-five attacks consuming 100 Gbps or more and the majority involved NTP, SSDP or DNS amplification attacks. CloudFlare provided an excellent overview of how JavaScript-based DDoS attacks work (think the Great Cannon) and Neustar published its April 2015 North American DDoS attack report…
  • 0’day Campaigns for Everyone!

    Gabe Bassett
    30 Apr 2015 | 8:36 am
    Has this ever happened to you?  You’re on watch in the SOC, watching the threat map, and all of the sudden evil starts scrolling by in the incidents.  Maybe it’s your firewall notifying you of outbound beaconing on ports you didn’t expect.  Maybe it’s unexpected, large, data transfers.  Maybe it’s client systems doing things clients aren’t supposed to do such as logging in with admin credentials or send mails outside of the corporate mail system. Either way, you’ve got a breach and none of your systems prevented it.  You’re left asking…
  • Weekly Intelligence Summary Lead Paragraph: 2015-04-24

    24 Apr 2015 | 11:46 am
    Discriminating intelligence from severe wind advisories in the vicinity of the Moscone Center continues to be more challenging each Spring.  The VCIC extended collection of intelligence on the threat actor responsible for the Pawn Storm campaigns we noted in last week’s INTSUM.  Two additional reports on the actor by FireEye and PWC included indicators and took note of the speedy incorporation of new exploits targeting last week’s Adobe Flash Player vulnerabilities into their attack tools.  Intelligence about a different actor grew as Kaspersky assessed that CozyDuke was the malware…
  • Weekly Intelligence Summary Lead Paragraph: 2015-04-17

    17 Apr 2015 | 4:33 pm
    The VCIC collected a bevy of comprehensive security reports this week including Trend Micro’s 2014 Targeted Attack Trends analysis and Symantec’s Internet Security Threat Report vol. 20. But you’ll understand if we’re slightly more excited about the release of the Verizon 2015 Data Breach Investigations Report. That’s right, it’s back and bigger than ever thanks to our 70 data-sharing partners. We hope we know what you’ll be reading this weekend. In addition to those reports, FireEye published a whitepaper on APT 30, a group that’s been tormenting Southeast Asia for 10 years.
  • The 2015 Data Breach Investigations Report is Out!

    Wade Baker
    14 Apr 2015 | 8:53 pm
    As if you didn’t have enough on your plate the week before RSAC, we’ve dropped a 60+ page helping of high-caloric data for you to digest. I know the DBIR isn’t exactly light fare to begin with, but this one takes it to a whole new gastronomic level. Datasets behind previous DBIRs measured in the kilobytes (<100MB in the raw), but this year we slow-cooked over 12 terabytes of data to serve up the chef d’oeuvre that is the 2015 DBIR.Contributing those 12 terabytes, were 70 organizations around the world (up from 50 in 2014). Please take a few moments to look over the list of…
  • add this feed to my.Alltop

    Optimal Security

  • Infosec Haiku

    Chris Merritt
    2 May 2015 | 1:45 pm
    Anata no joho sekyuritei konshu no haiku EMV is Here In October – Will This Mean A Drop in Breaches?   ### Notes ### * Thanks to Ms. Etsuko vdH for the translation. * Thanks to everyone who’ve contributed their haikus … watch this space to see if yours is published. * Submit Your Own … if yours is published, I’ll send you a $20 Starbux card. Please DM me at Contest Rules: all rulings by the judge (me) are final, blah blah blah.
  • SendGrid email service hacked, customers told to reset passwords and DKIM keys

    Graham Cluley
    27 Apr 2015 | 4:36 pm
    Most of us know about bulk email – it’s the blanket term which can be used in relation to the mountain of legitimate newsletter subscriptions and marketing emails we may have clogging up our inboxes, as well as the unsolicited junk messages, scams and phishing campaigns that spammers abuse us with. What is less well known is what transactional email is. It’s the automated “Thank you for creating an account”, “Here are the details of your order”, “We have received your support request”-type messages that may be a little bit boring, but are…
  • Hijacking Websites for Hacktivism (part 3)

    27 Apr 2015 | 6:30 am
    This is the next in a series of posts about my hacktivism campaign. You can read part 1 and part 2 if you missed them. My goal is to publish publicly available information about political candidates on a website I host, then redirect traffic from their campaign websites to mine. I’ve covered a few website hijacking techniques such as file inclusion, SQL injection, and hacking the host. These techniques aren’t suitable for this project since they involve changes to the website host. The owners will be able to identify the compromise and correct fairly easily. The technique I want…
  • Infosec Haiku

    Chris Merritt
    26 Apr 2015 | 12:42 pm
    Anata no joho sekyuritei konshu no haiku Will All These Proposed Cybersecurity Laws Help Us or Hinder?   ### Notes ### * Thanks to Ms. Etsuko vdH for the translation. * Thanks to everyone who’ve contributed their haikus … watch this space to see if yours is published. * Submit Your Own … if yours is published, I’ll send you a $20 Starbux card. Please DM me at Contest Rules: all rulings by the judge (me) are final, blah blah blah.
  • Popular WordPress plugins found vulnerable to XSS attacks

    Graham Cluley
    21 Apr 2015 | 8:56 am
    As I’ve explained before on the Optimal Security blog, cross-site scripting (XSS) flaws are a big problem on the net. Vulnerable websites can be exploited via XSS to steal user accounts, change settings or phish passwords from unsuspecting users. In fact, XSS flaws are one of the most commonly encountered security flaws found on websites. So imagine the perfect storm of potential XSS attack vectors being secretly embedded deep within many of the world’s websites, run on the phenomenally popular WordPress platform… all without the knowledge of the site’s administrators…
  • add this feed to my.Alltop

    TRUSTe Blog

  • May Spotlight Events — European Data Protection Days, Internet Week New York & More!

    1 May 2015 | 9:00 am
      May 4-5 European Data Protection Days  Berlin Data protection experts from around the world will present on topics ranging from EU Safe Harbor to the Right to be Forgotten to drones. With an impressive number of distinguished speakers, this event is sure to be very informative! Register here.   May 5 Automating Data Privacy … Continue reading » The post May Spotlight Events — European Data Protection Days, Internet Week New York & More! appeared first on TRUSTe Blog.
  • End-of-Month Recap: What You Might Have Missed

    30 Apr 2015 | 9:49 am
    At the end of each month we’ll compile a list featuring some of the most informative and interesting privacy blog posts to let you know what topics are driving the privacy agenda this month. April was a busy month for privacy professionals and at TRUSTe. There was the widely attended RSA Conference in San Francisco, … Continue reading » The post End-of-Month Recap: What You Might Have Missed appeared first on TRUSTe Blog.
  • Meet TRUSTe: Erwin Asignar, Senior Privacy Solutions Manager

    29 Apr 2015 | 9:00 am
    Our latest series will introduce you to a new TRUSTe employee every week to give you an inside look at the talented, knowledgeable and friendly people who work at TRUSTe.     Name: Erwin Asignar Job Title: Senior Privacy Solutions Manager How long have you worked at TRUSTe? Going three years now. I will be celebrating my third year … Continue reading » The post Meet TRUSTe: Erwin Asignar, Senior Privacy Solutions Manager appeared first on TRUSTe Blog.
  • Why Privacy Matters

    28 Apr 2015 | 9:00 am
    By Ralph O’Brien, Senior Consultant, Compliance Solutions at TRUSTe The other night I got into a discussion with a friend about personal privacy. He said: “Most people would find me very boring, why should I care if they look at my stuff online?” Or otherwise put — If you’ve got nothing to hide, why should … Continue reading » The post Why Privacy Matters appeared first on TRUSTe Blog.
  • Privacy & Security MeetUp Event Tomorrow at TRUSTe Headquarters

    27 Apr 2015 | 9:40 am
    Join the Privacy Innovation & Technology MeetUp tomorrow, April 28, for an evening of drinks and discussion. The topic of this meet-up is, “Privacy and Security by Design: Baking It In.” The event beings at 6 p.m. and will take place at the TRUSTe headquarters, located at 835 Market Street, Suite 800, San Francisco. The … Continue reading » The post Privacy & Security MeetUp Event Tomorrow at TRUSTe Headquarters appeared first on TRUSTe Blog.
  • add this feed to my.Alltop


  • Yet Another Wi-Fi Toolset to Consider

    27 Apr 2015 | 4:32 am
    It's always nice to see another player in the commercial Wi-Fi tool space.
  • Things You May Not Realize About 802.11ac

    19 Apr 2015 | 1:51 pm
    Our latest WLAN access standard is the most complex to date, and there's a lot of misunderstanding and confusion related 802.11ac out there. Let's talk about a number of points that may not be so obvious with 11ac- see how many of these you already knew...
  • SuperBeam is Super Slick For File Transfers

    11 Apr 2015 | 2:18 pm
    I'm not big on reviewing apps, but every now and then one really catches your fancy. For me, SuperBeam is one of those apps- it makes moving files around my fleet of Android Devices a breeze, and works with other operating systems as well.
  • Proper Design Still Key to Good Wi-Fi

    6 Apr 2015 | 12:01 pm
    It doesn't matter how "good" the access points are if the WLAN hasn't been designed right.
  • Ruckus Wireless Expands to the Cloud (Sort Of)

    30 Mar 2015 | 6:21 am
    The cloud-managed wireless market is expanding, and Ruckus is now in the game. more or less- thanks to an international reseller with a similar name.
  • add this feed to my.Alltop

    SecurityWeek RSS Feed

  • Dyre Banking Trojan Counts Processor Cores to Detect Sandboxes

    Eduard Kovacs
    1 May 2015 | 11:31 am
    Researchers have come across a new version of the Dyre banking malware that leverages a clever yet simple technique to evade sandboxes and prevent analysis. read more
  • Berlin Deleted '12,000 NSA Spying Requests'

    1 May 2015 | 10:37 am
    The German intelligence service BND, which is accused of helping the United States spy on EU leaders and companies, had actually "deleted 12,000 requests" targeting European officials, according to Saturday's edition of the Der Spiegel weekly. read more
  • MySQL SSL/TLS Connections at Risk Due to BACKRONYM Flaw

    Eduard Kovacs
    1 May 2015 | 6:59 am
    MySQL, Oracle’s relational database management system, is plagued by a vulnerability that can be exploited to downgrade SSL/TLS connections, according to researchers at Duo Security. read more
  • Opto 22 Patches Flaws in Industrial Control Products

    Eduard Kovacs
    1 May 2015 | 5:09 am
    A researcher has identified two arbitrary code execution vulnerabilities in industrial control and automation software products developed by Opto 22. The vendor has released updates to resolve the flaws. read more
  • Security Bug in ICANN Portals Exploited to Access User Data

    Eduard Kovacs
    1 May 2015 | 2:05 am
    The Internet Corporation for Assigned Names and Numbers (ICANN) announced on Thursday the completion of the first phase of its investigation into the impact of a vulnerability affecting two of the organization’s generic top-level domain (gTLD) portals. read more
  • add this feed to my.Alltop

    Free IT - Security Magazines and Downloads from

  • Wanted: Guardians to Keep Sensitive Data Safe & Protected

    1 May 2015 | 12:00 am
    Every company holds sensitive data – social security numbers, credit card data, company financials, intellectual property and more. However, many don't have a clear view of what they are storing for sensitive data or, more concerning, knowing where it resides. Understanding where sensitive data is held, how it's protected and who can access it within or outside the organization is critical. Learn how you can see inside your dark data files, know who has accessed confidential information and protect your sensitive data from those who shouldn't have access to it.Request Free!
  • Top Trending IT Security Resources for Spring 2015

    30 Apr 2015 | 12:50 pm
    Top Trending IT Security Resources for Spring 2015, brings together the latest in information, coverage of important developments, and expert commentary to help with your IT Security related decisions.The following kit contents will help you get the most out of your IT Security research:To Increase Downloads, Instill Trust FirstSecurity in the Age of Enterprise TechnologyClosing the Web App Data Security Gap: Dynamic Data Masking for Web ApplicationsBuild Your IT Security CaseRequest Free!
  • The Essentials of Information Security Kit: Includes a Free PC Security Handbook - 2nd Edition eBook

    30 Apr 2015 | 12:50 pm
    The Essentials of Information Security brings together the latest in information, coverage of important developments, and expert commentary to help with your Information Security related decisions.The following kit contents will help you get the most out of your Information Security research:PC Security Handbook - 2nd Edition10 Ways Everyone Should Approach Cybersecurity in 2015To Increase Downloads, Instill Trust FirstClosing the Web App Data Security Gap: Dynamic Data Masking for Web ApplicationsRequest Free!
  • Have you Implemented the SANS Top 20 Critical Security Controls?

    28 Apr 2015 | 12:00 am
    The SANS Top 20 Critical Security Controls (CSC) are a time-proven, prioritized, “what works” list of 20 controls that can be used to minimize security risks to enterprise systems and the critical data they maintain.Splunk provides a single, integrated, security intelligence platform that allows today's security professionals to ensure that their organizations are meeting Critical Security Controls requirements.Read this eBook to learn how Splunk software can uniquely:Verify incoming data, execute the requirements needed, or support human activities associated with a controlMake all data…
  • Mixed State of Readiness for New Cybersecurity Regulations in Europe

    23 Apr 2015 | 12:00 am
    Protection Regulation (GDPR) legislation. The GDPR is currently set to be finalised in early 2015, with compliance becoming mandatory in 2017. The NIS directive – set to be implemented in 2015 – will impose new security and incident reporting requirements on a broader range of private sector companies.The report gauges how organisations perceive the scale and importance of the legislation and predicts how organisations in France, Germany and the UK are most likely to prepare themselves for compliance. Based on responses, it concludes that there is a mixed state of readiness at best, with…
  • add this feed to my.Alltop


  • CEO-to-CEO: Lead by Changing the Conversation

    Bob Chaput
    16 Apr 2015 | 10:00 am
    As the leader in your organization, you have many priorities to balance and decisions to make.  If you’re like most CEOs, your primarily worried about growth, great patient/member/resident/customer service, high quality solutions and, if you’re a direct line provider, the best possible healthcare outcomes. In healthcare, risk management comes with the territory.  After all, “First, do no harm!”  There was a time when loss or harm, the outcome of bad risk management, was solely based on clinical processes and procedures. Today, with the widespread adoption of information technology…
  • How to Get Management to Support Your Information Risk Management Program

    Bob Chaput
    14 Apr 2015 | 10:00 am
    We hear this question every week: “How can I get support from management for my information risk management program?” Here are some suggestions that have helped other organizations: Secure a friend in the boardroom If you don’t have a sponsor on the executive team, get one! It should be someone in the C-suite who understands risk management – your legal counsel, or your CFO, or maybe your Medical Officer or COO. In addition to supporting the vision and commitment of protecting health information, reviewing and critiquing your investment requests, fashioning your arguments into the…
  • The Case for Action: It’s Time to Get Serious about Information Risk Management

    Bob Chaput
    9 Apr 2015 | 10:00 am
    Picture this. You’re blindfolded. Walking on a frayed tightrope above a choppy ocean. The water is filled with hungry sharks, mouths open with rows of sharp teeth just waiting for you to lose your footing. The wind is blowing sideways as rain pelts you and lightening strikes all around. Oh, and you are carrying a large boulder as you wobble ahead. Is your organization walking the tightrope, or living in fear? While there are some within the healthcare space that are walking along the tightrope oblivious to the danger that awaits, most are gripped with fear. Medical ID theft, cyber attacks…
  • CEO-to-CEO: Your Next Information Security Expenditure?

    Bob Chaput
    7 Apr 2015 | 10:00 am
    JPMorgan Chase CEO Jamie Dimon recently stated that he expects the bank’s annual IT security budget to double from $250 million to $500 million over the next five years in the wake of its massive data breach, which impacted 76 million households and 7 million small businesses (see: Chase’s Cybersecurity Budget to Double). I expect those numbers make most CEOs gasp!  Most CIOs or CISOs would beg to have pennies on each of those dollars in their budgets. Whether your organization’s annual IT security budget is $25,000, $250,000, $2.5 million or an extraordinary $250 million or more, a…
  • Does HIPAA Compliance Require More Clarity?

    Bob Chaput
    2 Apr 2015 | 10:00 am
    When the Department of Health and Human Services issued the Final Omnibus Rule in 2013, the healthcare industry received the final set of clarifications it needed to effectively respond to HIPAA-HITECH compliance regulations. Or did it? Are HIPAA Regulations really effective? As technological innovations have spread like wildfire through the healthcare space, some are questioning whether HIPAA effectively addresses what’s happening in the ever-changing world of digital health. This has led a trade association to push for greater clarity when it comes to digital health companies and HIPAA.
  • add this feed to my.Alltop

    Threatpost | The first stop for security news

  • Mozilla Moving Toward Full HTTPS Enforcement in Firefox

    Brian Donohue
    1 May 2015 | 9:20 am
    The Mozilla Foundation announced yesterday that it is in the process making HTTP connections incompatible with its popular Firefox Web browser.
  • Researcher Finds Method to Bypass Google Password Alert

    Dennis Fisher
    1 May 2015 | 8:47 am
    A security researcher has developed a method–actually two methods–for defeating the new Chrome Password Alert extension that Google released earlier this week. The Password Alert extension is designed to warn users when they’re about to enter their Google passwords into a fraudulent site. The extension is meant as a defense against phishing attacks, which remain […]
  • Threatpost News Wrap, May 1, 2015

    Dennis Fisher
    1 May 2015 | 8:38 am
    Dennis Fisher and Mike Mimoso discuss the post-RSA news, including the MySQL bug, the progress of the OpenSSL overhaul and the wildly entertaining House hearing on crypto backdoors.
  • Dyre Banking Trojan Jumps Out of Sandbox

    Michael Mimoso
    1 May 2015 | 6:48 am
    Researchers at Seculert have found a new version of the Dyre banking malware, one that is adept at avoiding sandbox detection.
  • Unpatched Router Vulnerability Could Lead to Code Execution

    Chris Brook
    30 Apr 2015 | 11:07 am
    A critical vulnerability in popular household routers such as D-Link and Trendnet could be exploited by attackers to run arbitrary code on devices.
  • add this feed to my.Alltop

  • Removal Guide

    30 Apr 2015 | 6:31 am
    What is Read below how to remove OurSurfing from your browser! is a website associated with browser hijackers. This search engine is used to help dubious software penetrate your browser. The hijackers which use can break into Google Chrome, Mozilla Firefox and Internet Explorer. Upon doing so, they start to manipulate the program in various ways. The search results you get by using this engine will be altered to have supported sites included. There will also be ads included in the results page. is used to help pass on advertising in…
  • Online Video Promoter Removal Guide

    30 Apr 2015 | 4:38 am
    Online Video Promoter is an adware program which poses as a media player. Once it enters your computer, it will not act like a regular program and simply open multimedia files. It will show you commercial ads and coupons without asking if you are interested. This is done to make proceeds with the end user's unwilling help. Online Video Promoter links to supported ads for which its developers receive payment. Just forwarding the links is not enough, though. You have to open these pop-ups. Naturally, this is what their original issuers are interested in. To get your attention, Online Video…
  • Coupons Vault Removal Guide

    30 Apr 2015 | 4:33 am
    Coupons Vault falls under the categories of adware and potentially unwanted programs (PUP). As the name suggests, this tool is connected to online shopping. It shows different kinds of ads, like pop-ups, pop-unders, banners and others. Coupons Vault is compatible with Google Chrome, Mozilla Firefox and Internet Explorer. It will show you ads no matter what your browsing habits are and which site you are on. This PUP will not hesitate to interrupt you. There is no option to stop or reduce the ad flow. The same terms apply for the program's tracking function. Coupons Vault will monitor your…
  • NiceDeal Removal Guide

    30 Apr 2015 | 4:28 am
    NiceDeal is a typical adware program. Just by reading its name, you can guess that it involves online shopping. The tool gives all kinds of discount product offers in the forms of item advertisements and shopping coupons. It is made to look reliable so as to have a better chance at attracting the user's attention. Following any of its ads is risky. They may seem genuine, but any of them could hide a redirect and lead to a malware infection. NiceDeal does not look out for your security. The adware is ad-supported and only seeks to generate revenue from collecting your clicks on sponsored…
  • Active Discount Removal Guide

    30 Apr 2015 | 4:21 am
    Active Discount falls under the category of adware. As the name suggests, the program is related to online shopping. Its purpose is to show the user bargain product deals. This sounds helpful, but there are some insecurities you should know about. Active Discount does not link ads solely for your benefit. Displaying advertising content is profitable for the developers of the program. While you may or may not find these ads useful, the creators of Active Discount are guaranteed a commission for every click you make. Since the users do not pay for the services of the program, this is its only…
  • add this feed to my.Alltop

    NSS Labs

  • NGIPS – HP TippingPoint Update

    24 Apr 2015 | 12:00 am
    In our recently completed Next Generation Intrusion Prevention Systems (NGIPS) test, NSS Labs and HP TippingPoint discovered an anomaly during testing. Fundamentally, the nature of the anomaly was related to a recent CVE, which was being heavily utilized in the wild and as such carried great weight in the Live Stack portion of the NGIPS test.  After working closely together with NSS Labs, HP TippingPoint believes minor adjustments to the profile may provide significant enhancement in the area of security effectiveness in the live stack portion.
  • Security Orchestration – Integration, Process, and Wise Investments Driven by a Security Conductor

    14 Apr 2015 | 12:00 am
    When I am asked by friends to discuss the security breaches that feature ever more frequently in the news, I use a music analogy. Why music? For one thing, I am a fan of traditional classical music; for another, this allows me to describe the roles of security teams without the usual pile of acronyms and product names that are well known to those of us in the security industry but are unfamiliar to those who are not. Most importantly, the music analogy fits because I know that no complex system happens by accident.
  • Detecting the Invisible Part 3: "Retreat from the Breach"

    5 Mar 2015 | 12:00 am
    Our approach to securing the enterprise has changed, and breach detection technology has been largely instrumental in this process. This report from NSS Labs is the final in a three-part series on the impact of the breach detection system (BDS). As the breach detection market continues to mature, several points are worth noting:
  • The Best Place for Yesware is Nowhere

    5 Mar 2015 | 12:00 am
    A talented security colleague came across a tweet from a company called Yesware and remarked to me that it could be construed as spear phishing with specific language for legal protection. I can see his point, but in pedantically technical language, no, this is not spear phishing. Yesware certainly could be a tool in a spear phisher’s toolbox, but that is not what it is designed for. Is Yesware Spyware?
  • Detecting the Invisible Part 2: "Once More Unto the Breach, Dear Friends"

    4 Mar 2015 | 12:00 am
    Our approach to securing the enterprise has changed, and breach detection technology has been largely instrumental in this process. This report from NSS Labs is the second in a three-part series on the impact of the breach detection system (BDS).
  • add this feed to my.Alltop

    Private WiFi

  • Tips to Protect Your Digital Identity

    Nikki Junker
    29 Apr 2015 | 9:37 am
    Within the last decade, our senses of self and identity have made a major shift.  Whether we’ve noticed it or not, the items that used to define our identities have gone from hard copy items, such as birth certificates and Social Security cards, to online banking passwords, Facebook logins, and mobile wallets stored in our smartphones.  While we still need to safeguard and protect those hard copy documents, we also have to focus on our digital identities. Our digital identities are made up of all kinds of new information, such as smartphone passcodes, Twitter feeds, and Instagram photo…
  • Why I Started Private Communications Corporation

    Kent Lawson
    28 Apr 2015 | 12:52 pm
    With the launch of our new data compression product, DataCompress, it seems like a good time to revisit why I started Private Communications Corporation (PCC). Ever since launching PCC in 2010, many people have asked what motivated me to emerge from a fulfilling retirement to launch a new company. After all, I had spent twenty hectic years running my previous company – you have to throw everything you have into being an entrepreneur. I had retired in 1997 and was very much enjoying the opportunity to relax a bit, travel a lot, and had become heavily involved in several rewarding non-profit…
  • The Three Legs of Protection: Antivirus Software, Firewalls, and VPNs

    Kent Lawson
    15 Apr 2015 | 4:00 am
    It’s helpful to view the three main data protection components as three legs of a stool: if you’re missing any of the legs, your protection will collapse and you will put your data at risk. So what are these three important legs? The first leg: antivirus software. Most of you already know what antivirus software is and use it on your computers; a recent survey indicated that over 80% of computer users use some kind of antivirus software. And most people have heard of the second leg: firewalls. These keep our computers safe from outside attacks. Most big companies spend a fortune making…
  • New Hotel WiFi Vulnerability

    Alok Kapur
    9 Apr 2015 | 1:49 pm
    Earlier this year, the FTC posted an article on their website declaring that hotel WiFi is dangerous and that many hotels WiFi users are unaware of this. As PRIVATE WiFi CEO Kent Lawson stated in reaction to the FTC’s statement, this announcement is critical for travelers because many people assume that because they are paying for it, their hotel’s WiFi network must be safe. That’s a dangerous assumption to make, because most hotel WiFi networks are completely insecure. And the bad news is that a new exposure in hotel WiFi has just been found. Vulnerable Hotel Routers Recently, a…
  • Introducing DataCompress: A Data Savings App for your Mobile Device

    Jillian Ryan
    1 Apr 2015 | 3:20 am
    Is your phone a data hog? If so, we have some good news. The makers of PRIVATE WiFi have a new product on the market to help users improve their Internet experience. With the launch of DataCompress, Android users can cut their mobile data use by up to 50%*. Get more value from your plan by getting the right-sized content, fast. Browse the web freely. Share more pictures. DataCompress gives you more with less. The app quickly shrinks pictures and text. It happens in fractions of a second. Instead of wasting time and data downloading a picture that's unnecessarily big, you get only what you…
  • add this feed to my.Alltop

    Pivot Point Security

  • Dark Data: An Information Security Risk for Law Firms?

    30 Apr 2015 | 12:23 pm
    Dark data is a term for data that is hard to identify and manage. Generally speaking, it’s unstructured data (e.g., legal contracts, customer proposals, sensitive client data, internal business data, marketing material, matters related research) located in a growingly diverse number of places (e.g., file shares, SharePoint sites, “the cloud” (e.g.,, DropBox). Law firms are swimming in a sea of data. Across a typical firm, a broad array of ever-growing amounts of data (structured and unstructured, current and old, matter sensitive and trivial) is increasingly being recognized as…
  • How to Store Usernames and Passwords for Web Applications – Part 2

    Bhaumik Shah
    28 Apr 2015 | 12:09 pm
    Recently I blogged about how (and how not) to store usernames and passwords for web applications by using hashing. This follow-up post discusses what is probably the ideal method for password storage for critical applications: salting your hash function with random data so that your authentication system can better withstand dictionary attacks using an enormous list of hashed passwords, and rainbow table attacks relying on pre-computed tables of values. To sum up my prior post: if your web application stores the hash value of users’ passwords in a database, a successful SQL injection attack…
  • Disaster Recovery Terminology Really Grinds My Gears

    Bob Cohen
    23 Apr 2015 | 12:30 pm
    Why can’t people in the same industry use the same terms when they’re talking about the same thing? Terminology around disaster recovery is a disaster—and this makes planning more complicated than it already is. Take, for example, the ISO 22301 standard for recovery planning. It defines the term maximum acceptable outage (MAO) as “the time it would take for adverse impacts to become unacceptable.” Then there’s maximum tolerable period of disruption (MTPD), which means, “the time it would take for adverse impacts to become unacceptable” (see also MAO). Of course there’s also…
  • 7 Ways to Not Get Burnt By Hijacked Corporate Email Accounts

    21 Apr 2015 | 12:37 pm
    According to a recent alert from the FBI, hackers swindled U.S. businesses out of an estimated $215 million in the past fourteen months, using a sophisticated scam called the Business E-mail Compromise (BEC), aka the “Man-in-the-Email” scam. The attack targets businesses of all sizes that work with foreign suppliers and/or regularly make wire transfer payments. Many non-U.S. businesses have also been successfully scammed. The scam starts by hijacking the account of a C-level executive. The hacker poses as the executive and then requests a wire transfer from a second employee who normally…
  • A Key “Hidden” Lesson from the Sony Breach: You’re Only as Strong as Your Soft Controls

    Robert Oliver
    16 Apr 2015 | 12:32 pm
    Throughout 2014 and into 2015 with the recent Anthem Blue Cross breach, every few weeks with distressing regularity there has been a new breach or exploit of epic proportions. But the “shock and awe” surrounding December’s Sony Pictures hack has been unsurpassed: intellectual property pirated, embarrassing emails publicized, the resignation of a top executive, a movie premiere cancelled in the wake of terrorist threats. A sidebar in the Sony story is that the breach caused collateral damage to the professional services giant Deloitte. Salaries of key executives and thousands of the…
  • add this feed to my.Alltop


  • Woman charged with running webcam-hacking network

    Graham Cluley
    1 May 2015 | 8:11 am
    It’s not at unusual these days to hear stories of innocent people’s webcams being hacked. Typically the perpetrators are guys, getting their kicks out of snooping and spying covertly without the knowledge of their victim, sometimes furtively stealing snapshots or blackmailing young women into performing sexual acts on camera. This is one of the reasons why it can be a good idea to keep your computer out of the bedroom, or at least cover the webcam’s camera when not in use. But what is unusual is for the person arrested in connection with a spree of webcam hacks to be female.
  • Machine Learning Technologies Make the Internet More Secure

    29 Apr 2015 | 7:22 am
    Asimov’s positronic brain may still be just literature for now, but artificial intelligence is already making the difference in computer security technologies. Bitdefender 2015, crowned ‘Product of the Year’ by leading independent testing organization AV-Comparatives, uses a ‘neural’ network of hundreds of millions of computers modelled after the human brain. We have yet to see caliber two artificial intelligence (Strong AI, or Human-Level AI) and caliber three artificial intelligence (or Artificial Superintelligence — much smarter than the human brain). Until then, we are…
  • Hackers steal $5 million from Ryanair’s bank account

    Graham Cluley
    29 Apr 2015 | 5:48 am
    All of us dread the prospect of having our personal bank accounts hacked. But imagine what it must be like for a company to have its business bank account plundered by hackers for millions of dollars? According to reports, controversial budget airline Ryanair has fallen victim to hackers who managed to steal €4.6 million (almost US $5 million) via a fraudulent electronic transfer to a Chinese bank last week. The Irish Times reports that Ryanair uses dollars to buy fuel for its fleet of Boeing 737 aircraft, and it is believed that these were the funds which the hackers were able to gain…
  • Cyber Criminals Arrested on Accusations of Stealing $15 Million from Banks

    Alexandra Gheorghe
    28 Apr 2015 | 6:48 am
    Romanian law enforcement arrested a cyber-criminal gang accused of stealing over $15 million from banks and financial institutions, according to news reports. The 25 men have allegedly been hacking banks and cloning payment cards stolen from Puerto Rico and Muscat (Oman). In 2013, hackers stole payment card data from large corporations, cloned the cards and used them to withdraw money from ATMs in various countries including the US, Belgium, Canada, Colombia, the Dominican Republic, Egypt, Estonia, Germany, Indonesia, Italy, Latvia, Malaysia, Mexico, Pakistan, Russia, Spain, Sri Lanka,…
  • Whizz Kids, Old Hands at RSA 2015 Examine the (In)Secure Future of the Internet of Everything

    Alexandra Gheorghe
    28 Apr 2015 | 12:58 am
    Tech enthusiasts, whizz kids and security veterans gathered in San Francisco last week for the annual RSA conference security event to discuss failures, successes and challenges of internet security. In case you missed the news, here’s a short overview of some of the memorable demos and ideas of this year’s event: Billy Rios, founder of security firm Laconicly, exploited a two-year-old vulnerability in a Vera smart-home automation device, which offered him total access to the device’s network and all computers attached to it. “Contactless payment systems are not fraud proof,” said…
  • add this feed to my.Alltop

    Video Surveillance Blog

  • Introduction to Port Forwarding: Step Three

    30 Apr 2015 | 4:28 pm
    This is the last of three posts that will walk you throught the process of setting up port forwarding with Milestone software. Go back to Step One. Go back to Step Two. To access your router, enter the IP address into your web browser of choice. If you do not know the IP address you can find it by opening your start menu and searching for "cmd" to open the command prompt menu. Once the command prompt opens, enter the command "ipconfig" and hit enter. The information for your router will be listed under Default Gateway. Now that you have your IP address, enter it into your preferred web…
  • Introduction to Port Forwarding: Step Two

    30 Apr 2015 | 4:24 pm
    This is the second of three posts that will walk you throught the process of setting up port forwarding with Milestone software. Go back to Step One. Go to Step Three. To check on your mobile devices, you will need to open the Windows System Tray located in the bottom right-hand corner of your screen. Right click on the icon highlighted here: This will open a new menu. Click on the Show/Edit Port Numbers option. By default the port numbers will be 80801 (port) and 80802 (secured port). If this is correct, click OK and continue to the next step. If not, change them to the correct port numbers.
  • Introduction to Port Forwarding: Step One

    30 Apr 2015 | 4:15 pm
    This is the first of three posts that will walk you throught the process of setting up port forwarding with Milestone software. Go to Step Two. Go to Step Three. First, open your Milestone Management Client. Once it is open, click on the Server Access menu on the left-hand side of the screen. This will open a new menu. The first field is in this menu is Sever Name. This can be anything you want--if you choose to leave it as Server, this will not impact your remote access. The second field is Location Port. By default this is 80, and we strongly recommend leaving this at port 80. The third…
  • Do You Need a Vandal-Proof Camera?

    30 Apr 2015 | 3:53 pm
    When shopping for a new or updated video surveillance system, it's important to consider whether or not vandal-proof (also referred to as a "vandal resistant") security cameras will benefit your installation. features a broad range of vandal-proof surveillance cameras outfitted with exceptionally heavy-duty enclosures to withstand physical mistreatment such as blows from objects. If your surveillance application is susceptible to vandalism or other damage, then we recommend investing in a vandal-proof system. Here are three preemptive measures you can take if you haven't…
  • Check out our new Role Pages!

    30 Apr 2015 | 3:52 pm has worked with industry professionals of all backgrounds, including but not limited to facility managers, IT supervisors, small business owners, and Security Directors, among other professions. We're pleased to announce that we now feature Solutions by Role pages on our website to provide professionals with specific information on security regarding their day-to-day roles. Our veteran security integrators can deliver a custom video surveillance solution for your application and create an overall safer facility for your employees or members. See our <a…
  • add this feed to my.Alltop

    Tiro Security

  • Target to pay $20M to MasterCard over hack

    16 Apr 2015 | 5:50 pm
    One of 2013’s most publicized security breaches was the renowned Target hack. Now two years later, the multibillion dollar giant is reported to pay as much as $20 million to banks issuing MasterCard over costs from the incident.
  • Tiro Security founder to present at Content Protection Summit

    5 Dec 2014 | 3:30 pm
    In the last year, and specifically the last couple of weeks, a few high profile events have thrust content protection into the spotlight. Media & Entertainment Services Alliance (MESA) and Content Delivery Security Association (CDSA) will produce the fifth annual Content Protection Summit at the W Hotel in Hollywood, California on Dec. 9.
  • State Department email system hacked, shut down

    17 Nov 2014 | 12:46 pm
    The State Department’s unclassified email system was recently compromised and has been temporarily shut down for security updates to repair damage from the suspected cyberattack.
  • Hackers scare Americans more than guns do, says recent survey

    24 Oct 2014 | 3:15 pm
    A study on what scares and worries Americans most revealed that both identity theft and internet safety prevail over the fear of “being the victim of a mass/random shooting.”
  • JP Morgan security breach affects 76 million homes, 7 million businesses

    3 Oct 2014 | 3:41 pm
    JP Morgan Chase confirmed that the information from 76 million households and 7 million businesses was compromised after a cyberattack over the summer. The largest bank in the US first announced the massive attack back in July, but only exposed the scale of the attack Thursday in an 8-K filing with the Securities and Exchange Commission.
  • add this feed to my.Alltop

    Seculert Blog on Breach Detection

  • New Dyre Version- Yet Another Malware Evading Sandboxes

    Aviv Raff
    30 Apr 2015 | 1:30 pm
    Last fall, we posted about the new tricks of the Tinba trojan. Now, the Dyre malware, another trojan has some new tricks of its own. The Dyre Wolf malware campaign made headlines in early April as a banking trojan that bypassed 2 factor authentication in order to steal over $1 million from corporate bank accounts. […] The post New Dyre Version- Yet Another Malware Evading Sandboxes appeared first on Seculert Blog on Breach Detection. [[Read more...]]
  • Your Cybersecurity Team, CFOs Now a Vital Member

    Liora R. Herman
    28 Apr 2015 | 5:15 am
    In a feature article for, Steve Durban, the managing director of Information Security Forum, is urging enterprises to ensure that their CFOs are a vital part of their cybersecurity team. Specifically, Durban, whose non-profit association focuses on investigating, clarifying, and resolving key issues in information security around the world, advises CFOs to play an […] The post Your Cybersecurity Team, CFOs Now a Vital Member appeared first on Seculert Blog on Breach Detection. [[Read more...]]
  • Perimeter Security Defenses: A Technical Review

    Aviv Raff
    21 Apr 2015 | 7:43 am
    As my colleague and co-founder, Dudi Matot, noted in his Perimeter Security Defense: Time to “Think Different”? post last week, we’ve just finished a very interesting piece of Big Data research focused on the behavior of the malware that has succeeded in infecting our customer’s networks. Just to set a little context, all of Seculert’s […] The post Perimeter Security Defenses: A Technical Review appeared first on Seculert Blog on Breach Detection. [[Read more...]]
  • Perimeter Security Defense: Time to “Think Different”?

    Dudi Matot
    17 Apr 2015 | 6:26 am
    It was almost exactly ten years ago that U.S. Counter Terrorism Advisor Richard Clarke stood before the Congressional committee investigating the 9/11 attacks and uttered the famous phrase, “Your government failed you. Those entrusted with protecting you failed you. And, I failed you.” It was a seminal moment in America’s processing of the tragedy of […] The post Perimeter Security Defense: Time to “Think Different”? appeared first on Seculert Blog on Breach Detection. [[Read more...]]
  • Cyber Security Skills Shortage Growing: Schools Rush to Fill Massive Gap

    Liora R. Herman
    2 Apr 2015 | 6:13 am
    As reported by The Tampa Tribune, colleges across Florida are racing to create the next generation of cyber security professionals who have the required knowledge to fight back against today’s increasingly sophisticated and well-funded bad actors. For example: The University of South Florida has launched the Florida Cybersecurity Center, which functions as a hub to […] The post Cyber Security Skills Shortage Growing: Schools Rush to Fill Massive Gap appeared first on Seculert Blog on Breach Detection. [[Read more...]]
  • add this feed to my.Alltop

    Managed File Transfer and Network Solutions

  • What Is A Cipher?

    John Carl Villanueva
    26 Apr 2015 | 7:56 pm
    Overview The strength of an encryption largely depends on two components: 1) the cipher and 2) the length of the key. We already discussed key lengths in an older post. So today, let's talk about the other component. 
  • How To Get Your Server To Email You When A User Updates His Information

    John Carl Villanueva
    24 Apr 2015 | 8:01 pm
    Overview As a system administrator, you might want to be notified when a user makes changes to his/her user account. In this post, we'll show you how to set up that kind of capability on JSCAPE MFT Server. 
  • How To Zip Old Files On Your File Transfer Server

    John Carl Villanueva
    22 Apr 2015 | 4:17 pm
    Overview In a previous post, we taught you how to automatically  delete old files from your file transfer server. That exercise could come in handy if you want to recover some free space from your disk drive. However, there can be instances when, instead of deleting aged files, archiving/zipping would be your desired course of action. This article can help you in that regard.
  • Monitoring Reverse Proxy Services

    John Carl Villanueva
    20 Apr 2015 | 6:00 am
    Overview When a node in your reverse proxy service cluster goes down, you might want to be notified right away. This will allow you to take immediate action and bring your cluster back into optimal condition before something else goes wrong. In JSCAPE MFT Gateway, you can get an email notification through its built in Health Monitor. If you want to learn more about this particular feature, read on.
  • An Overview of How Digital Certificates Work

    John Carl Villanueva
    14 Apr 2015 | 2:53 am
    In our previous post, we discussed what a digital certificate is. Today, we're going to give you an overview of the basic process involving the creation, signing, deployment, and use of digital certificates.  
  • add this feed to my.Alltop

    Radware Blog

  • Protecting Your Applications Everywhere – Are You in Good Hands?

    Shira Sagiv
    28 Apr 2015 | 7:39 am
    Cloud migration – one of the top trends this past year and predicted by many to be a top trend in 2015 – brings with it many benefits to the organization.  You can enjoy cost savings, scalability, flexibility, and productivity benefits for your organization, your customers and your partners.  Regardless of the industry they belong to, today’s enterprises are finding that the cost and speed advantages of cloud cannot be ignored.  But as is always the case, there are challenges – migration to the cloud means a more distributed network infrastructure.  As the traditional…
  • The Road to Cyber-Safety is Shifting to Hybrid Cloud WAF Protection

    Michael Groskop
    20 Apr 2015 | 4:27 am
    Hybrid Cloud WAF is the answer.  Now what was the question? Let’s back up a minute.  There is an ancient riddle which goes something like this: You are walking down a path and come upon a fork in the road. One side is the good path and the other side is the bad path. However, you don’t know which one is which and both paths are guarded by identical twins. One guard tells the truth and the other, always tells lies. If you want to take the good path, what should you ask the guards? You would ask "which path would your brother go?" Then, take the path opposite from where they…
  • Cyber-Security Concerns to Know Before You Sign On

    David Monahan
    16 Apr 2015 | 7:07 am
    David Monahan is Research Director for Enterprise Management Associates (EMA) and is a featured guest blogger. Any of us who use the Internet with regularity enjoy the benefits of Federated Identity Management (FIM) and Single Sign-On (SSO) without much thought. Because of these technologies, we are able to move between our favorite blog site, news center, or social media site (Twitter, Facebook, LinkedIn, etc.) without having to struggle for log in information. FIM is the organizational and contractual arrangement that separate entities use to allow shared or in-common users to leverage a…
  • What’s the Relationship Between Security and SDN Deployment?

    Jim Metzler
    10 Apr 2015 | 7:53 am
    A couple of years ago the discussion of SDN focused primarily on the fact that SDN separated the network control function from the network forwarding function and that separation of functions might require the introduction of new protocols such as OpenFlow. More recently there has been a lot of discussion about the value of an overlay SDN model vs. an underlay SDN model and the role of specialized hardware in either model. All of these discussions are important and they all are focused on key architectural characteristics of SDN. In my experience architectural discussions begin very early in…
  • The Rise of Hybrid — The New DDoS Protection Model [WEBINAR]

    Carl Herberger
    6 Apr 2015 | 9:43 am
    What is something nearly everyone needs, something nearly everyone asks for, something everyone provides, but also something nearly no one takes? Answer:  Advice. If you have spent considerable time wondering what to do about the evolving DDoS threat, you are not alone.  The threat has become a bona fide menace and protecting a business, its information, and its network is no longer just the responsibility of an IT technician.  These threats and the damage they can inflict are real and I’m offering my experience and advice in a new DDoS Webinar hosted by Infonetics. Join us on April…
  • add this feed to my.Alltop

    pfSense Setup HQ

  • BREAKING NEWS: pfSense 2.2.2 Released

    15 Apr 2015 | 2:25 pm
    pfSense 2.2.2 has been release, containing 2 low-risk security updates. I will update the links on the downloads page ASAP. You can read all about the newest version at the official pfSense blog. The page also has links to the download mirrors, although it’s easier to update pfSense from within the web GUI. The post BREAKING NEWS: pfSense 2.2.2 Released appeared first on pfSense Setup HQ.
  • Siproxd: Part One

    23 Jan 2015 | 4:00 pm
    Siproxd is a proxy/masquerading daemon for the SIP protocol. It handles registrations of SIP clients on a private IP network and performs rewriting of the SIP message bodies to make SIP connections work via a masquerading firewall (NAT). It allows SIP software clients or SIP hardware clients to work behind an IP masquerading firewall or NAT router. SIP, or Session Initiation Protocol, is a standardized set of formats for communicating messages used to initiate, control, and terminate interactive Unicast or Multicast user sessions with multimedia services such as Internet telephone calls,…
  • Reader’s Mailbag: 1-7-2015

    7 Jan 2015 | 4:00 am
    I received an e-mail from a reader stating that even though he had an internet connection, he could not access the internet through his pfSense firewall. It occurred to me that there might be several reasons why this might be the case: pfSense’s WAN interface isn’t connected to the uplink/modem. The local network isn’t connected to pfSense’s LAN interface. The WAN and LAN interfaces are set up correctly, but there may be another configuration issue (e.g., traffic between the WAN and LAN is blocked). I am assuming the user’s setup (when functioning) looks…
  • Nagios Installation and Configuration: Part Two

    9 Dec 2014 | 2:00 pm
    In the previous article, we introduced Nagios and began covering installation. In this article, we will continue our look at Nagios, covering configuration and installation of plugins. Nagios Configuration Now that Nagios has been installed, it’s time to configure it. Sample configuration files have been installed in the /usr/local/nagios/etc directory. For the most part, the settings in the sample files should work fine for getting started with Nagios. You should, however change the e-mail address associated with the nagiosadmin contact definition to the address you’d like to use…
  • Nagios Installation and Configuration: Part One

    26 Nov 2014 | 2:00 pm
    Nagios is an open source computer system monitoring, network monitoring and infrastructure monitoring software application. It enables organizations to identify and resolve IT infrastructure problems before they affect critical business processes, and offers monitoring and alerting services. It alerts the users when things go wrong, and alerts them a second time when the problem has been resolved. Nagios was originally designed to run under Linux, but it also runs well on other Unix variants. It is licensed under the terms of the GNU GPL version 2. It was originally created under the name…
  • add this feed to my.Alltop

    Milton Security

  • Remote Code Execution Flaw Found in Paypal’s Web Server

    Milton Security Group
    28 Apr 2015 | 2:30 pm
    A remote code execution vulnerability found in a Paypal web server has been labeled critical. The flaw was discovered by Milan A Solanki, independent researcher and author at  He discovered the flaw in the Java Debug Wire Protocol of the web server.  The vulnerability allowed attackers to inject and execute code in order to compromise the web server. JDWP is used to communicate between a debugger and the Java virtual machine.  JDWP does not use authentication, which leaves it open to attack. Solanki used a JDWP-shellifier tool from Github to scan…
  • WordPress Double Zero-Day!

    Milton Security Group
    27 Apr 2015 | 10:10 am
    WordPress has been hit with two zero-day vulnerabilities. Zero-Day #1: Juoko Pynnonen, a researcher at Finnish company, Klikki Oy, revealed the flaw yesterday.  It allows an attacker to inject JavaScript in to the WordPress comment field.  If the comment is at least 66,000 characters long, the flaw will be triggered when the comment is viewed. “If triggered by an administrator, this leads to server-side code execution under default settings,” according to Pyonnonen. “A usable comment form is required. It looks like the script is not executed in the admin Dashboard, but only when…
  • Bad Config Takes Starbucks Down

    Milton Security Group
    24 Apr 2015 | 9:39 pm
    Have a little trouble getting your caffeine fix this evening? Apparently, a bad Point of Sales system configuration was pushed out to all U.S. Starbucks, causing a nationwide shut down. Starbucks across North America (Canadian stores are rumored to have shut down as well) suddenly found that their systems were no longer working Friday evening. They were forced to give out free drinks to those who had already ordered them (Lucky!). Once it became apparent that the problem would not be a quick fix, all stores were immediately closed. Twitter is swirling with rumors that Starbucks may not even…
  • New Zero Day Vulnerability in iOS8

    Milton Security Group
    22 Apr 2015 | 9:40 am
    A new flaw has been discovered in iOS 8 that allows an attacker to crash your mobile devices over and over again. The flaw, dubbed “No iPS Zone”, allows a malicious hotspot to launch a DDoS(Distributed Denial of Service) attack, causing a device running iOS 8 to crash over and over again, making the device completely unusable. The flaw, described as a an SSL certificate parsing vulnerability, can be exploited even if you do not connect to wifi. ““Anyone can take any router and create a WiFi hotspot that forces you to connect to their network, and then manipulate the traffic to cause…
  • New Sandbox Attack Can Affect 8 Out of 10 Computers

    Milton Security Group
    20 Apr 2015 | 10:55 am
    There is a new attack out that can easily hack 8 out of 10 computers. It is as simple as a compromised website and a browser. The only requirements are an Intel microprocessor and a current web browser that uses HTML5(Hence, 8/10 computers). The attack is a side channel attack which uses Java and reads your browser’s cache. The scary part is that this attack doesn’t steal passwords or data but records data such as keystrokes and mouse movements or network traffic such as going to a new webpage on a new tab, and sends it off to the web server hosting the web page. Cornell…
  • add this feed to my.Alltop

    Cyberoam : Securing You

  • Vulnerability in Microsoft HTTP.sys can lead to Remote Code Execution

    Cyberoam Threat Research Labs
    17 Apr 2015 | 5:22 am
    A remote code execution vulnerability has been found in Microsoft HTTP.sys. The vulnerability is due to an issue with the processing of HTTP messages in the HTTP protocol stack. A remote unauthenticated user could exploit this vulnerability by sending a specially crafted HTTP request to a vulnerable server. At present, the vulnerability affects MS Windows 8.1, MS Windows 8, MS Windows 7, MS Windows Server 2012 R2 and MS Windows Server 2012. Microsoft has released an advisory regarding this vulnerability: CVE ID CVE-2015-1635 CVSS Scoring CVSS Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVSS…
  • Credential Harvester Banking Trojan – Vawtrak aka NeverQuest

    Anurag Singh
    8 Apr 2015 | 9:53 pm
    According to reports, Vawktrak is infecting banking, gaming and social network users mainly across United Kingdom, the United States, Germany, Australia, New Zealand, and many other countries across Europe are also affected. Rated amongst the most dangerous of all banking Trojans, Vawtrak aka NeverQuest has this time hit the Internet Security radar in form of a new improved variant which is capable of sending and receiving data using encrypted favicons over Dark Web of Tor Network. Once executed on a host system, it can disable antivirus and inject custom code in banking web-pages so that it…
  • Dissecting Upatre Malware

    Cyberoam Threat Research Labs
    6 Apr 2015 | 4:51 am
    Background Trojan Upatre, also known as Trojan Downloader:Win32 Upatre (Microsoft), helps downloading other piece of malicious software from already hardcoded destination within Malware file. However, Upatre from the time of its first discovery has evolved through encrypting code within binary, which hides source of other malicious file. On successful infection, Upatre is known to download malicious files known as Zeus, Rovnix VBR, Banking Trojan and other files that exploit known vulnerabilities. Technical Description The piece of malware dump was received as an attachment to spam mail…
  • OpenSSL plagued by multiple Vulnerabilities

    Cyberoam Threat Research Labs
    2 Apr 2015 | 1:05 am
    CVE-2015-0286 A denial of service vulnerability has been found in OpenSSL. The vulnerability is due to a null pointer dereference when an OpenSSL server application receives and processes a crafted client certificate. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted client certificate to a vulnerable server application that requests it. Successful exploitation will cause the server application to crash, resulting in a denial-of-service condition. Affected Software OpenSSL Project OpenSSL prior to 0.9.8zf OpenSSL Project OpenSSL prior to 1.0.0r OpenSSL…
  • Bar Mitzvah Attack Exploits Invariance Weakness of RC4 SSL/TLS Encryption Cipher

    Anurag Singh
    30 Mar 2015 | 11:46 pm
    One of the most popular SSL/TLS encryption cipher RC4 (Rivest Cipher) has recently come under increased scrutiny with a vulnerability coming to light. This vulnerability is supposed to have remained hidden since last 13 years. Although, simple to execute, the protocol has been known to show some weaknesses about which researchers have been talking for years, but this is the first time when a researcher has actually demonstrated that it is possible to launch plaintext recovery attacks allowing the attacker to extract partial data from RC4 encryption protected communications. This weakness is…
  • add this feed to my.Alltop

    Cognoscape, LLC

  • How Technology Makes For Safe Smartguns

    23 Apr 2015 | 2:00 am
    There is a great divide when it comes to guns. After the devastating Newtown massacre that left 20 elementary students dead, the debate over gun control became heated, with a call for more safety. Gun enthusiasts argue that firearms are safe when the owner is properly trained, while those opposed feel we need stricter laws. Whether you’re anti-gun or a card carrying member of the NRA, there is one thing everyone can agree on: guns in the wrong hands make them exponentially more dangerous. It could be a child or criminal that makes the gun turn even more deadly because of lack of…
  • 10 Tips To Keep Your Data Safe From a Phishing Attack

    9 Apr 2015 | 9:10 am
    Any IT consultant will tell you, hackers keep finding new ways to steal our personal information. As technology becomes more advanced, these criminals have to find better ways to trick unsuspecting computer users into getting their passwords and other confidential information. “Phishing” has become an epidemic and it usually takes places in the form of pop-ups, spam, fraudulent emails and contacts through social media. Don’t become a victim of this scheme and read our 10 tips to keep your data safe from a phishing attack.   1. Recognize Suspicious Emails Phishing emails have…
  • 4 Critical Ways IT Support Improves Your Business

    19 Mar 2015 | 12:39 pm
    If you’re afraid that IT support is going to be more costly for your business than without it, think again. The ways that companies do business with one another continuously changes as technology rapidly advances. In order to keep up, you need to be up to date with your servers, computers, phone systems, Internet connection and mobile devices. IT support from a company like Cognoscape with their CognoCare services will benefit your business by taking the burden off of in-house tech “experts” so you can focus on making a profit. To understand the benefits better, here are 4 critical…
  • 5 Critical Technologies To Keep Your Business Running During the Zombie Apocalypse

    4 Mar 2015 | 7:03 am
    It’s no secret that zombies have taken over the entertainment world in the past few years, thanks to The Walking Dead. You don’t have to be a fan of the show to appreciate zombies, since they have been a fascination of humans since the B.C. era. The question is: when the apocalypse happens, will you be ready? Everyone will be running for food and water, but how will you protect your business from the invasion of these flesh-eating monsters? Here are 5 critical technologies your business needs to stay afloat during the zombie apocalypse.   Cloud Storage Storing your…
  • Welcome To Our New Website

    19 Feb 2015 | 10:09 am
    We’re pleased to announce our new and improved website! We’ve been working hard to make sure that we’ve made the necessary adjustments to make this a more aesthetically pleasing and user-friendly version of our website. Since the announcement of our original site, several things have changed, and we’ve learned that our presentation and documentation needed a little updating, so we’ve spent significant time improving our site with more modern tools and principles in mind. Aside from the beautiful, new layout, we’ve also implemented a more modern and user-friendly design that’s…
  • add this feed to my.Alltop


  • Connecting Visual Basic .NET to MySql Database

    28 Apr 2015 | 3:19 am
    Today we will be discussing on how to connect from our visual basic environment to MySql Database on an online server. there are some steps needed to be perform before you can start the connection you have to download MySql Connector/Net and add the following Reference   Sometimes MySql for somehow is not listed under… Read More »The post Connecting Visual Basic .NET to MySql Database appeared first on TutorialsLodge.
  • Creating Your First Server Farm

    Uche Gozie
    24 Apr 2015 | 6:22 am
    Here is an exciting series of a new article from tutorialslodge. I’ll be showing you from the scratch, how we can create a server farm. As with any new creation, the first step would be planning. I believe you wouldn’t mistake a server farm for a piece of land where servers are cultivated therefore I… Read More »The post Creating Your First Server Farm appeared first on TutorialsLodge.
  • Access Control Models – Understand Your Access Level

    Uche Gozie
    22 Apr 2015 | 4:12 am
    Access control is security mechanism used to implement authorization. Access control is the process by which user resources and services are granted or denied to users. It must be combined with authentication which is identity proving to be effective as a security measure. What are Access Control Models An access control model is an idea… Read More »The post Access Control Models – Understand Your Access Level appeared first on TutorialsLodge.
  • Creating Domain User Accounts

    Uche Gozie
    20 Apr 2015 | 1:14 pm
    In my last article I explained in steps how we could create passwords for domain accounts. Every corporate organization with networked systems would want to share its resources on the network with new and existing staff. Therefore new domain user accounts must be created. But How Does This Look Like? Well, the staff would be… Read More »The post Creating Domain User Accounts appeared first on TutorialsLodge.
  • Simple Phone Book Application1

    17 Apr 2015 | 3:56 am
    Welcome back guys , today we will be looking at creating a  simple phone book in visual basic.NET platform  to enable us save our contact even if we lost our SIM cards and Phones we will be doing more of practical aspect of it so relax and be ready to work . In creating a… Read More »The post Simple Phone Book Application1 appeared first on TutorialsLodge.
  • add this feed to my.Alltop

    Guardian Network Solutions

  • 3 Routines Businesses Need to Ensure a Healthy Computer Network

    Cody Blake
    1 May 2015 | 4:57 am
    Computers are a must to run any business successfully and when an organization has many employees, having a computer network will become very much essential. Not every company can afford to have an IT department. This is why most choose … Continue reading >>> The post 3 Routines Businesses Need to Ensure a Healthy Computer Network appeared first on Guardian Network Solutions.
  • 4 Things Businesses Learned from Cyber Threats of 2014

    Cody Blake
    19 Apr 2015 | 12:22 am
    Cyber-crimes, data privacy risks on clouds and BYOD threats at workplace have been the biggest cyber threats in the year 2014. Lots of companies and government organizations were faced with such threats and some even had to compromise the security … Continue reading >>> The post 4 Things Businesses Learned from Cyber Threats of 2014 appeared first on Guardian Network Solutions.
  • The State of Malware in 2015

    Cody Blake
    9 Apr 2015 | 10:39 am
    Cyber-attacks, advanced malware and breaches have been increasing over the last few years. Destructive threats similar to Crypto Locker and denial-of-service attacks made it difficult for cyber security professionals to maintain security in organizations. The malware situation is not going … Continue reading >>> The post The State of Malware in 2015 appeared first on Guardian Network Solutions.
  • 5 Critical Network Security Applications Businesses Need

    Cody Blake
    4 Apr 2015 | 12:56 pm
    Data is something that is important to every business. Any attack on the network of a business can lead to leakage of such data or misuse which could prove harmful to the business. With the kind of advancement that is … Continue reading >>> The post 5 Critical Network Security Applications Businesses Need appeared first on Guardian Network Solutions.
  • add this feed to my.Alltop

    Trend Micro Simply Security

  • This Week in Security News

    Gavin Donovan
    1 May 2015 | 5:00 am
    Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!   The Other Shoe Drops in White House Security Breach Last year’s breach of unclassified White House computer systems was far more intrusive than initially thought and included the theft of some presidential correspondence, The New…
  • What We Can Learn from the Adobe Class Action Lawsuit

    Bob Corson
    30 Apr 2015 | 2:43 pm
    This week, Adobe announced a settlement of a class action lawsuit that was filed against them as a result of a 2013 data breach. This followed a 2014 finding that Adobe’s conduct was a contributing factor to the damages sustained by the plaintiff; namely representatives of some of the three million credit or debit card holders. The potential for legal action is not limited to Adobe or the loss of credit card data. What we all need to consider is whether the conduct of your organization appears to be a key attribute in determining liabilities resulting from a data breach.  This is not to…
  • Where to Donate Your Old Smartphone…

    Richard Medugno
    30 Apr 2015 | 7:00 am
    …And What to Do Before You Get Rid of It It’s time to spring clean! If you’re like me, you hate to toss a piece of hardware into the garbage. Happily, over the past couple of decades the reuse-recycle-repurpose trend has taken hold and expanded in our society. There are many ways to avoid just tossing an old smartphone in the garbage to end up in a landfill. Recently, I became aware of a cool organization that is repurposing old smartphones in an incredibly great way. It’s a non-profit called Rainforest Connection and you can watch their promotional video on YouTube or their…
  • Best Security Practices for Microsoft Azure: Locking Down Your Environment

    Steve Neville
    29 Apr 2015 | 10:16 am
    As you probably know, moving your workloads to the cloud doesn’t mean you’re not responsible for the security of your operating system, applications and data. Building on the security of the Azure infrastructure, this shared security responsibility starts with making sure your Azure environment is secure. As the first in a series of posts on Azure best practices, we will walk step-by-step through what you need to do to secure access at the administrative, application and network layers. In a follow-up post, we’ll talk about the next steps to ensure the security of your…
  • Privacy and Security: Why US Consumers Feel Overwhelmed in a Connected World

    Jon Clay
    29 Apr 2015 | 6:00 am
    US consumers are more connected today than they’ve ever been. A perfect storm of powerful smart devices, mobile applications, cloud-based communication services, super-fast wired and wireless networks and social media platforms has led us to this point. It has enriched our lives and made us more productive at work. But with all these gains comes the flip side: we increasingly worry whether our personal information is secure from data theft and loss, and we are concerned that our right to keep that data private may have been eroded. As a leader in security and privacy for more than 26…
  • add this feed to my.Alltop

    Effect Hacking

  • MySQL Flaw Allows Hackers To Steal Data, Even In Secure Connections

    Gokul G
    3 May 2015 | 5:07 am
    Security researcher Adam Goodman has found a critical flaw in Oracle MySQL 5.7.2 and lower that allows an attacker to act as proxy between client and server (Man-In-the-Middle-Attack) to steal information in plain text, even in secure connections. <!-- adsense --> Flaw: While MySQL servers can be configured to require an encrypted connection, there is no option to enforce the same on
  • EllisLab Servers Hacked

    Gokul G
    2 May 2015 | 4:25 am
    Hackers gained unauthorised access to EllisLab servers and may have obtained personal information relating to members registered at, according to the latest blog post from the developer of professional content management system ExpressionEngine. <!-- adsense --> Hackers somehow managed to steal a super administrator’s credentials and then uploaded a common PHP backdoor
  • Hacker Bypassed Google's Password Alert Extension

    Gokul G
    1 May 2015 | 5:10 am
    Just hours after Google released it's password alert extension, a hacker came up with a simple exploit that bypasses it. <!-- adsense --> Researcher Paul Moore demonstrated it with a webpage that looks like Google login page, which contains the following additional code: <!-- BYPASS GOOGLE'S PASSWORD ALERT "PROTECTION" --> <script type="text/javascript"> setInterval(function() {
  • dSploit - Android App For Hackers

    Gokul G
    30 Apr 2015 | 1:49 am
    dSploit is a penetration testing suite developed by Simone Margaritelli for the Android operating system. It consists of several modules that are capable to perform network security assessments on wireless networks. It allows you to perform tasks such as, network mapping, vulnerability scanning, password cracking, Man-In-The-Middle attacks and many more. Requirements ? Your android
  • China's Great Firewall Hijacking Facebook Connect

    Gokul G
    29 Apr 2015 | 2:08 am
    China's Great Firewall,  the system used by Chinese government to censor the internet is now being used to hijack Facebook login system (Facebook Connect) to DDoS target websites.  The Great Firewall is intercepting the JavaScript code from any site that uses the Facebook Connect and re-directing the traffic to third-party websites. According to the reports from china, the Great Firewall
  • add this feed to my.Alltop

    Bishop Fox » Blog

  • Security Should Be Application-Specific

    Brenda Larcom
    27 Apr 2015 | 11:06 am
    I’m looking for the perfect pants. They’re brown. They’re sturdy. They’re business casual. They have many huge pockets, artfully arranged so that I don’t look like a pack rat even after I stash my stuff in them. They don’t cost a fortune. And of course, they fit me perfectly. I have never met these pants. But if I did, I certainly wouldn’t give them to my cousins, who wish for black leather and pajama jeans respectively, or my friend from college, who is into purple cargo pants, or my brother, who is a good five inches taller than I am, even though every one of these…
  • Vulnerable by Design: Understanding Server-Side Request Forgery

    Mike Brooks
    17 Apr 2015 | 11:55 pm
    Sometimes, walls get in the way, and when that happens, we need a door. A door needs a proper lock, or a security vulnerability may result. Server-side request forgery (SSRF) vulnerabilities can manifest in a number of ways, but usually it’s because a door was installed without a lock. The same-origin policy (SOP) is a wall every browser uses to keep users safe. If this wall didn’t exist, then while you are reading this blog post, JavaScript on this page would be allowed to interact with arbitrary domains. For example, malicious JavaScript could make a request to, and…
  • AirDroid: How Much Do Your Apps Know?

    Matt Bryant
    15 Apr 2015 | 6:00 am
    The AirDroid app for Android has surpassed 20 million downloads from the Google Play store and has received raving reviews from the likes of USA Today and Lifehacker. The app’s function is to help a user organize his or her life by providing the remote ability to send text messages, edit files, manage other apps, and even perform GPS tracking. Unfortunately, for all its accolades, AirDroid is vulnerable to a pretty serious authentication bug. This bug allows a remote attacker to essentially take over an otherwise unsuspecting victim’s phone. All an attacker needs to do is to send a…
  • Beyond Security Requirements: Secure Requirements

    Brenda Larcom
    17 Mar 2015 | 12:58 pm
    History shows that people are unlikely to develop or purchase secure software by accident. Back in the Dark Ages (think the 1990s), people built software and then tried to add security. This was rarely successful and frequently expensive. Progress, of a Sort As an industry, we’ve moved on to more efficient and more effective strategies, like building security in from the beginning. Developers talk to security folks earlier, and many projects identify security requirements before design completes. Progress, yes, but not as much as one would hope, because most of us are just bolting on…
  • Rethinking & Repackaging iOS Apps: Part 1

    Carl Livitt
    23 Feb 2015 | 4:11 pm
    In October 2014, Jonathan Zdziarksi (“JZ”) wrote a blog post about a little-known feature of the iOS app ecosystem: it’s possible to patch App Store apps and redeploy them on to non-jailbroken devices. (You should probably read his post before reading this one.) This is the first installment of a two-part series in which we will build on JZ’s work to present a more flexible, powerful means of modifying App Store apps on jailed iOS devices. To play along, you will need an Apple iOS account. iOS Tools on Jailbroken Devices We’re used to using our favorite tools like CydiaSubstrate and…
Log in