Latest Blog Posts

7e364bbac217114a59e547b354e7f7ad

Components of Effective Vulnerability Management

June 19, 2011 Added by:Gary McCully

Vulnerability management is a continual process that monitors the effectiveness and the efficiency of your organization’s ability to mitigate vulnerabilities. Without a Vulnerability Management Program, you and your security program could be blindly walking off the edge of a cliff...

Comments  (0)

7c5c876d1933023ac375eead04302e1a

Attackers Love Your Organization's HR Department

June 19, 2011 Added by:Boris Sverdlik

Companies use every available resource in their recruiting. They hire third party recruiters, post job listings on LinkedIn, Dice, Monster and numerous other places. While this will bring in a plethora of qualified candidates, it also provides attackers a wealth of information...

Comments  (9)

Ebb72d4bfba370aecb29bc7519c9dac2

Algorithmic SIEM “Correlation” Is Back?

June 18, 2011 Added by:Anton Chuvakin

One of the ways out of ill-fitting default rules is in use of event scoring algorithms and other ruleless methods. While not without known limitations, can be extremely useful in environments where correlation rule tuning is not likely to happen, no matter how many times we say it should...

Comments  (0)

99edc1997453f90eb5ac1430fd9a7c61

Cynical Security Cliches

June 17, 2011 Added by:Javvad Malik

Auditors are always trying to pin something on security departments. They’ll doggedly pursue every lead, using their statement of work as an all-access pass to the security procedures. Worse, the cynic can even find himself becoming a chief suspect in his own investigation...

Comments  (1)

59d9b46aa00c70238bb89056cfeb96c0

A Values-Based Approach to Your Compliance Program

June 17, 2011 Added by:Thomas Fox

Moving from a rules-based compliance training to an ethics-based approach, there are three general areas where a company can change its approach in a manner to encourage employees to behave ethically, they are The Code; Ethics Training; and You Make the Call...

Comments  (0)

37d5f81e2277051bc17116221040d51c

Get Digitally Secure Before it’s Mandatory

June 17, 2011 Added by:Robert Siciliano

It is possible to secure systems against most cybercrime but that level of security often proves too inconvenient for consumers. As long as banks continue absorbing losses from fraud, consumers remain blissfully ignorant of the consequences of inadequate security...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Richard Clarke: China's Cyberassault on America

June 17, 2011 Added by:Headlines

"What would we do if we discovered that Chinese explosives had been laid throughout our national electrical system? The public would demand a response. If, however, the explosive is a digital bomb that could do even more damage, our response is apparently muted—especially from our government..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

SMBs Face Growing threat from Mass Meshing Attacks

June 17, 2011 Added by:Headlines

"Because they can do it at such a precise level, when they attack they don't just inject a single malicious script like in mass SQL injections. They inject a backdoor, which allows them total control of all the files on the website..."

Comments  (0)

A6f6ba95b73de19f947cf4eceecb2bed

Introducing WPScan – A WordPress Security Scanner

June 16, 2011 Added by:Ryan Dewhurst

WPScan is a black box WordPress Security Scanner written in Ruby which attempts to find known security weaknesses in WordPress installations. Its intended use is for security professionals or WordPress administrators, and the code base is Open Source and licensed under GPLv3...

Comments  (1)

0dc5fdbc98f80f9aaf2b43b8bc795ea8

Cloud Computing, Security, and You

June 16, 2011 Added by:Global Knowledge

There are many benefits of cloud computing, yet cloud computing also brings significant security concerns when moving critical applications and sensitive data to public and shared cloud environments. Here are five things to keep in mind when considering cloud based services...

Comments  (0)

314f19f082e69886c20e31c70fe6dceb

Advanced Evasion Techniques

June 16, 2011 Added by:Rod MacPherson

Evasion techniques are not attacks on their own, but rather a sneaky way to get whatever attack you want to use past the network monitoring and policing systems to the target host. It's not about the bad-guy asking "How can I hack in?", but "How can I hack in without being seen?"

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Citigroup Reveals More Compromised Client Accounts

June 16, 2011 Added by:Headlines

"The customers' account information (name, account number and contact information, including email address) was viewed. However, data that is critical to commit fraud was not compromised: the customers' social security number, date of birth, card expiration date and card security code..."

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Years of Security Neglect - Solved in 24 Hours of Panic?

June 16, 2011 Added by:Rafal Los

It's been uncovered that your company is the next target of a hacktivist organization. Then panic sets in as everyone realizes the network that's been neglected for the last decade is responsible for 75% of your business revenue, and will likely be the front line of attack...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Fed CIO Vivek Kundra Leaves White House for Harvard

June 16, 2011 Added by:Headlines

"We are planning for a smooth transition, continuing these remarkable gains in changing the way the federal government manages IT and Vivek’s impact on cutting waste and making government work better for the American people will continue to be felt well beyond his departure..."

Comments  (0)

10e258c8d23d441b915c1b2333b6996a

HIPAA-HITECH Compliance: Two Free Webinars

June 16, 2011 Added by:Jack Anderson

We have scheduled two new free webinars on HIPAA HITECH for Smarties. These webinars feature a presentation by Rebecca Herold,CIPP, CISSP, CISA, CISM, FLMI, recently voted the 3rd best privacy advisor in the world, in competition with large law firms and consulting practices...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

LulzSec Attacks CIA Website, Taunts The Jester

June 16, 2011 Added by:Headlines

The hacker collective known as LulzSec conducted a successful attack against a public-facing website of the CIA on Wednesday. The DDoS attack, which caused periodic outages, was announced with a Twitter message from the group stating, "Tango down - cia.gov - for the lulz..."

Comments  (0)


« First < Previous | 290 - 291 - 292 - 293 - 294 | Next > Last »