Latest Blog Posts
October 09, 2014 Added by:Patrick Oliver Graf
For the last 30 years, a common line of code found in a piece of software has quietly been a dormant security vulnerability – but now, news of the exploit has gone public, sending the network security community into reaction mode.
October 09, 2014 Added by:Prateep Bandharangshi
The two primary reasons that legacy Java security risks persist are cost of mitigation and operational impacts.
October 08, 2014 Added by:Joe Weiss
I have a great concern about many people in nuclear (and other) industries only focusing on malicious cyber attacks to the exclusion of unintentional cyber incidents.
October 08, 2014 Added by:Mike Lennon
We are happy to unveil the Interactive Agenda for the 2014 ICS Cyber Security Conference! After a sell-out conference in 2013, be sure to Register Now and confirm your spot for this year’s event!
October 07, 2014 Added by:Cyphort
Nowadays, as half of newly issued computers in the enterprise are Macs, OSX malware is also becoming more prevalent.
October 07, 2014 Added by:Tripwire Inc
All we should hear from security professionals is glee as their well-oiled machines switch into gear and they get to prove that they are able to operate at times when mere mortals quake in fear. For many though this is not the reality.
October 06, 2014 Added by:Anton Chuvakin
Do not make your security architecture solely reliant on patching. Big vulnerabilities will happen and so will zero-days, so make sure that your entire security architecture does not crumble if there is one critical vulnerability: do defense in depth, layers, “least privilege”, controls not reliant on updates, monitoring, deception, etc.
Unintentional ICS Cyber Incidents Have Had Significant Impacts on Nuclear Plants – Why Aren’t they Being Addressed?
October 02, 2014 Added by:Joe Weiss
The NIST definition of a cyber incident as defined in FIPS PUB 200, Minimum Security Requirements for Federal Information and Information System, is electronic communications between systems or systems and people that impacts Confidentiality, Integrity, and/or Availability. The incident doesn’t have to bemalicious or targeted to be a cyber incident
October 02, 2014 Added by:Malwarebytes
No malware author wants an analyst snooping around their code, so they employ tricks to inhibit analysis.
October 02, 2014 Added by:Patrick Oliver Graf
The world of IT is going through the same transition, away from the traditional support of “marathoning” to meet goals.
October 01, 2014 Added by:PCI Guru
Organizations are finally realizing that the only way they are ever going to feel secure is to embed security controls in their everyday business processes and make sure that they periodically assess that those controls are working.
October 01, 2014 Added by:Dan Dieterle
As hardware and software manufacturers make public statements about hardening and protecting their services in the name of customer privacy, federal agencies speak out against it – let the smoke and mirrors game begin…
October 01, 2014 Added by:Rafal Los
On a recent call, one of the smartest technical folks I can name said something that made me reach for a notepad, to take the idea down for further development later. He was talking about why some of the systems enterprises believe are secure really aren't, even if they've managed to avoid some of the key issues.