Latest Blog Posts


The Dilemma of PCI Scoping – Part 2

August 06, 2014 Added by:PCI Guru

Today’s integrated and connected world just does not lend itself to an isolationist approach due to the volume of information involved, business efficiencies lost and/or the operational costs such an approach incurs.

Comments  (0)


Retail POS System Compromised Through Video Security System

August 06, 2014 Added by:Dan Dieterle

Recently I was talking with a Retail Point of Sale (POS) software expert and was told how a POS system was hacked by an attacker that had gained access to the network through a video security system.

Comments  (0)


Infosec Monogamy

August 05, 2014 Added by:Dave Shackleford

As someone who consults in large organizations, as well as runs training classes for infosec, I’ve long pondered what the right mix is to help people gain the broadest, most applicable knowledge and experience in the shortest amount of time.

Comments  (0)


Back to BlackBerry: Frustrated Mobile Users Reject BYOD for the Former Market Leader

August 05, 2014 Added by:Patrick Oliver Graf

Thanks to what some say are restrictive Bring-Your-Own-Device (BYOD) and remote access policies, some mobile devices users in the corporate world are rebelling against BYOD – specifically, they don’t want their personal mobile devices to be controlled by their employer’s IT administrators.

Comments  (0)


The Science Behind DDoS Extortion

August 04, 2014 Added by:Dan Holden

Well-known names such as Evernote and Feedly have all fallen victim to extortion attacks, but these companies are just the tip of the iceberg when it comes to this very lucrative criminal activity.

Comments  (0)


Security is Action…Privacy is the Result of Action

August 04, 2014 Added by:Rebecca Herold

Information security and privacy have a lot of overlaps, but they ultimately involve different actions and different goals, and require those performing them to be able to take different perspectives.

Comments  (0)


Windows Meets Industrial Control Systems (ICS) Through HAVEX.RAT – It Spells Security Risks

July 31, 2014 Added by:Cyphort

Since the first report on Havex RAT’s involvement with Industrial Control Systems (ICS) emerged last month, ICS operators were reminded to what extent malware authors will go to intrude their systems.

Comments  (1)


Is it Cheaper to Keep it? Reevaluating Your IAM Solutions

July 31, 2014 Added by:Identropy

The most difficult hurdle to get over can be coming to terms with the fact that the selected solution is not delivering the expected value and deciding to move forward in search of a new solution.

Comments  (0)


Facebook “Enter Details Here to Enable Your Account”

July 30, 2014 Added by:Malwarebytes

Here’s one in-the-wild phishing campaign that we spotted homing in on users.

Comments  (0)


Real Hacks of Critical Infrastructure are Occurring – Information Sharing is Not Working

July 30, 2014 Added by:Joe Weiss

My database of actual ICS cyber incidents is >350 and growing. I certainly hope people wake up before it is too late.

Comments  (0)


Multipath TCP - Black Hat Briefings Teaser

July 29, 2014 Added by:Neohapsis

Multipath TCP: Breaking Today’s networks with Tomorrow’s Protocols. is being presented at Blackhat USA this year by Me (Catherine Pearce @secvalve) as well as Patrick Thomas @coffeetocode. Here is a bit of a tease, it’s a couple of weeks out yet, but we’re really looking forward to it.

Comments  (1)


Ad Hoc Security's Surprisingly Negative Residual Effect

July 29, 2014 Added by:Rafal Los

Security is fraught with the ad-hoc approach. Some would argue that the very nature of what we do in the Information Security industry necessitates a level of ad-hoc-ness and that to try and get away from it entirely is foolish.

Comments  (0)


"Fake ID" Android Vulnerability in Lets Malicious Apps Impersonate Trusted Apps

July 29, 2014 Added by:InfosecIsland News

A serious vulnerability exists in the Android operating system, which could allow malicious apps to impersonate well-known trusted apps such as Google Wallet.

Comments  (1)


Connecting Bellwether Metrics to the Business

July 28, 2014 Added by:Tripwire Inc

Benchmark facilitates organizations who want to define and track their own Bellwether metrics—comparing only with their own internal goals and trends.

Comments  (0)


The Dilemma of PCI Scoping - Part 1

July 28, 2014 Added by:PCI Guru

Based on the email comments of late, there are apparently a lot of you out there that really do not like the Open PCI Scoping Toolkit.

Comments  (0)


Cyphort Detects Surge in Ad Network Infections, a.k.a. “Malvertising”

July 24, 2014 Added by:Ali Golshan

We recently noticed a surge where exploit packs are served from DMO (Destination Marketing Organization) websites using an Ad network called during the July 4th long weekend.

Comments  (2)

« First < Previous | 1 - 2 - 3 - 4 - 5 | Next > Last »