Latest Blog Posts

Fc152e73692bc3c934d248f639d9e963

The Dilemma of PCI Scoping - Part 3

August 11, 2014 Added by:PCI Guru

In part 2 we discussed the criticality of a risk assessment and started on implementing the framework with fixing monitoring and alerting so that we can properly manage the risk we will be accepting. In this part I will deal with Category 2 and 3 systems and how to manage their risk.

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

Google Boosts Secure Sites in Search Results

August 11, 2014 Added by:Electronic Frontier Foundation

In a bold and welcome move to protect users, Google announced on Wednesday that they have started prioritizing sites offering HTTPS (HTTP over TLS) in their page ranking algorithm.

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Why Your Enterprise Most Likely Doesn't Have a Zero-Day Problem

August 11, 2014 Added by:Rafal Los

It should by now be clear if you're a security professional that the average enterprise struggles with even the most basic security hygiene.

Comments  (0)

E595c1d49bf4a26f8e14ce59812af80e

Poor Communication Leads to Defeat on the Network Security Battlefield

August 11, 2014 Added by:Patrick Oliver Graf

During wartime, information can create just as much of an advantage for one side as the size of an army or the weapons they hold. That is, as long as this information is accurate, passed along to the right people and then acted upon quickly.

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

“Stop The Pain” Thinking vs the Use Case Thinking

August 07, 2014 Added by:Anton Chuvakin

As I’ve written many times, SIEM is a “force multiplier”, but this definition implies that you have something to multiply. If you have 0 capabilities, a purchase of a SIEM tool will still leave you at – you guessed it!—0.

Comments  (0)

201d6e4b7cd0350a1a9ef6e856e28341

Another Washington Think Tank Paper on Critical Infrastructure - Another Miss

August 07, 2014 Added by:Joe Weiss

As with the other papers, the paper chairs reflect the upper strata in political Washington. Unfortunately, like the other papers, there is a lack of control system expertise that has been applied even though I was told more than 200 people worked on the paper.

Comments  (0)

Ffc4103a877b409fd8d6da8f854f617e

Passwords Protection Steps to Take According to Symantec

August 07, 2014 Added by:InfosecIsland News

Symantec tips help consumers safeguard information in light of claims that a Russian cybercrime group is behind the largest known collection of stolen Internet credentials.

Comments  (1)

Fc152e73692bc3c934d248f639d9e963

The Dilemma of PCI Scoping – Part 2

August 06, 2014 Added by:PCI Guru

Today’s integrated and connected world just does not lend itself to an isolationist approach due to the volume of information involved, business efficiencies lost and/or the operational costs such an approach incurs.

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Retail POS System Compromised Through Video Security System

August 06, 2014 Added by:Dan Dieterle

Recently I was talking with a Retail Point of Sale (POS) software expert and was told how a POS system was hacked by an attacker that had gained access to the network through a video security system.

Comments  (0)

1b061b1cec6b5898e5326992d9461610

Infosec Monogamy

August 05, 2014 Added by:Dave Shackleford

As someone who consults in large organizations, as well as runs training classes for infosec, I’ve long pondered what the right mix is to help people gain the broadest, most applicable knowledge and experience in the shortest amount of time.

Comments  (0)

E595c1d49bf4a26f8e14ce59812af80e

Back to BlackBerry: Frustrated Mobile Users Reject BYOD for the Former Market Leader

August 05, 2014 Added by:Patrick Oliver Graf

Thanks to what some say are restrictive Bring-Your-Own-Device (BYOD) and remote access policies, some mobile devices users in the corporate world are rebelling against BYOD – specifically, they don’t want their personal mobile devices to be controlled by their employer’s IT administrators.

Comments  (0)

B146ded37e4d5e29224d7d0f33a0dc5e

The Science Behind DDoS Extortion

August 04, 2014 Added by:Dan Holden

Well-known names such as Evernote and Feedly have all fallen victim to extortion attacks, but these companies are just the tip of the iceberg when it comes to this very lucrative criminal activity.

Comments  (0)

65be44ae7088566069cc3bef454174a7

Security is Action…Privacy is the Result of Action

August 04, 2014 Added by:Rebecca Herold

Information security and privacy have a lot of overlaps, but they ultimately involve different actions and different goals, and require those performing them to be able to take different perspectives.

Comments  (0)

Default-avatar

Windows Meets Industrial Control Systems (ICS) Through HAVEX.RAT – It Spells Security Risks

July 31, 2014 Added by:Cyphort

Since the first report on Havex RAT’s involvement with Industrial Control Systems (ICS) emerged last month, ICS operators were reminded to what extent malware authors will go to intrude their systems.

Comments  (1)

B689dd1362bef7eb372a540d3b6e6287

Is it Cheaper to Keep it? Reevaluating Your IAM Solutions

July 31, 2014 Added by:Identropy

The most difficult hurdle to get over can be coming to terms with the fact that the selected solution is not delivering the expected value and deciding to move forward in search of a new solution.

Comments  (0)

C940e50f90b9e73f42045c05d49c6e17

Facebook “Enter Details Here to Enable Your Account”

July 30, 2014 Added by:Malwarebytes

Here’s one in-the-wild phishing campaign that we spotted homing in on users.

Comments  (0)


« First < Previous | 2 - 3 - 4 - 5 - 6 | Next > Last »