Latest Blog Posts

Ebb72d4bfba370aecb29bc7519c9dac2

Find Security That Oursources Badly!

September 29, 2014 Added by:Anton Chuvakin

In this post, I wanted to touch on a sensitive topic: what security capabilities outsource badly?

Comments  (1)

E595c1d49bf4a26f8e14ce59812af80e

Industry 4.0: Flexible Production Needs Secure Networking

September 29, 2014 Added by:Patrick Oliver Graf

When IT departments are not consulted, gaps in network security could appear.

Comments  (0)

Ffc4103a877b409fd8d6da8f854f617e

ICS Cyber Security Conference Agenda Updates

September 26, 2014 Added by:InfosecIsland News

The SecurityWeek Events Team is busy putting together the best ICS Cyber Security conference to date. As always, the conference will address real world problems and discuss actual ICS cyber incidents, many of which have never been told before.

Comments  (0)

Ffc4103a877b409fd8d6da8f854f617e

What We Know About Shellshock and Why the Bash Bug Matters

September 26, 2014 Added by:InfosecIsland News

Opinions vary wildly among experts as to the potential impact of the Shellshock vulnerability. What is known—and agreed upon—at this point, is that Shellshock is a very serious vulnerability because it allows remote code execution and gives the attacker full access to the system.

Comments  (0)

Ebe141392ea3ebf96ba918c780ea1ebe

Shock Treatment

September 25, 2014 Added by:Wendy Nather

As many are explaining, one of the biggest problems with this #shellshock vulnerability is that it's in part of the Unix and Linux operating systems -- which means it's everywhere, particularly in things that were built decades ago and in things that were never meant to be updated.

Comments  (0)

C940e50f90b9e73f42045c05d49c6e17

New Bash Bug Could Wreak Havoc on Linux and OS X Systems

September 25, 2014 Added by:Malwarebytes

It would have been hard to imagine anything as bad as the HeartBleed bug was going to happen but the recent discovery of a flaw in the popular bash command shell very well could be.

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Goodwill Payment Vendor Breached for 18 months Undetected – Are You Surprised?

September 24, 2014 Added by:Tripwire Inc

You may find this surprising… 18 months is a year and a half of attackers wandering around, looting sensitive data while remaining undetected.

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Computer Security is Your Own Responsibility

September 24, 2014 Added by:Brent Huston

The biggest part of computer security is just mundane, common sense stuff.

Comments  (0)

65be44ae7088566069cc3bef454174a7

If Compliance Isn’t Documented It Didn’t Happen

September 23, 2014 Added by:Rebecca Herold

Most of the 250+ organizations I’ve audited, and the hundreds of others I’ve had as clients, hate documentation. At least creating documentation. So, they don’t do it, or they do it very poorly. Or, they document things they don’t need to, and fail to document the important things.

Comments  (0)

Ebe141392ea3ebf96ba918c780ea1ebe

A Tenuous Grasp on Reality

September 23, 2014 Added by:Wendy Nather

One thing that has bothered me for years is the tendency for security recommendations to lean towards the hypothetical or the ideal. Yes, many of them are absolutely correct, and they make a lot of sense. However, they assume that you're starting with a blank slate.

Comments  (1)

F8e30e7b98452c80b7b3b258e6e2690f

Security and the Cloud: Closing the Gap as the Market Grows

September 22, 2014 Added by:John Hawkins

Many IT decision makers feel pressure to adopt the cloud for the sake of not being left behind. But moving to the cloud is usually easier said than done.

Comments  (0)

Default-avatar

Parallels Among the Three Most Notorious POS Malware Attacking U.S. Retailers

September 22, 2014 Added by:Cyphort

After the first major success of POS malware breaching Target Corporation in November 2013 occurred, the number of POS device infections in the wild skyrocketed.

Comments  (0)

766e428d1e232bbdd58664b41346196c

Poisoning the Well: Why Malvertising is an Enterprise Security Problem

September 18, 2014 Added by:Elias Manousos

While customers won’t know or care which ad network delivered a malicious ad, they will blame the organization that owns the website or placed the ad that attacked them.

Comments  (2)

Fc152e73692bc3c934d248f639d9e963

How Many Auditors Does It Take …

September 18, 2014 Added by:PCI Guru

The title of this post sounds like the start of one of those bad jokes involving the changing of light bulbs. But this is a serious issue for all organizations because, in today’s regulatory environment, it can be a free for all of audit after audit after assessment after assessment.

Comments  (1)

219bfe49c4e7e1a3760f307bfecb9954

A Fresh Approach to Building an Application Security Program

September 18, 2014 Added by:Rohit Sethi


All too often, we have seen organizations invest only in application security testing and education as the only two components of their application security programs. The net result is an expensive “patch and fix” approach that self optimizes only for the risks that scanners are able to catch.

Comments  (0)

E595c1d49bf4a26f8e14ce59812af80e

No Quick Fixes for Home Depot After Record Cyberattack

September 17, 2014 Added by:Patrick Oliver Graf

America’s largest home improvement retailer seems to have a repair for everything, but after news that its payment systems had been breached, Home Depot has a lot of work ahead to get its own house in order. It faces a long road as it repairs its reputation, its relationships with customers and its network security.

Comments  (6)


« First < Previous | 2 - 3 - 4 - 5 - 6 | Next > Last »