Latest Blog Posts
June 02, 2014 Added by:Joe Weiss
It's official! The 2014 (the 14th) ICS Cyber Security Conference will be held October 20 – 23, 2014 at the Georgia Tech Hotel and Conference Center in Atlanta.
June 01, 2014 Added by:Gianluca Stringhini
Recently, we have been working on gaining a better understanding of spam operations and of the actors involved in this underground economy. We believe that shedding light on these topics can help researchers develop novel mitigation techniques, and identifying which of the already-existing techniques are particularly effective in crippling spam operations, and should therefore be widely deployed.
May 29, 2014 Added by:Dan Dieterle
People trust and share way too much on social media sites, and unfortunately this extends to government employees and military troops around the world.
May 29, 2014 Added by:Jeffrey Carr
Because the one thing that's better for a startup than getting money from a VC is getting a contract from a customer, and that's the objective of the Security Startup Speed Lunch.
May 27, 2014 Added by:Tripwire Inc
So the question for us, security professionals and dabblers alike, is how do we make this moment one that makes a difference?
May 27, 2014 Added by:Tal Be'ery
Exploiting the Pass-the-Hash vulnerability is the weapon of choice for most APT attackers. Therefore when Microsoft released a Windows’ update on May 13th titled: “Update to fix the Pass-The-Hash Vulnerability”, it was warmly accepted by IT teams. However, this update was received by the security community with a raised eyebrow, especially due to the fact that just two months before the upd...
May 22, 2014 Added by:Rob Fuller
Most of the tools to exploit it either catch the authentication in NTLMv2/NTLMv1 (which is not always easy to crack) or assume administrative access (because they attempt to PSEXEC with the incoming session). Well, since MS08-068 that's much harder to pin down.
May 22, 2014 Added by:Rebecca Herold
Existing privacy laws address only a fraction of the privacy risks that exist, and new risks are emerging all the time. Don’t put your customers, and innocent children’s, privacy at risk by doing things that may be legal, but still a very bad privacy action.
May 21, 2014 Added by:PCI Guru
In the past, organizations would rely on their database and file schemas along with their data flow diagrams and the project was done. However, the Council has come back and clarified that the search for cardholder data (CHD), primarily the primary account number (PAN).
May 21, 2014 Added by:Joe Weiss
Stuxnet and Aurora utilized design features of the system or controllers to attack physical systems. Stuxnet and Aurora are not traditional network vulnerabilities and cannot be found or mitigated by using traditional IT security techniques.
May 20, 2014 Added by:Nima Dezhkam
As a main area of our interest, PCI v3.0 enhances the Penetration Testing requirement by adding guidelines that help both the organizations and the auditors to better show and understand two important areas of concern in every PCI compliance effort.
May 20, 2014 Added by:Tripwire Inc
If configuration hardening settings are “conditional,” meaning they must find and keep that balance between security and productivity, hardening against known vulnerabilities in applications and versions is much more black-and-white.
May 20, 2014 Added by:Electronic Frontier Foundation
Here's how the House version of the USA Freedom Act compares to the Senate's version, what the new House version of the USA Freedom Act does, and what it sorely lacks.
May 20, 2014 Added by:Ash Motiwala
iometrics are nothing new to the IAM space, yet it seems that security measures like fingerprint readers and retinal scanners were reserved for highly regulated industries, the government and the movies; but all of that is changing.