Latest Blog Posts
January 16, 2014 Added by:john melvin
We have no way of knowing right now what the causes of the recent Target and Neiman-Marcus data breaches are. It just raises the same questions of: does compliance with PCI standards mean that everything is secure against attacks? If an application is compliant, is that enough? It doesn’t seem to be clear whether or not a company can completely “pass the buck” to the developers and maintaine...
January 16, 2014 Added by:Patrick Oliver Graf
Hackers are far from lazy, and if you leave a door in your network security open even an inch, they will find it and they will sneak in. These prominent hacks serve as scary reminders of the growing threat of advanced persistent threats (APTs).
January 16, 2014 Added by:Mark Harrington
Listening to the open social universe not only requires an organizational commitment, but also a robust strategy prepared to deal with issues, risks, threats and crises that emerge from social discussions.
January 13, 2014 Added by:Allan Liska
On October 23rd the Internet Corporation for Assigned Names and Numbers (ICANN) announced the roll out of the first 4 gTLDS under its New gTLD Program. The new domains could pose a potential security threat to your organization.
January 12, 2014 Added by:Rafal Los
This is the 3rd installment of my Security Intelligence for the Enterprise post where I’ll drop some of the things that I find useful for clients looking to adopt a less “on your heels” security stance in the cyber realm.
January 07, 2014 Added by:Anthony M. Freed
The Open Resolver Project reports that they have identified as many as 32 million open DNS resolvers worldwide, with 28 million of those servers posing “a significant threat” to Internet users’ security.
January 07, 2014 Added by:Patrick Oliver Graf
A new worm that targets embedded devices has started to spread this holiday season. The Zollard worm, which targets various devices running on Linux, has brought to light the numerous security vulnerabilities Internet of Things (IoT) endpoints pose for corporate networks.
January 06, 2014 Added by:Rohit Sethi
The NIST Cyber Security Framework completely lacks any mention of application security. We predict that organizations will likewise adopt the framework with scant attention paid to secure software, which will lull them into a false sense of security.
December 26, 2013 Added by:Allan Liska
In this case, the attackers are taking advantage of the monlist command. Monlist is a remote command in older version of NTP that sends the requester a list of the last 600 hosts who have connected to that server.
December 23, 2013 Added by:InfosecIsland News
With more than 40 million credit cards potentially affected by the security breach at Target, credit union officials say it's time for federal and state officials to take action to prevent the cost of such breaches from being passed along to consumers and the financial services industry.
December 21, 2013 Added by:InfosecIsland News
The winning hacker of The Gauntlet, a capture-the-flag-style live server exploitation exercise, was able to fully compromise an unpatched, minimally configured cloud server instance in under four hours.
December 21, 2013 Added by:InfoSec Institute
Supervisory control and data acquisition (SCADA) networks are considered by cyber strategists to be the backbone of any country. Critical infrastructure, and in particular control systems, require protection from a variety of cyber threats that could compromise their ordinary operation.
December 20, 2013 Added by:InfosecIsland News
For three nights, security researchers from 30 countries joined forces to hunt down security issues in software that powers the Internet and some of the world's most commonly used applications.