Latest Blog Posts
April 16, 2015 Added by:Tripwire Inc
Verizon’s annual Data Breach Investigations Report (DBIR) gives annual analysis and insight to the prior year’s security incidents and confirmed data breaches. As a security practitioner, I look to this report as a bellwether for our own security practices – what patterns are emerging and what should be my immediate takeaways to better protect my organization.
April 16, 2015 Added by:PCI Guru
Hidden by all of the news about v3.1 of the PCI DSS being published, is a notice that was sent to all PCI approved scanning vendors (ASV) from the PCI SSC regarding how to handle SSL and “early TLS” vulnerabilities.
April 16, 2015 Added by:Eduard Kovacs
With less than three weeks to go until Suits and Spooks London 2015 kicks off, the agenda is nearly finalized. Our first 2-day international event will host experts in cyber warfare, intelligence, advanced persistent threats, sophisticated malware, and political issues.
April 15, 2015 Added by:Brian Prince
In a new report from Vormetric focused on healthcare organizations, almost half (48 percent) of the IT decision makers from the U.S. said their organization either failed a compliance audit or experienced a data breach in the last year.
April 15, 2015 Added by:Mary Landesman
People differ in how they approach data analytics. One camp prefers to postulate a theory and find data that supports or negates that theory. Another camp prefers to let the data tell the story.
April 14, 2015 Added by:InfosecIsland News
Six California privacy and consumer groups have called on members of the US House Energy and Commerce Committee to oppose federal legislation that would wipe out California's landmark data breach notification laws.
April 14, 2015 Added by:Anthony M. Freed
The Federal Financial Institutions Examination Council (FFIEC) released two documents with guidance for financial institutions on mitigating risks from the increase in cyber attacks that compromise user credentials or employ destructive software.
April 14, 2015 Added by:Kevin L. Jackson
The best skill set for preparing someone to become a CISO is a statistical tie between business knowledge and knowledge of IT security best practices.
April 14, 2015 Added by:Joe Weiss
There is a tendency by many in the cyber security community to only care about malicious cyber attacks as opposed to unintentional cyber incidents.
April 13, 2015 Added by:Eduard Kovacs
More than a dozen command and control (C&C) servers used by the Simda botnet were seized last week by law enforcement authorities coordinated by Interpol.
April 13, 2015 Added by:Tripwire Inc
We have a problem in the security community – or maybe within the modern information age of humanity in general. That problem is we see security as a technology, policy, privacy or people issue, instead of an integrated combination thereof.
April 13, 2015 Added by:Patrick Oliver Graf
When it comes to IT security, government agencies around the world are aware of the challenges and risks small and medium-sized enterprises (SMEs) face. So it only figures that they offer help, in the form of initiatives aimed specifically at SMEs.
April 12, 2015 Added by:Mike Lennon
FireEye on Sunday uncovered details of a decade-long cyber espionage campaign carried out by China targeting governments, journalists and businesses in South East Asia and India.
April 10, 2015 Added by:Paul Lipman
While SMBs are vulnerable to many of the same types of attacks as the companies making headlines (Target, JP Morgan, Home Depot, Anthem, etc.), they must defend themselves with vastly smaller IT teams and budgets. SMBs are finding they have a unique set of challenges and vulnerabilities that require a comprehensive but tailored approach to security.
April 09, 2015 Added by:Anthony M. Freed
Analysis in the newly released 2015 Cyber Risk Report finds that 86% of web applications tested had serious issues with authentication, access control, and confidentiality, an increase over the previous year’s rate of 72%.