Latest Blog Posts
September 02, 2014 Added by:Tripwire Inc
We frequently work with customers who use patch management solutions and are missing patches. The reason? I don’t think anyone fully understands the Microsoft Patching process and the third-parties don’t always get it right either.
August 30, 2014 Added by:Eduard Kovacs
Cybercriminals seem to be well aware that many Russian nationals are unhappy with the sanctions imposed by foreign governments against their country, so they're relying on them to revive the Kelihos (Waledac) botnet
August 28, 2014 Added by:Rafal Los
Security professionals continue to fool themselves into believing we walk a delicate balance between keeping the business functional, and keeping it safe (secure).
August 27, 2014 Added by:Tripwire Inc
According to the Secret Service, Backoff malware has affected an additional 1,000 businesses, hit by the same type of cyberattack that stole the personal information of millions of Target customers last year. “
August 27, 2014 Added by:Dan Dieterle
According to the report, a security audit of NOAA’s Information Technology security program found serious security issues with the JPSS Ground System which gathers information from weather satellites and provides it to worldwide users.
August 26, 2014 Added by:Rebecca Herold
Many marketing professionals have a common temptation; they want to send as many marketing messages to as many people as possible, and they would love to send it to all folks who have ever been customers or clients of their business, and often times actually want to simply send to everyone whose email address they can obtain in any way.
August 26, 2014 Added by:Patrick Oliver Graf
Flipping through any consumer publication that rates vehicles, you’ll see all the metrics you would expect – from safety and performance (acceleration, braking, etc.) to comfort, convenience and fuel economy. What you won’t find is an assessment of the car’s risk of being remotely hacked.
August 25, 2014 Added by:PCI Guru
I have been encountering a lot of organizations that are confused about the difference between the PCI SSC’s point-to-point encryption (P2PE) certified solutions and end-to-end encryption (E2EE). This is understandable as even those in the PCI community are confused as well.
August 25, 2014 Added by:Wendy Nather
There are a few movements afoot to help improve security, and the intentions are good. However, to my mind some are just more organized versions of what we already have too much of: pointing out what's wrong, instead of rolling up your sleeves and fixing it.
August 21, 2014 Added by:Identropy
An identity management implementation project will often extend 18-36 months based on the size and complexity of the organization. This is an extraordinary amount of time for any project sponsor to maintain passion around the project.
August 21, 2014 Added by:Joe Weiss
August 19th, I spent a day with the NERC Critical Infrastructure Protection (CIP) Version 5 Drafting team working on one of the NERC CIP Standards. The focus was on boundary protection, not on the actual control system devices and serial communications which were explicitly excluded.