Latest Blog Posts

1b061b1cec6b5898e5326992d9461610

"Back to Basics": What does this mean?

May 28, 2014 Added by:Dave Shackleford

So what ARE “the very basics”? And how exactly do we “get back to them”?

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Vigilance: Maintaining an Effective Enterprise Security Posture

May 27, 2014 Added by:Tripwire Inc

So the question for us, security professionals and dabblers alike, is how do we make this moment one that makes a difference?

Comments  (0)

Fafdf1720f4df1d41c6eacbd2429a06b

Windows Update to Fix Pass-the-Hash Vulnerability? Not!

May 27, 2014 Added by:Tal Be'ery

Exploiting the Pass-the-Hash vulnerability is the weapon of choice for most APT attackers. Therefore when Microsoft released a Windows’ update on May 13th titled: “Update to fix the Pass-The-Hash Vulnerability”, it was warmly accepted by IT teams. However, this update was received by the security community with a raised eyebrow, especially due to the fact that just two months before the upd...

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

Effective NTLM / SMB Relaying

May 22, 2014 Added by:Rob Fuller

Most of the tools to exploit it either catch the authentication in NTLMv2/NTLMv1 (which is not always easy to crack) or assume administrative access (because they attempt to PSEXEC with the incoming session). Well, since MS08-068 that's much harder to pin down.

Comments  (0)

65be44ae7088566069cc3bef454174a7

Lessons from 3 Organizations That Made 3 Privacy Mistakes

May 22, 2014 Added by:Rebecca Herold

Existing privacy laws address only a fraction of the privacy risks that exist, and new risks are emerging all the time. Don’t put your customers, and innocent children’s, privacy at risk by doing things that may be legal, but still a very bad privacy action.

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Adventures in Finding Cardholder Data

May 21, 2014 Added by:PCI Guru

In the past, organizations would rely on their database and file schemas along with their data flow diagrams and the project was done. However, the Council has come back and clarified that the search for cardholder data (CHD), primarily the primary account number (PAN).

Comments  (0)

201d6e4b7cd0350a1a9ef6e856e28341

The Electric Industry Still Doesn't Understand What Sophisticated Attackers Are After

May 21, 2014 Added by:Joe Weiss

Stuxnet and Aurora utilized design features of the system or controllers to attack physical systems. Stuxnet and Aurora are not traditional network vulnerabilities and cannot be found or mitigated by using traditional IT security techniques.

Comments  (1)

022aafe7eef823af1fa3931a5539ae49

What’s New in PCI DSS v3.0 for Penetration Testing?

May 20, 2014 Added by:Nima Dezhkam

As a main area of our interest, PCI v3.0 enhances the Penetration Testing requirement by adding guidelines that help both the organizations and the auditors to better show and understand two important areas of concern in every PCI compliance effort.

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Proactively Hardening Systems: Application and Version Hardening

May 20, 2014 Added by:Tripwire Inc

If configuration hardening settings are “conditional,” meaning they must find and keep that balance between security and productivity, hardening against known vulnerabilities in applications and versions is much more black-and-white.

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

A Deep Dive into the House's Version of Narrow NSA Reform: The New USA Freedom Act

May 20, 2014 Added by:Electronic Frontier Foundation

Here's how the House version of the USA Freedom Act compares to the Senate's version, what the new House version of the USA Freedom Act does, and what it sorely lacks.

Comments  (0)

Default-avatar

The Future of Authentication is Here

May 20, 2014 Added by:Ash Motiwala

iometrics are nothing new to the IAM space, yet it seems that security measures like fingerprint readers and retinal scanners were reserved for highly regulated industries, the government and the movies; but all of that is changing.

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

US Formally Charges Chinese Military Officials for Hacking

May 19, 2014 Added by:Dan Dieterle

For years China has turned to hacking to close the technology gap between them and other nations. Termed “cyber-espionage”, Chinese hackers targeted hi-tech US companies and stole confidential research and development data.

Comments  (0)

F5b1211c3952ce30f829cd3c757a1a7f

Advanced Cyber Threat Techniques

May 19, 2014 Added by:Ali Golshan

Security can no longer be a bolted on solution to the existing infrastructure - it needs to start integrating with the mesh of the existing infrastructure.

Comments  (0)

0b68e5c590b3463d8fe27a4b0e9434cd

Steinhafel is Dead, Long Live Steinhafel

May 15, 2014 Added by:Sonali Shah

“The King is dead, long live the King” speaks to the inevitability of succession. It is now not a stretch to think about the inevitability of future CEOs leaving power and ascending to power as a result of cyber breaches.

Comments  (0)

6d117b57d55f63febe392e40a478011f

Google Chrome Can Leave Users Vulnerable to Phishing

May 15, 2014 Added by:Anthony M. Freed

The phishing scam starts with emails that appear to have been sent by Google with “Mail Notice” or “New Lockout Notice” in the subject line.

Comments  (0)

D2b743b9ed2d7c357472fa8237d7adaf

Time to Say Goodbye to Admin Privileges

May 14, 2014 Added by:Andrew Avanessian

The most resilient organizations will be those that map out specific security controls that will turn their anticipation of threats into a plan of action. Increasingly, businesses are identifying an emerging theme for preventing security vulnerabilities: restricting employees and IT administrators to standard user accounts and removing the dangers associated with IT admin privileges.

Comments  (0)


« First < Previous | 4 - 5 - 6 - 7 - 8 | Next > Last »