Latest Blog Posts
May 27, 2014 Added by:Tripwire Inc
So the question for us, security professionals and dabblers alike, is how do we make this moment one that makes a difference?
May 27, 2014 Added by:Tal Be'ery
Exploiting the Pass-the-Hash vulnerability is the weapon of choice for most APT attackers. Therefore when Microsoft released a Windows’ update on May 13th titled: “Update to fix the Pass-The-Hash Vulnerability”, it was warmly accepted by IT teams. However, this update was received by the security community with a raised eyebrow, especially due to the fact that just two months before the upd...
May 22, 2014 Added by:Rob Fuller
Most of the tools to exploit it either catch the authentication in NTLMv2/NTLMv1 (which is not always easy to crack) or assume administrative access (because they attempt to PSEXEC with the incoming session). Well, since MS08-068 that's much harder to pin down.
May 22, 2014 Added by:Rebecca Herold
Existing privacy laws address only a fraction of the privacy risks that exist, and new risks are emerging all the time. Don’t put your customers, and innocent children’s, privacy at risk by doing things that may be legal, but still a very bad privacy action.
May 21, 2014 Added by:PCI Guru
In the past, organizations would rely on their database and file schemas along with their data flow diagrams and the project was done. However, the Council has come back and clarified that the search for cardholder data (CHD), primarily the primary account number (PAN).
May 21, 2014 Added by:Joe Weiss
Stuxnet and Aurora utilized design features of the system or controllers to attack physical systems. Stuxnet and Aurora are not traditional network vulnerabilities and cannot be found or mitigated by using traditional IT security techniques.
May 20, 2014 Added by:Nima Dezhkam
As a main area of our interest, PCI v3.0 enhances the Penetration Testing requirement by adding guidelines that help both the organizations and the auditors to better show and understand two important areas of concern in every PCI compliance effort.
May 20, 2014 Added by:Tripwire Inc
If configuration hardening settings are “conditional,” meaning they must find and keep that balance between security and productivity, hardening against known vulnerabilities in applications and versions is much more black-and-white.
May 20, 2014 Added by:Electronic Frontier Foundation
Here's how the House version of the USA Freedom Act compares to the Senate's version, what the new House version of the USA Freedom Act does, and what it sorely lacks.
May 20, 2014 Added by:Ash Motiwala
iometrics are nothing new to the IAM space, yet it seems that security measures like fingerprint readers and retinal scanners were reserved for highly regulated industries, the government and the movies; but all of that is changing.
May 19, 2014 Added by:Dan Dieterle
For years China has turned to hacking to close the technology gap between them and other nations. Termed “cyber-espionage”, Chinese hackers targeted hi-tech US companies and stole confidential research and development data.
May 15, 2014 Added by:Sonali Shah
“The King is dead, long live the King” speaks to the inevitability of succession. It is now not a stretch to think about the inevitability of future CEOs leaving power and ascending to power as a result of cyber breaches.
May 15, 2014 Added by:Anthony M. Freed
The phishing scam starts with emails that appear to have been sent by Google with “Mail Notice” or “New Lockout Notice” in the subject line.
May 14, 2014 Added by:Andrew Avanessian
The most resilient organizations will be those that map out specific security controls that will turn their anticipation of threats into a plan of action. Increasingly, businesses are identifying an emerging theme for preventing security vulnerabilities: restricting employees and IT administrators to standard user accounts and removing the dangers associated with IT admin privileges.