Firewalls
Prohibiting RC4 Cipher Suites
February 26, 2015 Added by:Tripwire Inc
I’ve long believed that RC4 was dead based on past research and multiple vendors have already declared it dead.
Comments (0)
Open Haus: Wi-Fi and Seamless Roaming for Mobile Workers
February 26, 2015 Added by:Patrick Oliver Graf
Whatever you picture, the fact is that mobility is now a key expectation of many employees. Those who work from laptops, tablets and other mobile devices need to be certain that the technology they depend on is able to follow them from place to place, without any service interruption.
Comments (0)
Keep Your Hands Off My SSL Traffic
February 25, 2015 Added by:Brent Huston
If you have been living under an online rock these last couple of weeks, then you might have missed all of the news and hype about the threats to your SSL traffic.
Comments (0)
The Trouble with (Asset) Identity
February 24, 2015 Added by:Tripwire Inc
Have you ever had your identity stolen? Or perhaps an identity crisis? I hope for your sake the answer is “no.” However, if it’s yes, you are in good company.
Comments (0)
Perceptive Privacy Protectors Push for IoT Privacy Protections
February 23, 2015 Added by:Rebecca Herold
The costs of implementing security safeguards and privacy controls are significantly less than the costs, and damage to individuals’ lives, of cleaning up and paying all the associated money and time for security incidents and privacy breaches.
Comments (0)
DDoS-for-Hire Services Cheap But Effective
February 19, 2015 Added by:Brian Prince
Distributed denial-of-service attackers are making it relatively cheap to disrupt targeted sites, according to a new report from Verisign.
Comments (7)
How to Manage Secure Communications in M2M Environments
February 18, 2015 Added by:Patrick Oliver Graf
For all the talk of the Internet of Things (IoT) and machine-to-machine (M2M) communications making our lives easier, there always seems to be a cautionary tale involving security of these devices around every corner.
Comments (1)
The Year of Threat Intelligence Sharing: Bringing Structure to the Chaos of Big Security Data
February 18, 2015 Added by:Robert McNutt
While no one has a crystal ball to peer in and see what 2015’s landscape will look like, one thing is for sure: hackers are becoming more sophisticated and in order to stave off data breaches, we need to be aggregating and sharing information.
Comments (0)
Many IT Pros Ignore Security Policy in Order to Do Their Jobs: Survey
February 17, 2015 Added by:Brian Prince
According to a survey of 1,000 consumers by ResearchNow, a third of the IT professionals and administrators said they had downloaded an application they were not authorized to use on a corporate device in order to do their job.
Comments (8)
ISACA Addresses IoT Risk Management
February 17, 2015 Added by:Anthony M. Freed
ISACA has released a new guide for organizations concerned about the impact of The Internet of Everything (IOT) on business operations, addressing the potential value and the associated risks involved with expanded connectivity.
Comments (1)
PoS Malware Kits Rose in Underground in 2014: Report
February 12, 2015 Added by:Brian Prince
In 2014, while several major companies were coping with breaches of their PoS infrastructure, many smaller retailers were facing the same threat from less-organized groups.
Comments (5)
Poor SIEM – Why Do We Doom You to Fail?
February 10, 2015 Added by:Robert Eslinger
Some say the current SIEM status quo provides no value and must evolve if it’s to survive. But I believe these views stem from a fundamental misunderstanding of what SIEM does (or should do).
Comments (1)
Security Analytics Lessons Learned — and Ignored!
February 10, 2015 Added by:Anton Chuvakin
As I was finishing the most excellent book “Data-Driven Security: Analysis, Visualization and Dashboards“ (see book site also), one paragraph jumped out and bit me in the face – ouch!
Comments (2)
Anthem Breach: How Hackers Stole Credentials and Why Two-Factor Authentication May Help Prevent Future Phishing Scams
February 09, 2015 Added by:Thu Pham
If the Anthem attack was carried out as the result of using a single password, their access security wasn’t up to industry standards. Two-factor authentication may have thwarted attacks by requiring the use of a personal device to verify the identity of a system administrator or other technical employee with access to their database of millions of sensitive records.
Comments (2)
SSL is Officially Declared Dead
February 09, 2015 Added by:PCI Guru
Not that this should be a surprise to any QSA as the POODLE vulnerability effectively killed SSL. The Council has now officially announced that SSL is no longer deemed to be strong cryptography.
Comments (3)
ACTUAL Domestic and International ICS Cyber Incidents From Common Causes
February 09, 2015 Added by:Joe Weiss
There is still minimal identification of, much less, “connecting the dots” on ICS cyber incidents.
Comments (2)
- Prohibiting RC4 Cipher Suites
- Control System Cyber Security and the Insurance Industry
- Open Haus: Wi-Fi and Seamless Roaming for Mobile Workers
- Owning your own data – Data residency laws
- Babar: Suspected Nation State Spyware In The Spotlight
- FFIEC Adds Cyber-Resilience to Business Continuity Guidelines
- Keep Your Hands Off My SSL Traffic
- Gemalto Presents Findings of Investigations Into Alleged Hacking of SIM Card Encryption Keys by GCHQ and NSA
- Old Vulnerabilities Still Popular Targets for Hackers: HP
- Those Pesky Users: How To Catch Bad Usage of Good Accounts