Vulnerabilities
All Up in Your Bitness.
February 18, 2013 Added by:Wendy Nather
Security is an unrelenting business, one that you can never prove is done adequately. You'll never be finished, and you can never know if you can even take a break. And it's never fully appreciated by the people who make a living based on that reality: the vulnerability finders and the "solution" providers.
Comments (0)
Why the Latest Rails Exploit Is Indicative of a Bigger Problem
February 15, 2013 Added by:Rohit Sethi
The latest Rails security flaw is example of a common anti-pattern. The issue in each case is an abuse of extensibility. At first glance the idea is clever: allow for run-time execution of new code or binding of server-side variables without changing your compiled code, thereby greatly enhancing extensibility.
Comments (0)
Latest Adobe Zero-day is Serious Business
February 14, 2013 Added by:Mike Lennon
The exploits have been seen in extremely targeted attacks against high profile targets, and are a sophisticated effort that appear to be the first to successfully escape Adobe’s “protected mode” sandbox. Make no mistake about it; this attack is serious business and not the work of amateurs.
Comments (0)
Security Analytics: Hype or Huge?
February 01, 2013 Added by:Simon Moffatt
This complex chain of correlated "security big data", can be used in a manner of ways from post-incident analysis and trend analytics as well as for the mapping of internal data to external threat intelligence. Big data is here to stay and security analytics just needs to figure out the best way to use it...
Comments (0)
New York Times Says It Was Infiltrated By Chinese Hackers
January 31, 2013 Added by:Infosec Island
The New York Times said it had fallen victim to hackers possibly connected to China's military, linking the sophisticated attacks to its expose of the vast wealth amassed by Premier Wen Jiabao's family.
Comments (0)
UPnP Security Flaws Expose 40-50 Million Networked Devices
January 29, 2013 Added by:Infosec Island
Researchers at Rapid7 have uncovered that roughly 40-50 million network-enabled devices are at risk due to vulnerabilities in the Universal Plug and Play (UPnP) protocol.
Comments (0)
Don’t Be Caught Playing the Fool (A Lesson in Why Change Control is Important)
January 03, 2013 Added by:Gary McCully
This is a real world story around the dangers of not following proper change control processes when placing new systems in production. In this blog I will discuss how one person’s actions could have resulted in an attacker gaining complete access to the organization’s internal network. I am hoping this example will cause organizations to take their change control processes a little more seriou...
Comments (0)
Bug Bounty Programs - As a Service?
January 02, 2013 Added by:Rafal Los
Now, admittedly you already probably know I'm not a huge proponent of "bug bounty" programs, as I see the abuses and failure potential outweigh the redemption value in the cases I've seen outside of the few 'big names'... but this caught my attention because they may actually be onto something.
Comments (0)
ESB Security Spotlighted At ZeroNights 2012
December 25, 2012 Added by:Alexander Polyakov
ERP systems, which store the information about finances, employees, materials, wages, and so on, are rightfully considered to be the most critical of such systems. Unauthorized access to those systems can lead to espionage, sabotage, or fraud...
Comments (0)
Bad Piggies, Graffiti and the IRT
December 21, 2012 Added by:Fergal Glynn
Chrome users have almost no way of evaluating the trustworthiness of Chrome extension publishers because Google doesn’t have any reputation ranking system, nor does it review applications and extensions before they’re published...
Comments (0)
How to get into your house through SmartTV
December 14, 2012 Added by:Pierluigi Paganini
Security experts posted a video that demonstrates how it is possible to attack a Samsung Smart TV exploiting a 0-day vulnerability to gain root access on it. The hacker could remotely wipe data from attached storage devices, monitoring and controlling the victim TV...
Comments (0)
Mobile Devices get means for Tamper-Evident Forensic Auditing
December 13, 2012 Added by:Michelle Drolet
In order to detect security breaches and guarantee compliance, tamper “proofing” has not been sufficient. When it comes time for a forensic audit, the ability to detect unauthorized changes to digital files becomes invaluable in an investigation...
Comments (0)
Compliance Combines with Vulnerability Scanning to Create Aegify
December 10, 2012 Added by:Michelle Drolet
Two security firms, the established Rapid7 vulnerability manager and eGestalt, a cloud-based compliance management provider, have signed an OEM deal that will do something for the IT security industry that hasn’t been done before: a combination security and compliance posture management...
Comments (1)
Web Browsers, Exploits and H@x0rs… Oh, My!
November 26, 2012 Added by:Tripwire Inc
I might possibly be in the wrong business. Google announced recently that teenage hacker “Pinkie Pie” was awarded $60,000 for finding and reporting a bug in the company’s Chrome web browser. Apparently this is not even the first time he has accomplished this feat...
Comments (0)
Money Laundering Scenes In -The Digital World
November 20, 2012 Added by:gaToMaLo r. amores
By denying terrorist and criminals groups access to their money, authorities can stop them buying munitions and paying for suicide bombers. This approach has been highly successful in identifying and dismantling terrorist networks. Now they need to adapt and learn how this new DC works because it cannot be stopped...
Comments (1)
Google Transparency Report: Let's Read it Together
November 17, 2012 Added by:Pierluigi Paganini
Government surveillance is one of the most interesting security topics. In many cases governments for various reasons, such as Homeland Security, spy on users tracking their activities on the Internet, intercept their communications, and gain access to email accounts...
Comments (0)
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox
- The Emperor Is Naked!
- Infographic: Keeping Web Applications Safe
- Do You Have a Vendor Security Check List? You Should!