December 05, 2014 Added by:Paul Lipman
The cloud has been widely hailed as the most disruptive force in modern business. Indeed, the world is in the midst of fundamentally profound transformations, enabled by the cloud, in the ways in which we access and interact with data and applications. Unfortunately, the security industry has not kept pace with these transformational trends, necessitating an equally profound change in the way we s...
December 03, 2014 Added by:Steve Durbin
Despite the undeniable corporate and consumer interest, the security and privacy implications of cloud and mobile connected devices are concerning many security professionals. Countless organizations are still playing catch up – Bring Your Own Device (BYOD) polices are only starting to be embedded, reviewed and updated. IT departments are overwhelmed with the amount of devices entering the workp...
November 10, 2014 Added by:Electronic Frontier Foundation
In order to have confidence in any software that has security implications, we need to know that it is has been reviewed for structural design problems and is being continuously audited for bugs and vulnerabilities in the code.
November 05, 2014 Added by:Steve Durbin
Password-based authentication is easy and familiar for customers, and is initially inexpensive for organizations to deploy at scale. But, while password-based authentication may be appropriate in some instances, it is no longer suitable for the wide range of services where it is currently being used.
October 20, 2014 Added by:Thu Pham
iThemes, a WordPress (WP) security provider, was recently breached and approximately 60,000 clients in their membership database had a slew of information stolen, including usernames, passwords, IP addresses and more. But, what is of particular concern is the fact that the company was storing their members’ passwords in plain text, which they admitted was in error in a
October 13, 2014 Added by:Tripwire Inc
At some point, your company is going to get the security wake-up call. Whether it’s a breach or an inquiry from an important customer that triggers it, your executives are going to call you one morning, demanding you focus on security in the development of your product.
October 09, 2014 Added by:Prateep Bandharangshi
The two primary reasons that legacy Java security risks persist are cost of mitigation and operational impacts.
October 01, 2014 Added by:Dan Dieterle
As hardware and software manufacturers make public statements about hardening and protecting their services in the name of customer privacy, federal agencies speak out against it – let the smoke and mirrors game begin…
September 26, 2014 Added by:InfosecIsland News
Opinions vary wildly among experts as to the potential impact of the Shellshock vulnerability. What is known—and agreed upon—at this point, is that Shellshock is a very serious vulnerability because it allows remote code execution and gives the attacker full access to the system.
September 18, 2014 Added by:Rohit Sethi
All too often, we have seen organizations invest only in application security testing and education as the only two components of their application security programs. The net result is an expensive “patch and fix” approach that self optimizes only for the risks that scanners are able to catch.
September 10, 2014 Added by:Tripwire Inc
SSL implementation problems exist in apps of all shapes, sizes and function, ranging from those with little sensitive data and few users to apps with millions of active users handling some of our most sensitive data, such as financial transactions and account login information.
August 19, 2014 Added by:Mike Lennon
TrustedSec, citing sources familiar with the incident, said on Tuesday that the initial attack vector was through the infamous “Heartbleed” vulnerability in OpenSSL which provided the attackers a way in, eventually resulting in the compromise of patient data.
Paying Lip Service (Mostly) to User Educatio... Sherrley Max on 12-20-2014
Update 3: Hackers May Leak Norton Antivirus ... Prabhas Raju on 12-19-2014
Twitter Offers "Always Use HTTPS" Security F... Samantha Elizabethus on 12-18-2014