January 21, 2014 Added by:InfosecIsland News
CrowdStrike's Intelligence Team tracked more than 50 different threat actor groups believed to be behind the majority of sophisticated threats against enterprises in 2013.
January 20, 2014 Added by:Vince Kornacki
In this article we'll test our web application with vertical password guessing attacks. Whereas horizontal password guessing attacks entail trying only a few common passwords against a long list of usernames, vertical password guessing attacks entail trying a long list of passwords against a single username.
January 19, 2014 Added by:Anthony M. Freed
Security researcher Alan Byrne has disclosed a Cross Site Scripting (XSS) vulnerability in Microsoft Office 365 that would allow an attacker to obtain administrator privileges and access to the Email and SharePoint content across the network, as well as the ability to make configuration changes.
January 18, 2014 Added by:Tripwire Inc
So, your CEO keeps hassling you about a “real” plan for securing the company’s technology. You have a plan, telling him “we have done a, b, c and we are going to do d,e,f next month – if you don’t cut our budget.” But he keeps asking for a “real” plan, otherwise he will cut the budget...
November 14, 2013 Added by:Cam Roberson
One of the major issues discussed in the wake of the National Security Agency leak involving Edward Snowden was how the government can prevent a similar leak from happening in the future. This article looks at several specific measures that can strengthen data security, making it more difficult for bad actors to break into the system, and tougher for them to make off with sensitive information onc...
September 12, 2013 Added by:Mike Lennon
Vodafone Germany said an attacker with insider knowledge had stolen the personal data of two million of its customers from a server located in Germany.
August 21, 2013 Added by:Cam Roberson
Employers can be diligent in installing encryption protection software on the devices their employees use, but what happens if the password is compromised? Whenever the password is known, the laptop, smartphone or tablet is at no less security risk with encryption as it is without.
August 14, 2013 Added by:Bill Wheeler
Recent reports have found that cyberattacks against U.S. corporations are on the rise, along with an increase in international threats, especially from China, and emerging threats to small businesses. Today, it’s not a matter of if an organization will be the victim of a cyberattack, but when.
July 31, 2013 Added by:InfosecIsland News
Austin-based Wisegate has released a report that provides top 10 tips from leading CISOs to help IT professionals manage security vendors.
July 23, 2013 Added by:Dan Kuykendall
Eliminating the risk of SQL injection is made complicated by a host of factors -- many of which are out of the developer and security teams’ control. If not addressed completely, web applications are still vulnerable. Let’s look at the problem from each team’s point of view.
July 12, 2013 Added by:Anthony M. Freed
To better understand how we as security professionals can hone our messaging across the organization and up the corporate food chain to elicit the responses we are seeking, we recently spoke at length with Michael Santarcangelo of Security Catalyst, widely recognized in the security field as an effective communicator and catalyst for change and improvement.
July 11, 2013 Added by:Jan Valcke
Security is not an optional feature to be implemented after the horse has bolted. Lack of security may have severe consequences and can result in destructed corporate image, severe revenue losses and liability suits. Strong authentication alleviates a lot of security concerns and can help build customer trust, credibility and can even become a competitive advantage.
July 10, 2013 Added by:InfosecIsland News
With APTs leveraging these weaknesses, it’s critical to have visibility and control of enterprise key and certificate inventories. Cyber criminals understand that the easy targets are those organizations that have little visibility into their threat surface and cannot respond quickly. We need to gain control over trust; we need to plug the gap related to key & certificate-based exploits. (Re...
July 02, 2013 Added by:Rafal Los
Very few companies are actively using security intelligence for better defense. What gives? This post will describe for you what I believe it means to extract value from security intelligence. And more important, why I believe three out of four enterprises are still failing to get that value.
Paying Lip Service (Mostly) to User Educatio... Sherrley Max on 12-20-2014
Update 3: Hackers May Leak Norton Antivirus ... Prabhas Raju on 12-19-2014
Twitter Offers "Always Use HTTPS" Security F... Samantha Elizabethus on 12-18-2014