Blog Posts Tagged with "Mitigation"
April 26, 2016 Added by:Jim Legg
While prevention of the initial breach is an important layer of an enterprise security strategy, perimeter-based threat protection alone is not sufficient to protect against today’s increasingly sophisticated and targeted external security threats.
February 17, 2016 Added by:Avishai Wool
As DDoS continues to be used as a cyber-weapon against websites and online resources, organizations should ensure that they have a response plan in place that includes these mitigation techniques, to help deny attempted denial-of-service attacks.
November 11, 2015 Added by:Stefan Fouant
In my daily engagements with various customers of all shapes and sizes, it’s truly interesting to see how the approach to DDoS mitigation is changing. Much of this is the result of DDoS mitigation services shifting from a “nice to have” technology to a “must-have”, essential in order to maintain business continuity and availability.
January 19, 2013 Added by:Tripwire Inc
Security professionals today identify lack of qualified talent and lack of organizational funding as a key problem to their daily job; which probably implies that they are doing what they can with what they have; which likely may not meet expectations...
September 12, 2012 Added by:Fergal Glynn
One of the big stories from this year’s BlackHat conference was Microsoft’s inaugural BlueHat contest which challenged researchers to design a novel runtime mitigation technology designed to prevent the exploitation of memory safety vulnerabilities. Katie Moussouris discusses...
September 10, 2012 Added by:Brent Huston
Our testing of the “rdp-sec-check” tool showed it to be quite useful in determining the configuration of exposed Terminal Services and in hardening them. Keep in mind, it is likely useful to harden the Terminal Services implementations internally to critical systems as well...
September 10, 2012 Added by:Rafal Los
Air-gapped networks are difficult to maintain, and what happens when you have to transfer data from that air-gapped network to somewhere else. What if you have to install printer drivers or update your anti-virus signatures? Doesn't sound so easy to do now, does it?
August 29, 2012 Added by:Alexander Polyakov
The most interesting thing is that the SAP HostControl is exposed to the Internet by many companies. Speaking numbers, 10% of companies that use SAP worldwide expose the SAP HostControl service to the Internet. I think you can imagine what can be done to those companies if hackers exploited this hole...
July 29, 2012 Added by:Christopher Laing
Risks are just circumstances that if they occurred, would have some impact on the business. Naturally risks can potentially disrupt the business, but if identified, planned for, and effectively managed, risks can have a beneficial impact on the business. The key word here is managed...
July 23, 2012 Added by:Infosec Island Admin
ICS-CERT has received a report from OSIsoft concerning a stack-based buffer overflow in the PI OPC DA Interface software that could cause the software to crash or allow a remote attacker to execute arbitrary code. This vulnerability was discovered during a software assessment requested by OSIsoft and funded by DHS...
July 18, 2012 Added by:Neira Jones
You know the feeling: You think you have it all under control, you think you've engaged with the right people, you have buy in from those who matter, the right culture is in place, you're not struggling for investment and bang! You get hacked. Overwhelming sense of failure ensues. Where did it all go wrong?
July 16, 2012 Added by:Scott Thomas
Our job isn't to run the business or set direction, our job is to tell the ones at the helm that building a boat out of tin foil is a bad idea. We need to change the sign on the door from "Department of No" to "How does this affect our risk-posture?" and realize even then sometimes you need to say "No"...
July 16, 2012 Added by:Infosec Island Admin
Researchers have notified ICS-CERT of a directory traversal and weak credential storage vulnerability with proof-of-concept exploit code for Tridium Niagara AX Framework software that is exploitable by downloading and decrypting the file containing the user credentials from the server...
July 14, 2012 Added by:Rafal Los
APT - Advanced Persistent Threat has been the nervous topic for a long time now in Information Security. While there is a metric ton of misinformation and confusion about what constitutes an Advanced Persistent Threat, the thrust seems to be that once you're a target, you're a victim...
July 02, 2012 Added by:Fergal Glynn
Businesses often assume they are safe from cyber attacks because they are too small to be of interest to hackers, or mistakenly assume they have taken adequate measures to protect themselves. This infographic highlights the risks faced by small businesses and gives a few tips to help safeguard against attacks...
June 29, 2012 Added by:Headlines
US-CERT "encourages users and administrators to utilize the FBI's rogue DNS detection tool to ensure their systems are not infected with the DNSChanger malware. Computers testing positive for infection of the DNSChanger malware will need to be cleaned of the malware to ensure continued Internet connectivity..."
Hacker to Release Symantec's PCAnywhere Sour... Jerry Shaw on 10-05-2015
PoS Malware Kits Rose in Underground in 2014... on 03-17-2015
New PCI Compliance Study... on 03-17-2015