Latest Posts

69dafe8b58066478aea48f3d0f384820

LulzSec Vows to Continue "Until We're Brought to Justice"

June 20, 2011 Added by:Headlines

"We've been entertaining you 1000 times with 140 characters or less, and we'll continue creating things that are exciting and new until we're brought to justice, which we might well be. But you know, we just don't give a living frak at this point..."

Comments  (0)

29fb4966bdfcfff5545ae464c771071b

Why Hackers are Having a Field Day

June 20, 2011 Added by:Gurudatt Shenoy

The past few months have seen a shock and awe campaign being launched by a series of hacker organizations such as Anonymous hackers and LulzSec. The most serious of recent events is the breach of RSA's SecureID. Whew. If the guardians of security cannot protect their own, who else can?

Comments  (2)

69dafe8b58066478aea48f3d0f384820

Sega Breach Exposes 1.3 Million Accounts

June 20, 2011 Added by:Headlines

In an odd turn of events, the most likely suspect in the attack against Sega, the hacker collective LulzSec, apparently was not involved in this latest event and has offered to help Sega track down the culprits...

Comments  (0)

850c7a8a30fa40cf01a9db756b49155a

Lack of Attribution Undermines Clarke's China Warning

June 19, 2011 Added by:J. Oquendo

Richard Clarke should take from the lessons learned via Iraq: Not everything is what it seems. When it comes to a cyber intrusion, all anyone can ever claim is that a computer from "some country" was the source of the attack. The reality is, the attacker could be anyone in the world....

Comments  (0)

7e364bbac217114a59e547b354e7f7ad

Components of Effective Vulnerability Management

June 19, 2011 Added by:Gary McCully

Vulnerability management is a continual process that monitors the effectiveness and the efficiency of your organization’s ability to mitigate vulnerabilities. Without a Vulnerability Management Program, you and your security program could be blindly walking off the edge of a cliff...

Comments  (0)

7c5c876d1933023ac375eead04302e1a

Attackers Love Your Organization's HR Department

June 19, 2011 Added by:Boris Sverdlik

Companies use every available resource in their recruiting. They hire third party recruiters, post job listings on LinkedIn, Dice, Monster and numerous other places. While this will bring in a plethora of qualified candidates, it also provides attackers a wealth of information...

Comments  (9)

Ebb72d4bfba370aecb29bc7519c9dac2

Algorithmic SIEM “Correlation” Is Back?

June 18, 2011 Added by:Anton Chuvakin

One of the ways out of ill-fitting default rules is in use of event scoring algorithms and other ruleless methods. While not without known limitations, can be extremely useful in environments where correlation rule tuning is not likely to happen, no matter how many times we say it should...

Comments  (0)

99edc1997453f90eb5ac1430fd9a7c61

Cynical Security Cliches

June 17, 2011 Added by:Javvad Malik

Auditors are always trying to pin something on security departments. They’ll doggedly pursue every lead, using their statement of work as an all-access pass to the security procedures. Worse, the cynic can even find himself becoming a chief suspect in his own investigation...

Comments  (1)

59d9b46aa00c70238bb89056cfeb96c0

A Values-Based Approach to Your Compliance Program

June 17, 2011 Added by:Thomas Fox

Moving from a rules-based compliance training to an ethics-based approach, there are three general areas where a company can change its approach in a manner to encourage employees to behave ethically, they are The Code; Ethics Training; and You Make the Call...

Comments  (0)

37d5f81e2277051bc17116221040d51c

Get Digitally Secure Before it’s Mandatory

June 17, 2011 Added by:Robert Siciliano

It is possible to secure systems against most cybercrime but that level of security often proves too inconvenient for consumers. As long as banks continue absorbing losses from fraud, consumers remain blissfully ignorant of the consequences of inadequate security...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Richard Clarke: China's Cyberassault on America

June 17, 2011 Added by:Headlines

"What would we do if we discovered that Chinese explosives had been laid throughout our national electrical system? The public would demand a response. If, however, the explosive is a digital bomb that could do even more damage, our response is apparently muted—especially from our government..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

SMBs Face Growing threat from Mass Meshing Attacks

June 17, 2011 Added by:Headlines

"Because they can do it at such a precise level, when they attack they don't just inject a single malicious script like in mass SQL injections. They inject a backdoor, which allows them total control of all the files on the website..."

Comments  (0)

A6f6ba95b73de19f947cf4eceecb2bed

Introducing WPScan – A WordPress Security Scanner

June 16, 2011 Added by:Ryan Dewhurst

WPScan is a black box WordPress Security Scanner written in Ruby which attempts to find known security weaknesses in WordPress installations. Its intended use is for security professionals or WordPress administrators, and the code base is Open Source and licensed under GPLv3...

Comments  (1)

0dc5fdbc98f80f9aaf2b43b8bc795ea8

Cloud Computing, Security, and You

June 16, 2011 Added by:Global Knowledge

There are many benefits of cloud computing, yet cloud computing also brings significant security concerns when moving critical applications and sensitive data to public and shared cloud environments. Here are five things to keep in mind when considering cloud based services...

Comments  (0)

314f19f082e69886c20e31c70fe6dceb

Advanced Evasion Techniques

June 16, 2011 Added by:Rod MacPherson

Evasion techniques are not attacks on their own, but rather a sneaky way to get whatever attack you want to use past the network monitoring and policing systems to the target host. It's not about the bad-guy asking "How can I hack in?", but "How can I hack in without being seen?"

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Citigroup Reveals More Compromised Client Accounts

June 16, 2011 Added by:Headlines

"The customers' account information (name, account number and contact information, including email address) was viewed. However, data that is critical to commit fraud was not compromised: the customers' social security number, date of birth, card expiration date and card security code..."

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Years of Security Neglect - Solved in 24 Hours of Panic?

June 16, 2011 Added by:Rafal Los

It's been uncovered that your company is the next target of a hacktivist organization. Then panic sets in as everyone realizes the network that's been neglected for the last decade is responsible for 75% of your business revenue, and will likely be the front line of attack...

Comments  (0)

10e258c8d23d441b915c1b2333b6996a

HIPAA-HITECH Compliance: Two Free Webinars

June 16, 2011 Added by:Jack Anderson

We have scheduled two new free webinars on HIPAA HITECH for Smarties. These webinars feature a presentation by Rebecca Herold,CIPP, CISSP, CISA, CISM, FLMI, recently voted the 3rd best privacy advisor in the world, in competition with large law firms and consulting practices...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

LulzSec Attacks CIA Website, Taunts The Jester

June 16, 2011 Added by:Headlines

The hacker collective known as LulzSec conducted a successful attack against a public-facing website of the CIA on Wednesday. The DDoS attack, which caused periodic outages, was announced with a Twitter message from the group stating, "Tango down - cia.gov - for the lulz..."

Comments  (0)

850c7a8a30fa40cf01a9db756b49155a

Anti-Hacker Kill Switch Voodoo Containment Systems

June 15, 2011 Added by:J. Oquendo

Internet killswitches: Who needs them and why. It is rather ironic to even think about the United States attempting to carry out some form of killswitch considering that at the same time, the government is trying to build a system to bypass other countries' killswitches...

Comments  (3)