Latest Posts

69dafe8b58066478aea48f3d0f384820

RSA's SecurID Hack Leads to Lockheed Network Disruption

May 27, 2011 Added by:Headlines

"Whoever hacked the RSA network got the algorithm for the current tokens and then managed to get a key-logger installed on one or more computers used to access the intranet at this company. With those two pieces of information they were then able to get access to the internal network..."

Comments  (1)

8c4834b99847b9f7c9ee94b45df086f9

The Future of Secure Mobile Computing?

May 27, 2011 Added by:Emmett Jorgensen

Using a Bare-Metal-Boot Mode, these devices never have to touch the hard drive of the host machine, and with capacities up to 128GB, there is plenty of room for data storage as well. Add to that encryption and dual factor authentication and you’ve got an incredibly secure device...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

NATO: Cyber Defense and the New Strategic Concept

May 27, 2011 Added by:Headlines

Cyber attacks offer vastly favorable cost-benefit ratios in comparison to conventional military options. It is increasingly probable that a cyber attack on a NATO country will precede, or even replace a physical assault, moving cyber issues to the forefront of security concerns...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Sony's Catastrophic Security Problem - The End Game

May 26, 2011 Added by:Rafal Los

Hacking incidents tend to have a short-term impact on a business and rarely impact the long-term viability of a large organization. What I suspect may happen here is an event or exfiltration of data so catastrophic that it may actually impact Sony's long-term viability...

Comments  (2)

F29746c6cb299c1755e4087e6126a816

Verizon Report: Hackers Target Small Businesses

May 26, 2011 Added by:Kelly Colgan

Hackers are changing their tactics and chasing opportunities. Black hats are honing in on lower-tier business targets—organizations with less savvy, maturity and investment in countermeasures. Once they identify vulnerability, they exploit it...

Comments  (0)

0c4ca84ec3f3f2d57194f8e0cbd5ba85

Data Privacy: Don't Hand Over the Keys to Your Kingdom

May 26, 2011 Added by:Lindsay Walker

While internal breaches remain a high risk, 57% of the C-level respondents in the survey felt that that next one to three years will see external threats, such as cyber-criminals, being a greater security risk than threats from with the organization...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Researcher Nabs Details from 35 Million Google Profiles

May 26, 2011 Added by:Headlines

“I wrote a small bash script to download all the sitemap-NNN(N).txt files mentioned in that file, and attempted to download 10k, then 100k, than 1M and then, utterly surprised that my connection wasn't blocked or throttled or CAPTCHA'd, [downloaded] the rest of them..."

Comments  (0)

37d5f81e2277051bc17116221040d51c

Mobile Payments Set to Dramatically Increase

May 26, 2011 Added by:Robert Siciliano

The Payment Card Industry Standards Council is not yet granting approval to any mobile payment applications. With the explosive growth of the mobile payment industry, they are holding off and waiting to see which technologies rise to the top...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Cookiejacking Exploit Threatens Facebook Accounts

May 26, 2011 Added by:Headlines

"The attack exploits a vulnerability in the IE security zones feature... By embedding a special iframe tag in a malicious website, an attacker can circumvent this cross zone interaction and cause the browser to expose cookies stored on the victim's computer..."

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

E2E Encryption and Doctored Credit Card Terminals

May 26, 2011 Added by:PCI Guru

End-to-end encryption just moves the attack points, in this case out to the terminal at the merchant’s location. Worse yet, it also makes security of the merchant’s endpoint even more difficult than it already is because the techniques used in doctoring terminals can easily go unnoticed...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

China Acknowledges Existence of Cyberwarfare Unit

May 26, 2011 Added by:Headlines

While numerous nations are involved in varying levels of cyber aggression, what makes the Chinese threat so much more palpable is the systemic nature and comparatively large scale of the state-sponsored cyber-offensive operations...

Comments  (0)

A6a8f6bad925fe4167d82a398acc0d10

ECPA Amendments Restrict Use of Geolocation Data

May 26, 2011 Added by:Stephen Gantz

The bill explicitly defines geolocation information as, "any information concerning the location of an electronic communications device that is in whole or in part generated by or derived from the operation or use of the electronic communications device..."

Comments  (0)

850c7a8a30fa40cf01a9db756b49155a

The Marketing Department Fixed Those SCADA Vulnerabilities

May 25, 2011 Added by:J. Oquendo

DHS, Siemens and other similar organizations are naive to think that attackers aren't actively exploiting their software. Regardless if a researcher decided to not publicly speak about an exploit, there is an assumption that it isn't already exploited. How wrong they are....

Comments  (0)

B451da363bb08b9a81ceadbadb5133ef

SQL Injections In Stored Procedures

May 25, 2011 Added by:Alexander Rothacker

This post discusses how SQL injection in stored procedures could be exploited in Microsoft SQL Server, Oracle, and Sybase ASE databases. SQL injection is an attack that allows an unprivileged user to execute SQL code with elevated privileges due to a bug in the input sanitation...

Comments  (0)

47d6748b0a28ace8263ed75fec1afe4c

Information Security Policies and Procedures Part 6

May 25, 2011 Added by:Alex Hamerstone

Writing to the correct audience is one of the most important elements of creating effective documentation. If the documentation is too technical, they will not understand it. If the documentation is too simple for the audience, they may skim over important points...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Symantec: Spammers Creating Fake URL Shorteners

May 25, 2011 Added by:Headlines

“With legitimate URL-shortening services attempting to tackle abuse more seriously, spammers seem to be experimenting with ways to establish their own services to better avoid disruption... We expect spammers to continue abusing them..."

Comments  (0)

Dd9902bc56a9d85cdc62c00083ea4871

Human Error Leads to Third Strike for Sony

May 25, 2011 Added by:Katie Weaver-Johnson

Organizations who are unable to measure situational awareness at the individual level will continue to suffer expensive breaches. All individuals need to understand their individual roles and responsibilities for protecting sensitive and personal information...

Comments  (3)

69dafe8b58066478aea48f3d0f384820

Homemade Cyber Weapon On Par With Stuxnet Virus

May 25, 2011 Added by:Headlines

"The reaction by Siemens is the old school knee-jerk reaction: 'Just 'cus some kids can do it does not mean we are targeted'. Industrial control vendors and users have to take this very seriously. They are being targeted, they are vulnerable, and the repercussions could be expensive..."

Comments  (0)

924ce315203c17e05d9e04b59648a942

Modern Malware Defense

May 25, 2011

Ashar Aziz, founder of FireEye, recognized early on that malware, zero day threats, and drive by downloads could slip by defenses that most organizations have deployed. He built the technology to take executables off the wire and run them in a mini-cloud of virtual emulators...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Bank of America's $10 Million Dollar Breach Loss

May 25, 2011 Added by:Headlines

"It's a huge issue for all types of consumer information that is stored, and it's being heavily targeted by all kinds of breaches. Organized crime either had an employee planted or reached out to an employee and got them in on the hack. We're seeing this more and more..."

Comments  (0)