April 03, 2013 Added by:Rohit Sethi
The March 24th public disclosure of a MongoDB zero-day vulnerability (CVE-2013-1892) has been raising eyebrows and initiating discussion among IT security and developers alike. Here’s why we think it stands out...
April 02, 2013 Added by:Rafal Los
This post and the few that follow will go through the five basic ideas behind defensibility and why defensible is a state we should be striving for as enterprise security professionals.
April 02, 2013 Added by:Jarno Limnéll
Every second the cyber domain expands and becomes more complex. This means that there is an incredible scope of possibilities and the means develop new things. The integration of the online world with the physical world brings a new dimension to human life. It is vital to understand that cyberspace should not be treated as a separate domain but as one that is entwined with the physical space.
April 01, 2013 Added by:Joe Weiss
Industrial control systems (ICSs) were designed for reliability and safety and to enable system operability and functionality. Many ICSs were originally designed before networking was commonplace. Consequently, cyber security was not a design consideration.
April 01, 2013 Added by:Ben Rothke
In Managing Risk and Information Security: Protect to Enable, author Malcolm Harkins deals with the inherent tension of information security – that between limitations and enablement.
March 30, 2013 Added by:Joel Harding
Then, two weeks ago, an unusual event happened. First, since I have a Mac running some unusual browsers, I seldom get a pop-up screen. But one popped up. Imagine my surprise when the popup window was an ad for Chinese dating site called ChineseWomenDating.com
March 29, 2013 Added by:Krypt3ia
There seems to be a disconnect within the psyche for kids where their actions are just not real because it happens online. Some of these kids that I tracked online due to recent events with the attacks on Brian Krebs that leads me to believe some of them may in fact be on the road to sociopathy.
March 28, 2013 Added by:Tripwire Inc
What are security professionals doing wrong that they can’t connect and communicate with their businesses’ senior management, asked Brian Honan, Principal of BH Consulting in our conversation at the 2013 RSA Conference in San Francisco.
March 28, 2013 Added by:Gary McCully
I thought it was time to write an update regarding the current state of websites that are using SSL/TLS to protect their web applications. Sadly, the current state of SSL/TLS is pretty pathetic. As of March 19, 2013 the SSL Pulse Project reported that many of the most popular sites on the Internet are still struggling with correctly implementing SSL!
March 27, 2013 Added by:Rafal Los
Strategy without accompanying tactics is a lost cause. Tactics without a solid footing in strategy is an expensive lost cause. The maturity of an organization's security team is directly proportional to their ability to have a foundational strategy and be able to implement tactical measures and feedback to adjust to changing conditions in order to defend adequately.
March 27, 2013 Added by:Infosec Island
A new malware targeting point-of-sale (POS) systems and ATMs has stolen payment card information from several US banks, researchers say. The author behind the malware appears to have links to a Russian cyber-crime gang.
March 27, 2013 Added by:Paul Kenyon
Financial institutions sit at the top end of the scale for security and reputational risk, with their databases of customer information making them especially vulnerable to criminal interception and subject to regulatory obligations.
March 26, 2013 Added by:Eric Byres
Let's examine the good, the bad and the ugly details of patching as a means to secure SCADA and ICS systems. And to begin, let’s suppose patches could be installed without shutting down the process...
March 26, 2013 Added by:Don Eijndhoven
Some say that the 'right to strike pre-emptively' is a warning shot across the bow of China, but it cannot be said that it is a timely revelation in any respect. After all, not having formally asserted this right to strike pre-emptively did not deter the cyber attack against Iran's nuclear enrichment facilities in Natanz
March 25, 2013 Added by:Jarno Limnéll
For societies and armed forces there is today no credible defense without cyber capabilities. The cyber arms race has started, and its speed is accelerating. Nations and other entities are using online weapons, because they are thousands of times cheaper than conventional armaments.
March 25, 2013 Added by:Tripwire Inc
From several samples of the malware and logs it has been found that the malware was designed to corrupt the Master Boot Record (MBR) as well as the Volume Boot Record (VMR). Once the corruption has taken place the system reboots leaving the system unusable as the MBR is missing .
March 25, 2013 Added by:Oliver Rochford
The foremost problem with the Mandiant report is that it relies on a view of China and the Chinese Cyber-Operations that has very little to do with situational conditions on the ground.
March 22, 2013 Added by:Mike Lennon
In an effort to increase security for user accounts, Apple on Thursday introduced a two-step verification option for Apple IDs.