November 19, 2012 Added by:Bill Mathews
That’s right, I got an email with my username and password listed right there. That probably doesn’t anger normal people (let alone drive them to write an article about it), but I have never been accused of being normal so I’m pretty annoyed. Here, in no particular order, are my reasons for the anger and frustration...
November 18, 2012 Added by:Michele Westergaard
Cyber security threats to the utility industry are increasing in number and sophistication. The North American Reliability Corporation (NERC) is increasing the Critical Infrastructure Protection (CIP) regulatory requirements to ensure facilities are meeting basic standards in this area...
October 31, 2012 Added by:Paul Kenyon
Every organization experiences user frustrations and complications that result in support calls to the help desk. While each call may seem to suggest a unique problem, there could be a common root cause amongst them. Help desk calls often seem to be black and white – the machine works and now it doesn’t...
October 22, 2012 Added by:Pierluigi Paganini
Recent revelations on Flame raise the question on the efficiency of zero day vulnerabilities, software bugs that hackers exploit to avoid security defenses on targeted systems. The real problem when we talk about zero-day is related to the duration of the period in which hackers exploit the vulnerability...
October 21, 2012 Added by:Brandon Knight
Penetration testers love compromising systems during assessments, and the most important portion of a penetration test is getting access to critical data and systems. So, post exploitation I generally head for the database servers. Depending on the permissions of the target there may be another hurdle to bypass...
October 11, 2012 Added by:Paul Kenyon
Users with admin rights are loose cannons -- you just don’t know when or where they are going to strike, and the results can be devastating to the company’s security infrastructure. Once a problem occurs, it often unravels into a downward spiral taking your business - and reputation - down with it...
September 12, 2012 Added by:Mike Gault
The security market in 2012 is estimated at $60 billion, yet adding more layers of perimeter security may be completely useless against a determined sysadmin working on the inside. The end result is that your data might or might not be secure – you simply have no way to prove it...
August 22, 2012 Added by:Kelly Colgan
The digitization of medical records may make folks queasy, but it is also efficient, offering an opportunity to save both money and lives. It is in fact inevitable. Unfortunately, so are data breaches and the identity compromises that follow. We need to be deadly serious because lives are at literally at stake...
August 19, 2012 Added by:Alexander Rothacker
So, what is this new vulnerability all about? It’s a privilege escalation vulnerability that gives an attacker SYSDBA privileges. In order to perform the exploit, one needs to have CREATE TABLE and CREATE PROCEDURE privileges as well as EXECUTE privileges on DBMS_STATS package...
August 03, 2012 Added by:Rafal Los
While it's not really OK to have a vulnerable application sitting out on the 'net, at least if it's in "stage" mode it shouldn't have real data... right? Unfortunately this wasn't the case in many of the incidents I experienced. It's time to remind ourselves that anything that is accessible should be well protected...
July 08, 2012 Added by:Ben Kepes
Analysis of unstructured data is the hot topic these days – organizations are lured by the promise of deriving huge incremental value by gaining insights from crunching vast pools of seemingly random numbers to determine patterns and trends. It’s not a huge surprise that structured data analytics gets forgotten...
June 25, 2012 Added by:Headlines
“The most disturbing findings were the number of companies that report they have no way to track what data is being stored in the cloud, no process to manage access to that data (or plans to do so), and that management doesn’t know where enterprise data is stored. This should act as a wakeup call for organizations..."
June 21, 2012 Added by:Rebecca Herold
Information disposal is now a legal requirement for basically all businesses of all sizes, and it simply makes sense to dispose of information securely as an effective way to prevent breaches. Having effective disposal policies, procedures and technologies in place demonstrates reasonable due diligence...
June 14, 2012 Added by:Megan Berry
There are many factors that can bring down your networks and compromise data, including criminals, carelessness and disgruntled employees. The hardware, software, and policies that make up the layers of network security defend your company’s systems from these threats. What are the most common threats?
June 14, 2012 Added by:Infosec Island Admin
In this first NIST 'Big Data' workshop, key national priority topics will be explored, including examples from science, health, disaster management, security, and finance. At the same time, topics in emerging technology areas including analytics and architectures will also be discussed...
June 05, 2012 Added by:Rebecca Herold
Big Data and associated analytics can be used to improve business and customer experiences and bring innovation and medical breakthroughs. However, organizations must make sure they don’t cross that line of customization and business improvements into creepiness and full-blown privacy invasion...
Hacker to Release Symantec's PCAnywhere Sour... Jerry Shaw on 10-05-2015
PoS Malware Kits Rose in Underground in 2014... on 03-17-2015
New PCI Compliance Study... on 03-17-2015