Vulns & Alerts
August 20, 2014 Added by:Tripwire Inc
In our third and final post of this series, Tripwire’s Vulnerability and Exposure Research Team (VERT) highlights four more unnecessary risks that often appear in even the most secure networks.
August 19, 2014 Added by:Mike Lennon
TrustedSec, citing sources familiar with the incident, said on Tuesday that the initial attack vector was through the infamous “Heartbleed” vulnerability in OpenSSL which provided the attackers a way in, eventually resulting in the compromise of patient data.
August 07, 2014 Added by:InfosecIsland News
Symantec tips help consumers safeguard information in light of claims that a Russian cybercrime group is behind the largest known collection of stolen Internet credentials.
July 17, 2014 Added by:Neohapsis
Without full disk encryption (like BitLocker), sensitive system files will always be available to an attacker, and credentials can be compromised.
July 08, 2014 Added by:InfosecIsland News
Please join Palo Alto Networks and SecurityWeek on Wednesday, July 9th at 1:00 PM ET for an informative webcast on how your organization can better detect and prevent advanced cyber attacks.
July 07, 2014 Added by:Patrick Oliver Graf
Former NSA director Keith Alexander pointed out earlier this week that government networks are far from secure, as the NSA and the Department of Defense uncovered more than 1,500 pieces of malware on the U.S. government’s most secret networks.
July 02, 2014 Added by:Joe Weiss
The past two weeks continue to demonstrate the lack of understanding about the unique issues of ICS cyber security – why isn’t it just IT.
June 11, 2014 Added by:Joe Weiss
The story is that MANY ICSs are connected to the Internet and it isn’t expensive to find them.
June 05, 2014 Added by:Patrick Oliver Graf
In the not-so-distant past, when enterprises lacked ubiquitous high-speed Internet connections and the means to provide employees with remote access, organizations were far more likely to enforce strict working hours than they are today. After all, work wouldn't get done if employees weren't present.
May 21, 2014 Added by:Joe Weiss
Stuxnet and Aurora utilized design features of the system or controllers to attack physical systems. Stuxnet and Aurora are not traditional network vulnerabilities and cannot be found or mitigated by using traditional IT security techniques.
April 27, 2014 Added by:InfosecIsland News
Researchers from FireEye have discovered a nasty zero-day exploit that bypasses the ASLR and DEP protections in Microsoft Windows and is being used in targeted attacks.
The Indelicate Balance Between "Keep it Work... Matthew Harvey on 08-30-2014
Time to Say Goodbye to Admin Privileges... Matthew Harvey on 08-30-2014
P2PE Versus E2EE... france deal on 08-30-2014