Vulns & Alerts
June 28, 2016 Added by:Nick Bilogorskiy
In the age of stolen passwords, compromised credentials are the easiest way in, simpler than phishing, malware or exploits. “Password confirmation” tools are now readily available to find reused passwords matching any website.
May 24, 2016 Added by:Brian Soldato
User Entity Behavior Analytics (UEBA) platforms are very promising. In the near future, expect to see user behavior analytics platforms integrate more directly with infrastructure and with automated response.
April 26, 2016 Added by:Jim Legg
While prevention of the initial breach is an important layer of an enterprise security strategy, perimeter-based threat protection alone is not sufficient to protect against today’s increasingly sophisticated and targeted external security threats.
April 22, 2016 Added by:Vanishree Rao
End-to-end encryption does not solve the problem, despite the common perception that it is the holy grail of instant-messaging security. It is necessary that service providers shift their attention toward non-traditional key-derivation mechanisms to close the loophole.
April 12, 2016 Added by:Amir Geri
The vulnerabilities found in Flash Player have forced Adobe to issue out security patches yet again. Whether the decision is to uninstall Flash entirely or ensure that all updates have been completed across the enterprise, the issue IT practitioners face is related to compliance.
April 01, 2016 Added by:Paul Morville
This April Fool’s Day, let’s acknowledge that a security strategy focused exclusively on patching and prevention is a fool’s errand and let’s move towards an adaptive approach that includes prevention, detection, continuous visibility and response.
March 15, 2016 Added by:InfosecIsland News
Adobe’s Flash Player in 2015 was the dominant application in terms of vulnerabilities targeted by exploit kits (EKs), with 13 of the 17 new flaws added to these malicious programs pertaining to the web plugin.
March 15, 2016 Added by:Eyal Bek
Besides the usual precautions, encryption can put a huge dent in the problem by making stored information unintelligible to intruders. Self-encrypting drives further help by minimizing the performance impact by offloading encryption to specialized hardware and taking humans out of the picture.
March 14, 2016 Added by:Mark Parker
Unfortunately, while the popularity of March Madness (the NCAA Basketball Tournament) has grown exponentially, nearly every facet of any employee’s involvement with the event could open up the employee, as well as the organization, to a number of cyber risks.
February 22, 2016 Added by:Larry Karisny
When I spoke on the need for cybersecurity innovation at the January ITEXPO conference in Fort Lauderdale, Fla., I sensed something interesting about my cybersecurity colleagues: They don't seem to care about innovation; they care about having a job in cybersecurity.
February 17, 2016 Added by:Dan Lohrmann
With the surging growth in cyberspace, new technologies, Wi-Fi, apps, robots, drones, terrorists with social media accounts, the Internet of Things (IoT) and nation-state hacking, online data security has become the Achilles’ heel of the Internet. A growing number of people want to know about new apps available for their smartphones and their data in the cloud – along with the upcoming securit...
December 21, 2015 Added by:Dan Lohrmann
Beyond cyber war and the good guys having the right tools to catch the bad guys, there can be a tendency to ignore “more mundane” acceptable use directives. That is, security staff can download copyrighted material (movies and games), view porn at work, look at information that is private (like promotions, raises or other data from management), “borrow” passwords or delete log files to cov...
December 07, 2015 Added by:Steve Durbin
As information risks and cyber security threats increase, organizations need to move away from reacting to incidents and toward predicting and preventing them. Developing a robust mechanism to assess and treat information risk throughout the organization is a business essential.
Hacker to Release Symantec's PCAnywhere Sour... Jerry Shaw on 10-05-2015
PoS Malware Kits Rose in Underground in 2014... on 03-17-2015
New PCI Compliance Study... on 03-17-2015