Vulns & Alerts
February 13, 2013 Added by:Kelly Colgan
The movie “Identity Thief” opened nationwide last weekend, and while we love a good laugh, this flick comes at a cost: the truth. Here are five major plot points that do a disservice to an often-misunderstood crime...
February 01, 2013 Added by:Simon Moffatt
This complex chain of correlated "security big data", can be used in a manner of ways from post-incident analysis and trend analytics as well as for the mapping of internal data to external threat intelligence. Big data is here to stay and security analytics just needs to figure out the best way to use it...
January 29, 2013 Added by:Infosec Island
Researchers at Rapid7 have uncovered that roughly 40-50 million network-enabled devices are at risk due to vulnerabilities in the Universal Plug and Play (UPnP) protocol.
January 28, 2013 Added by:Pierluigi Paganini
The report revealed the surprising efficiency of well-known vulnerabilities usually included in the popular exploits sold in the underground, around 60% are more than two years old, and 70% of the exploit kits analyzed (26) were released or created in Russia...
January 15, 2013 Added by:Jeffrey Carr
Kaspersky made an astonishing announcement today with its discovery of a sophisticated cyber espionage network (most likely Russian) that has been operating since May 2007 and continues to this day. It has successfully infiltrated embassies, research organizations, military and government agencies, energy facilities (including nuclear power plants) predominantly in the Commonwealth of Independent ...
January 13, 2013 Added by:Larry Karisny
We start with one big problem. Internet architecture was never made for security. One of my earliest articles quoted the father of the Internet Vint Cerf by saying, "One of things incumbent on all of us is to introduce strong authentication into the fabric of the smart grid. We did not do that with the Internet."
January 08, 2013 Added by:Ali-Reza Anghaie
I have long said that history and legal precedent will eventually defend "hack back" techniques for those with well established procedures and some degree of market clout (e.g. DIB, Fortune 100s). I've even said, when discussing the Patriot Hacker "The Jester", that self-defense and stand-your-ground will almost certainly come into play and be successfully used in some legal context.
December 26, 2012 Added by:Matthew McWhirt
Many of the security incidents encompassing 2012 could have been mitigated, and some even fully prevented, if fundamental information security best practices had been reviewed and assessed, and controls encompassing incident response phases had been fully vetted...
December 26, 2012 Added by:Simon Moffatt
Technology evolves so quickly that 12 weeks is an age when it comes to new ideas and market changes - and security is no different. However, the main areas I will personally be following with interest though, will be the BYOD/BYOA, personnel, preemptive security and social intelligence...
December 18, 2012 Added by:Suzanne Widup
For those of you who have appreciated The Leaking Vault series of data breach reports, I have some sad news. As I was days away from releasing the third installment, I received an email from Brian Martin with the Open Security Foundation stating that I do not have permission to use their data without a license...
December 12, 2012 Added by:Pierluigi Paganini
The hackers during the operation named ProjectWhiteFox have targeted a wide range of companies operating in different sectors such as aerospace, nanotechnology, banking, law, military, education and government, following a list of the targets hacked...
December 11, 2012 Added by:Kelly Colgan
Though it could create procedural challenges for the IRS and the U.S. Postal Service, Congress could solve the problem by simply refusing to issue refunds before April 15. That way they could see who has duplicate returns filed, and investigate before signing over checks to the bad guys...
December 05, 2012 Added by:PCI Guru
Put video monitoring on all your POS locations. This does not stop such a swap from occurring, but it does at least record such an event if it does occur. This is particularly important in situations where the customer also acts as cashier as with any self checkout situation...
December 04, 2012 Added by:Mark Baldwin
FreeBSD.org are recommending that anyone who downloaded and installed any of their third-party packages between September 19 2012 and November 11 2012 reinstall their systems. Obviously this could be a big burden for a lot of organizations...
December 04, 2012 Added by:Kelly Colgan
I’m a South Carolina taxpayer, and therefore, a potential victim of the massive South Carolina Department of Revenue Breach. I work in the identity theft and data risk industry, so when I heard about how everything was being handled and what was being offered, I was upset...
November 29, 2012 Added by:Pierluigi Paganini
The group of hackers who named itself Parastoo Farsi have exposed contacts for more than 100 nuclear experts and scientists, the word Parastoo is Farsi and refers to a bird species like the swallow and an Iranian girl's name...
Student Pleads Guilty to Counterfeiting Coup... on 06-18-2013
Starting to Clean Up the Mess from PCAnywher... Peggy Patterson on 06-18-2013