Vulns & Alerts
February 19, 2013 Added by:Mike Lennon
In a fascinating, unprecedented, and statistics-packed report, security firm Mandiant made direct allegations and exposed a multi-year, massive cyber espionage campaign that they say with confidence is the work of China.
February 18, 2013 Added by:Wendy Nather
Security is an unrelenting business, one that you can never prove is done adequately. You'll never be finished, and you can never know if you can even take a break. And it's never fully appreciated by the people who make a living based on that reality: the vulnerability finders and the "solution" providers.
February 18, 2013 Added by:Steve Ragan
Most of the time, attacks considered APTs use 0-Day exploits, or malware that slips past poorly updated AV software, or phishing to compromise a host or organization. There is nothing advanced about attacks like these...
February 13, 2013 Added by:Kelly Colgan
The movie “Identity Thief” opened nationwide last weekend, and while we love a good laugh, this flick comes at a cost: the truth. Here are five major plot points that do a disservice to an often-misunderstood crime...
February 01, 2013 Added by:Simon Moffatt
This complex chain of correlated "security big data", can be used in a manner of ways from post-incident analysis and trend analytics as well as for the mapping of internal data to external threat intelligence. Big data is here to stay and security analytics just needs to figure out the best way to use it...
January 29, 2013 Added by:Infosec Island
Researchers at Rapid7 have uncovered that roughly 40-50 million network-enabled devices are at risk due to vulnerabilities in the Universal Plug and Play (UPnP) protocol.
January 28, 2013 Added by:Pierluigi Paganini
The report revealed the surprising efficiency of well-known vulnerabilities usually included in the popular exploits sold in the underground, around 60% are more than two years old, and 70% of the exploit kits analyzed (26) were released or created in Russia...
January 15, 2013 Added by:Jeffrey Carr
Kaspersky made an astonishing announcement today with its discovery of a sophisticated cyber espionage network (most likely Russian) that has been operating since May 2007 and continues to this day. It has successfully infiltrated embassies, research organizations, military and government agencies, energy facilities (including nuclear power plants) predominantly in the Commonwealth of Independent ...
January 13, 2013 Added by:Larry Karisny
We start with one big problem. Internet architecture was never made for security. One of my earliest articles quoted the father of the Internet Vint Cerf by saying, "One of things incumbent on all of us is to introduce strong authentication into the fabric of the smart grid. We did not do that with the Internet."
January 08, 2013 Added by:Ali-Reza Anghaie
I have long said that history and legal precedent will eventually defend "hack back" techniques for those with well established procedures and some degree of market clout (e.g. DIB, Fortune 100s). I've even said, when discussing the Patriot Hacker "The Jester", that self-defense and stand-your-ground will almost certainly come into play and be successfully used in some legal context.
December 26, 2012 Added by:Matthew McWhirt
Many of the security incidents encompassing 2012 could have been mitigated, and some even fully prevented, if fundamental information security best practices had been reviewed and assessed, and controls encompassing incident response phases had been fully vetted...
December 26, 2012 Added by:Simon Moffatt
Technology evolves so quickly that 12 weeks is an age when it comes to new ideas and market changes - and security is no different. However, the main areas I will personally be following with interest though, will be the BYOD/BYOA, personnel, preemptive security and social intelligence...
December 18, 2012 Added by:Suzanne Widup
For those of you who have appreciated The Leaking Vault series of data breach reports, I have some sad news. As I was days away from releasing the third installment, I received an email from Brian Martin with the Open Security Foundation stating that I do not have permission to use their data without a license...
December 12, 2012 Added by:Pierluigi Paganini
The hackers during the operation named ProjectWhiteFox have targeted a wide range of companies operating in different sectors such as aerospace, nanotechnology, banking, law, military, education and government, following a list of the targets hacked...
December 11, 2012 Added by:Kelly Colgan
Though it could create procedural challenges for the IRS and the U.S. Postal Service, Congress could solve the problem by simply refusing to issue refunds before April 15. That way they could see who has duplicate returns filed, and investigate before signing over checks to the bad guys...
December 05, 2012 Added by:PCI Guru
Put video monitoring on all your POS locations. This does not stop such a swap from occurring, but it does at least record such an event if it does occur. This is particularly important in situations where the customer also acts as cashier as with any self checkout situation...
Interoperability: A Much Needed Cloud Comput... ryan mccarthy on 04-18-2014
Is User Experience Part of Your Security Pla... Allan Pratt, MBA on 04-17-2014
Interoperability: A Much Needed Cloud Comput... ryan mccarthy on 04-17-2014