Vulns & Alerts


The NERC CIP's Are Not Making the Grid More Secure or Reliable

January 20, 2015 Added by:Joe Weiss

The North American Electric Corporation (NERC) Critical Infrastructure Protection (CIP) cyber security standards were developed to increase the cyber security and reliability of the electric grid. Unfortunately, they are not doing either.

Comments  (1)


The Risk Within: Could an Ex-Employee Be Responsible for the Sony Hack?

January 19, 2015 Added by:Patrick Oliver Graf

One month ago, we asked, “What network security lessons can we learn from the Sony attack?” Since then, new information has been slow to trickle out, save for the FBI’s mid-December statement that assigned responsibility to the North Korean government.

Comments  (2)


How to Avoid Getting Phished

January 14, 2015 Added by:Brent Huston

It’s much easier for an attacker to “hack a human” than “hack a machine”. This is why complicated attacks against organizations often begin with the end user.

Comments  (2)


When You Are Overwhelmed With Alerts, it is Time to Automate.

January 07, 2015 Added by:Michael Leland

Your security team is getting alerts from internal sensors, threat intelligence from multiple sources, and potential indicators of attack or compromise from your SIEM. Relying on these human filters to decode, deduce, and decide what is relevant takes valuable time and can result in long delays between attack, detection, and containment.

Comments  (2)


Does Your Valuable Data Belong to Hackers?

January 05, 2015 Added by:Thu Pham

Every organization, regardless of size, is comprised of a variety of sensitive data - from HR and payroll handling medical, financial and personally identifiable employee data to your precious intellectual property. And each of these data types can be sold for a price on the black market, making them valuable to attackers financially as well as for blackmail purposes.

Comments  (6)


Moving from Alert-Driven to Intelligence-Driven Security

January 05, 2015 Added by:Paul Lipman

The emergence of smart, integrated, cloud-based security services will enable a transformation from an alert-centric to an intelligence-centric approach to security. This will vastly enhance the Chief Information Security Officer's (CISO’s) visibility and ultimately deliver substantial improvements in the robustness of the overall security posture.

Comments  (1)


Eat. Pray. Love. – Three Words that Comply with Sony’s Password Policy

January 01, 2015 Added by:Scott Garber

While evaluating the Sony hack and explosion of related press, our team discovered an eerie tie-in to the titles and taglines in Sony Pictures massive movie library, which might have been an early indicator of the inevitable breach.

Comments  (1)


Forensic Examinations And Facts

December 23, 2014 Added by:PCI Guru

I am watching the news reports on the Sony breach and laughing at all of the “facts” that are being bandied about. I want to use the Sony breach as a teachable moment and explain that the “facts” may not be as factual as represented by the media, forensic examiners or even the FBI.

Comments  (0)


Aurora and DHS - a Misleading Response to a Significant Mistake

December 22, 2014 Added by:Joe Weiss

With all of the focus on cyber security one could expect that DHS is doing a credible job in helping to protect our country. Unfortunately, that may not be the case.

Comments  (1)


What Network Security Lessons Can We Learn from the Sony Attack?

December 17, 2014 Added by:Patrick Oliver Graf

Hollywood is a place that can be driven mad by star-studded gossip, where the talk of the town is rarely private and where people are accustomed to their secrets not staying secret for very long. Yet, this state of play hasn’t made it any easier for the victims of last month's cyberattack against Sony, carried out by shadowy assailants calling themselves the Guardians of Peace.

Comments  (15)


Grinch Bug Could be Worse Than Shellshock, Says Experts

December 17, 2014 Added by:Pierluigi Paganini

The flaw resides in the authorization system in Linux which allows privilege escalation through the wheel.

Comments  (1)


Security in 2015: The Internet Becomes the Corporate Network Perimeter

December 05, 2014 Added by:Paul Lipman

The cloud has been widely hailed as the most disruptive force in modern business. Indeed, the world is in the midst of fundamentally profound transformations, enabled by the cloud, in the ways in which we access and interact with data and applications. Unfortunately, the security industry has not kept pace with these transformational trends, necessitating an equally profound change in the way we s...

Comments  (0)


The Cost of a Data Breach in 2014: An Industry by Industry Breakdown

December 04, 2014 Added by:Thu Pham

The average total cost of a data breach increased 15 percent in 2014 to $3.5 million, this according to the Ponemon Institute’s 2014 Cost of Data Breach Study: Global Analysis. But how does that average vary from industry to industry, each with different types of consumer information and different data regulations?

Comments  (0)


Iran Attacking Critical Infrastructures - Cylance Report

December 04, 2014 Added by:Joe Weiss

This is not an “I told you so” note. It is a note expressing concern that our critical infrastructure organizations such as NERC, FERC, NRC, NEI, AWWA, and others do not appear to be taking this threat seriously.

Comments  (0)


Phones, Phablets and Clouds - Securing Today’s New Infrastructure

December 03, 2014 Added by:Steve Durbin

Despite the undeniable corporate and consumer interest, the security and privacy implications of cloud and mobile connected devices are concerning many security professionals. Countless organizations are still playing catch up – Bring Your Own Device (BYOD) polices are only starting to be embedded, reviewed and updated. IT departments are overwhelmed with the amount of devices entering the workp...

Comments  (0)


The Three Human Failures Behind Remote Access Shortcomings

November 26, 2014 Added by:Patrick Oliver Graf

Whenever news of a network security breach reaches the public airwaves, observers are quick to assign blame to some combination of technological shortcomings and human error that allowed an attacker to slip through the victim’s cyber defenses.

Comments  (2)

Page « < 3 - 4 - 5 - 6 - 7 > »