Vulns & Alerts

A58bf865b185e0e3f665473bf8f3ca6d

Opinion: Recent ISACA Study Adds Fuel to the APT Fire

February 18, 2013 Added by:Steve Ragan

Most of the time, attacks considered APTs use 0-Day exploits, or malware that slips past poorly updated AV software, or phishing to compromise a host or organization. There is nothing advanced about attacks like these...

Comments  (0)

F29746c6cb299c1755e4087e6126a816

What ‘Identity Thief’ The Movie Gets Wrong

February 13, 2013 Added by:Kelly Colgan

The movie “Identity Thief” opened nationwide last weekend, and while we love a good laugh, this flick comes at a cost: the truth. Here are five major plot points that do a disservice to an often-misunderstood crime...

Comments  (0)

65c1700fde3e9a94cc060a7e3777287c

Security Analytics: Hype or Huge?

February 01, 2013 Added by:Simon Moffatt

This complex chain of correlated "security big data", can be used in a manner of ways from post-incident analysis and trend analytics as well as for the mapping of internal data to external threat intelligence. Big data is here to stay and security analytics just needs to figure out the best way to use it...

Comments  (0)

Default-avatar

UPnP Security Flaws Expose 40-50 Million Networked Devices

January 29, 2013 Added by:Infosec Island

Researchers at Rapid7 have uncovered that roughly 40-50 million network-enabled devices are at risk due to vulnerabilities in the Universal Plug and Play (UPnP) protocol.

Comments  (0)

03b2ceb73723f8b53cd533e4fba898ee

The Rise of Exploit Kits According to Solutionary SERT

January 28, 2013 Added by:Pierluigi Paganini

The report revealed the surprising efficiency of well-known vulnerabilities usually included in the popular exploits sold in the underground, around 60% are more than two years old, and 70% of the exploit kits analyzed (26) were released or created in Russia...

Comments  (0)

296634767383f056e82787fcb3b94864

RBN Connection to Kaspersky's Red October Espionage Network

January 15, 2013 Added by:Jeffrey Carr

Kaspersky made an astonishing announcement today with its discovery of a sophisticated cyber espionage network (most likely Russian) that has been operating since May 2007 and continues to this day. It has successfully infiltrated embassies, research organizations, military and government agencies, energy facilities (including nuclear power plants) predominantly in the Commonwealth of Independent ...

Comments  (0)

8a958994958cdf24f0dc051edfe29462

Common Sense Cybersecurity

January 13, 2013 Added by:Larry Karisny

We start with one big problem. Internet architecture was never made for security. One of my earliest articles quoted the father of the Internet Vint Cerf by saying, "One of things incumbent on all of us is to introduce strong authentication into the fabric of the smart grid. We did not do that with the Internet."

Comments  (0)

Bd623fa766512fdf6b57db66f522b741

Briefly on "The Network Use of Force Continuum"

January 08, 2013 Added by:Ali-Reza Anghaie

I have long said that history and legal precedent will eventually defend "hack back" techniques for those with well established procedures and some degree of market clout (e.g. DIB, Fortune 100s). I've even said, when discussing the Patriot Hacker "The Jester", that self-defense and stand-your-ground will almost certainly come into play and be successfully used in some legal context.

Comments  (0)

E745f78c8d9499cf7e9aea2084be2e0a

2013 - Year of the D(efense)

December 26, 2012 Added by:Matthew McWhirt

Many of the security incidents encompassing 2012 could have been mitigated, and some even fully prevented, if fundamental information security best practices had been reviewed and assessed, and controls encompassing incident response phases had been fully vetted...

Comments  (0)

65c1700fde3e9a94cc060a7e3777287c

The Obligatory 2013 Infosec Predictions Post

December 26, 2012 Added by:Simon Moffatt

Technology evolves so quickly that 12 weeks is an age when it comes to new ideas and market changes - and security is no different. However, the main areas I will personally be following with interest though, will be the BYOD/BYOA, personnel, preemptive security and social intelligence...

Comments  (0)

58bc13ef5da5ac4fc32d41c3fbc0e460

Closing the Vault Door

December 18, 2012 Added by:Suzanne Widup

For those of you who have appreciated The Leaking Vault series of data breach reports, I have some sad news. As I was days away from releasing the third installment, I received an email from Brian Martin with the Open Security Foundation stating that I do not have permission to use their data without a license...

Comments  (4)

03b2ceb73723f8b53cd533e4fba898ee

ProjectWhiteFox 1.6M accounts exposed,Team Ghostshell vs UN Y.2770 standard

December 12, 2012 Added by:Pierluigi Paganini

The hackers during the operation named ProjectWhiteFox have targeted a wide range of companies operating in different sectors such as aerospace, nanotechnology, banking, law, military, education and government, following a list of the targets hacked...

Comments  (0)

F29746c6cb299c1755e4087e6126a816

Fraud Files: When Tax Fraud Won’t Go Away

December 11, 2012 Added by:Kelly Colgan

Though it could create procedural challenges for the IRS and the U.S. Postal Service, Congress could solve the problem by simply refusing to issue refunds before April 15. That way they could see who has duplicate returns filed, and investigate before signing over checks to the bad guys...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

The Barnes and Noble Breach Take Aways

December 05, 2012 Added by:PCI Guru

Put video monitoring on all your POS locations. This does not stop such a swap from occurring, but it does at least record such an event if it does occur. This is particularly important in situations where the customer also acts as cashier as with any self checkout situation...

Comments  (0)

6648b1abd4a9b964566c3690613f20a6

FreeBSD Servers Hacked: Lessons on SSH Public Key Authentication

December 04, 2012 Added by:Mark Baldwin

FreeBSD.org are recommending that anyone who downloaded and installed any of their third-party packages between September 19 2012 and November 11 2012 reinstall their systems. Obviously this could be a big burden for a lot of organizations...

Comments  (4)

F29746c6cb299c1755e4087e6126a816

Why I'm Upset About the S.C. Department of Revenue Breach

December 04, 2012 Added by:Kelly Colgan

I’m a South Carolina taxpayer, and therefore, a potential victim of the massive South Carolina Department of Revenue Breach. I work in the identity theft and data risk industry, so when I heard about how everything was being handled and what was being offered, I was upset...

Comments  (2)

Page « < 3 - 4 - 5 - 6 - 7 > »