Vulns & Alerts
October 10, 2014 Added by:Mike Lennon
Kmart is the latest large U.S. retailer to experience a breach of its payment systems, joining a fast growing club dealing successful hack attacks that have resulted in the exposure of customer data and payment card information.
October 06, 2014 Added by:Anton Chuvakin
Do not make your security architecture solely reliant on patching. Big vulnerabilities will happen and so will zero-days, so make sure that your entire security architecture does not crumble if there is one critical vulnerability: do defense in depth, layers, “least privilege”, controls not reliant on updates, monitoring, deception, etc.
October 02, 2014 Added by:Malwarebytes
No malware author wants an analyst snooping around their code, so they employ tricks to inhibit analysis.
September 26, 2014 Added by:InfosecIsland News
Opinions vary wildly among experts as to the potential impact of the Shellshock vulnerability. What is known—and agreed upon—at this point, is that Shellshock is a very serious vulnerability because it allows remote code execution and gives the attacker full access to the system.
September 25, 2014 Added by:Wendy Nather
As many are explaining, one of the biggest problems with this #shellshock vulnerability is that it's in part of the Unix and Linux operating systems -- which means it's everywhere, particularly in things that were built decades ago and in things that were never meant to be updated.
September 22, 2014 Added by:Cyphort
After the first major success of POS malware breaching Target Corporation in November 2013 occurred, the number of POS device infections in the wild skyrocketed.
September 17, 2014 Added by:InfosecIsland News
Following a sold out event in 2013, the 2014 ICS Cyber Security Conference is expected to attract more than 250 professionals from around the world and again sell out. Attendees can register online and pay just $1895 for a full conference registration which includes 4 days AND workshops on Monday.
September 02, 2014 Added by:Tripwire Inc
We frequently work with customers who use patch management solutions and are missing patches. The reason? I don’t think anyone fully understands the Microsoft Patching process and the third-parties don’t always get it right either.
August 20, 2014 Added by:Tripwire Inc
In our third and final post of this series, Tripwire’s Vulnerability and Exposure Research Team (VERT) highlights four more unnecessary risks that often appear in even the most secure networks.
August 19, 2014 Added by:Mike Lennon
TrustedSec, citing sources familiar with the incident, said on Tuesday that the initial attack vector was through the infamous “Heartbleed” vulnerability in OpenSSL which provided the attackers a way in, eventually resulting in the compromise of patient data.
August 07, 2014 Added by:InfosecIsland News
Symantec tips help consumers safeguard information in light of claims that a Russian cybercrime group is behind the largest known collection of stolen Internet credentials.
July 17, 2014 Added by:Neohapsis
Without full disk encryption (like BitLocker), sensitive system files will always be available to an attacker, and credentials can be compromised.
How Businesses Can Reduce Wearables Security... manthan rathod on 04-09-2015
Lessons From Hillary Clinton's Email Securit... manthan rathod on 04-09-2015
New Facebook Worm Variant Leverages Multiple... manthan rathod on 04-09-2015