Vulns & Alerts

306708aaf995cf6a77d3083885b60907

Iowa Mental Health Institute Warns of Missing Backup Tape

June 26, 2013 Added by:Mike Lennon

The Iowa Department of Human Services on Wednesday warned former patients at the Mental Health Institute in Independence and others, about a possible breach of their confidential information due to a lost backup tape.

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Another Reason Hacking Back is Probably a Bad Idea

June 20, 2013 Added by:Rafal Los

Private industry and corporations alike are talking about “hack-back.” It’s no secret I believe that “hack-back” is a bad idea, for many reasons.

Comments  (3)

F2792196079f2c16cd02be6e9ff5b3da

Why are Cybercrimes NOT Always White-collar Crimes?

June 17, 2013 Added by:DHANANJAY ROKDE

A generic definition of a crime would be an act that is in violation of the applicable laws.

Comments  (0)

1de705dde1cf97450678321cd77853d9

Scangate Re-visited: Vulnerability Scanners Uncovered

June 12, 2013 Added by:Ian Tibble

The notion that VA tools really can be used to give a decent picture of vulnerability is still heavily embedded, and that notion in itself presents a serious vulnerability for businesses.

Comments  (0)

5e402abc3fedaf8927900f014ccc031f

Into the Breach

April 16, 2013 Added by:Allan Pratt, MBA

One day, you come into the office and discover that your network has been breached. To make matters worse, your customer data has been stolen. What do you do?

Comments  (0)

36317a78f97d1d6d7a02333ad01186fa

New Approaches for Blocking Zero-Day Exploits to Prevent APTs

April 16, 2013 Added by:George Tubin

Cybercriminals continue to develop new methods to bypass security controls in order to install malware on corporate endpoints. An endpoint protection approach that provides both effectiveness and manageability must begin with an understanding of the attack vectors that require mitigation.

Comments  (1)

F66c1a87a8db2cb584b4e06e93a84ce3

Attack Vector Undefined: Dismantling ‘Defense in Depth’ through Power Grid.

April 12, 2013 Added by:Mikko Jakonen

Well, before COTS (Commercial Off The Shelve) came popular in military and other organizations thinking their security, this could have been avoided. Nowadays, very difficult. Even in trailers. You still need only one computer making possible to interact with others – in many different NETs existing :)

Comments  (0)

682e0e796084e163c5ca053dd8573b0c

Making Patching Work for SCADA and Industrial Control System Security

April 05, 2013 Added by:Eric Byres

Applying patches is a critical part of good security. According to US-CERT, about 95% of all network intrusions could have been avoided by keeping systems up to date with appropriate patches. What I am against is patching as a knee-jerk reaction to security vulnerabilities. You can’t expect your control system to operate reliably if you don’t have a controlled process for patching.

Comments  (0)

219bfe49c4e7e1a3760f307bfecb9954

MongoDB Remote Command Execution Vulnerability: Nightmare or Eye-Opener?

April 03, 2013 Added by:Rohit Sethi

The March 24th public disclosure of a MongoDB zero-day vulnerability (CVE-2013-1892) has been raising eyebrows and initiating discussion among IT security and developers alike. Here’s why we think it stands out...

Comments  (0)

Default-avatar

New Malware Targets POS Systems and ATMs, Hits Major US Banks

March 27, 2013 Added by:Infosec Island

A new malware targeting point-of-sale (POS) systems and ATMs has stolen payment card information from several US banks, researchers say. The author behind the malware appears to have links to a Russian cyber-crime gang.

Comments  (0)

1de705dde1cf97450678321cd77853d9

Hardening Is Hard If You're Doing It Right

March 20, 2013 Added by:Ian Tibble

The early days of deciding what to do with the risk will be slow and difficult and there might even be some feisty exchanges, but eventually, addressing the risk becomes a mature, documented process that almost melts into the background hum of the machinery of a business.

Comments  (1)

682e0e796084e163c5ca053dd8573b0c

SCADA and ICS Security: Welcome to the Patching Treadmill

March 15, 2013 Added by:Eric Byres

After Stuxnet, security researchers and hackers on the prowl for new targets to exploit shifted their efforts to critical industrial infrastructure. Unfortunately, the SCADA and Industrial Control Systems applications they are now focusing on are sitting ducks.

Comments  (0)

Da3ca2c61c4790bcbd81ebf28318d10a

Из России с любовью - "From Russia With Love"

March 15, 2013 Added by:Krypt3ia

A site popped up with the domain name exposed.su and within the pages (other than malware lurking for an IE exploit) sits all kinds of personal financial data for famous people. Among the people hit on this site were the likes of Hillary Clinton, Al Gore, FBI Director Mueller and others.

Comments  (1)

Default-avatar

Three New Podcasts: Security Conversations - A Podcast With Ryan Naraine

March 04, 2013 Added by:Infosec Island

In these three new episodes of the Security Conversations Podcast, Ryan Naraine interviews Adobe's David Lenoe on Frustrations With "Partial Disclosure", Securosis CEO Rich Mogull on Mandiant's APT1 Report and Advanced Threat Actors, and Sourcefire's Yves Younan on Tracking 25 Years of Vulnerability Data.

Comments  (0)

Da3ca2c61c4790bcbd81ebf28318d10a

So APT Is China *snicker* Now What?

February 28, 2013 Added by:Krypt3ia

As RSA comes to a close and the corridors of the hall stop ringing with the acronym APT, I find myself once again looking at the problem as opposed to the hype.

Comments  (0)

306708aaf995cf6a77d3083885b60907

China's PLA Behind Massive Cyber Espionage Operation

February 19, 2013 Added by:Mike Lennon

In a fascinating, unprecedented, and statistics-packed report, security firm Mandiant made direct allegations and exposed a multi-year, massive cyber espionage campaign that they say with confidence is the work of China.

Comments  (0)

Page « < 3 - 4 - 5 - 6 - 7 > »