Vulns & Alerts
December 05, 2012 Added by:PCI Guru
Put video monitoring on all your POS locations. This does not stop such a swap from occurring, but it does at least record such an event if it does occur. This is particularly important in situations where the customer also acts as cashier as with any self checkout situation...
December 04, 2012 Added by:Mark Baldwin
FreeBSD.org are recommending that anyone who downloaded and installed any of their third-party packages between September 19 2012 and November 11 2012 reinstall their systems. Obviously this could be a big burden for a lot of organizations...
December 04, 2012 Added by:Kelly Colgan
I’m a South Carolina taxpayer, and therefore, a potential victim of the massive South Carolina Department of Revenue Breach. I work in the identity theft and data risk industry, so when I heard about how everything was being handled and what was being offered, I was upset...
November 29, 2012 Added by:Pierluigi Paganini
The group of hackers who named itself Parastoo Farsi have exposed contacts for more than 100 nuclear experts and scientists, the word Parastoo is Farsi and refers to a bird species like the swallow and an Iranian girl's name...
November 09, 2012 Added by:Mikko Jakonen
Criminals or 'adversaries' do not care about your papers. Period. Only a skilled set of controls, wisdom, and discipline in management secures the environment. Attackers will utilize every means to gain access your beloved environment...
October 21, 2012 Added by:Brandon Knight
Penetration testers love compromising systems during assessments, and the most important portion of a penetration test is getting access to critical data and systems. So, post exploitation I generally head for the database servers. Depending on the permissions of the target there may be another hurdle to bypass...
September 28, 2012 Added by:Tripwire Inc
The fact that usernames and passwords were being logged to a plaintext file itself is problematic, even if the passwords are being hashed when stored in a database, if such data is logged in plain text it defeats the entire purpose...
September 26, 2012 Added by:Pierluigi Paganini
A possible Iranian cyber offensive against US banks has been discussed recently, and immediately denied by government of Teheran. Financial institutions are targets for a cyber attacks, as the banking system is a critical asset for a nation and its paralysis could damage economic activities...
September 19, 2012 Added by:Christopher Laing
For collective intelligence directed at security breaches, I would argue, that an effective means of transparently sharing details without fear of recrimination and embarrassment would greatly reduce the impact of such breaches. Fine idea, but how can this be achieved?
September 19, 2012 Added by:Michael Ligh
Explore undocumented windows kernel data structures related to window station objects and the clipboard. Detect clipboard-snooping malware using Volatility - an advanced memory forensics framework...
September 18, 2012 Added by:Michael Ligh
Learn about the undocumented windows kernel data structures related to RDP logon sessions, alternate process listings, and loaded drivers. See how Volatility can help you forensically reconstruct attacker command histories and full input/output console buffers...
September 13, 2012 Added by:Robert Siciliano
A 60-day window covers two billing cycles, enough for most account-conscious consumers who keep an eye on their spending. Victims of fraudulent credit card charges only wind up paying the unauthorized charges if they fail to report the credit card fraud within 60 days...
September 11, 2012 Added by:Pierluigi Paganini
Excluding attacks by foreign governments and cyber criminals that exploit 0-days, with best practices and the adoption of compliance at the current standard, in matters of security it is possible to avoid data breach incidents, or at least reduce the amount of exposed information...
August 16, 2012 Added by:Brian Dean
The bottom line: Hacking is lucrative and can be executed from nearly anywhere in the world. Security professionals should be providing risk assessment results annually to executive management. Of course, providing a list of vulnerabilities is probably career limiting. This is the balancing act we must perform...
August 06, 2012 Added by:David Navetta
The Holmes decision further underscores difficulties in securing any recovery on a data breach lawsuit absent actual identity theft. However, the lengthy history of this case — dating back to 2008 including a challenge to a Court approved settlement — highlights that such cases are protracted and costly to defend...
July 27, 2012 Added by:Kelly Colgan
It’s not just about protecting ourselves from identity theft or fraud like when our account number or government-issued ID numbers are exposed. It’s what I like to call privacy for the sake of privacy. Just knowing that someone could be looking at our personal histories doesn’t sit well with the public...
Update 3: Hackers May Leak Norton Antivirus ... john flynn on 04-23-2014
Good Security Starts at Home... jlukeadan jlukeadan on 04-23-2014
Join Trend Micro & SecurityWeek in Belle... Barbara Daft on 04-23-2014