November 12, 2013 Added by:Jason Clark
Security Advisor Alliance is a nonprofit group of Top security leaders from the Global 1000 who have come together to donate time each week to help our peers in any area of security as a pro-bono service.
August 08, 2013 Added by:Jon Stout
he existing cyber security computing model of the past decade, based on firewalls, anti-viral services, intrusion detection controls, etc., is no longer adequate to help organizations mitigate cyber-security risk.
July 30, 2013 Added by:Jon Stout
You can be doing all the right things, adding immense value to your customer and helping your company build a great brand. When a contract changes even incumbents are suddenly “on the bench” or “between projects” or “on overhead” . You are no longer billable. As a result you have now moved from a profit-generator to a cost center. When this happens you are at risk.
April 12, 2013 Added by:Mikko Jakonen
Well, before COTS (Commercial Off The Shelve) came popular in military and other organizations thinking their security, this could have been avoided. Nowadays, very difficult. Even in trailers. You still need only one computer making possible to interact with others – in many different NETs existing :)
April 03, 2013 Added by:Rohit Sethi
The March 24th public disclosure of a MongoDB zero-day vulnerability (CVE-2013-1892) has been raising eyebrows and initiating discussion among IT security and developers alike. Here’s why we think it stands out...
February 01, 2013 Added by:Simon Moffatt
This complex chain of correlated "security big data", can be used in a manner of ways from post-incident analysis and trend analytics as well as for the mapping of internal data to external threat intelligence. Big data is here to stay and security analytics just needs to figure out the best way to use it...
January 29, 2013 Added by:Infosec Island
Researchers at Rapid7 have uncovered that roughly 40-50 million network-enabled devices are at risk due to vulnerabilities in the Universal Plug and Play (UPnP) protocol.
January 28, 2013 Added by:Pierluigi Paganini
The report revealed the surprising efficiency of well-known vulnerabilities usually included in the popular exploits sold in the underground, around 60% are more than two years old, and 70% of the exploit kits analyzed (26) were released or created in Russia...
January 13, 2013 Added by:Larry Karisny
We start with one big problem. Internet architecture was never made for security. One of my earliest articles quoted the father of the Internet Vint Cerf by saying, "One of things incumbent on all of us is to introduce strong authentication into the fabric of the smart grid. We did not do that with the Internet."
June 01, 2012
This document aims to provide an overview on the actual situation concerning CERT matters in Europe. It provides a list of response teams and similar facilities by country, but also contains a catalog of co-operation, support and standardization activities related to them....
March 15, 2012 Added by:Headlines
The Cisco AnyConnect ActiveX control contains a buffer overflow vulnerability which can allow a remote attacker to convince a user to view a specially crafted HTML document, and the attacker may be able to then execute arbitrary code...
February 27, 2012 Added by:Infosec Island Admin
US-CERT encourages users and administrators to utilize the FBI's rogue DNS detection tool to ensure their systems are not infected with the DNSChanger. Computers testing positive for infection of the malware will need to be cleaned to ensure continued Internet connectivity...
February 16, 2012 Added by:Jeffrey Carr
We should re-assess which attacks should be investigated and which should be let go. The FBI and US-CERT are overwhelmed with tracking everything from probes against government networks to DDoS attacks to targeted attacks against the Defense Industrial Base...
February 15, 2012 Added by:Headlines
Microsoft released updates to address vulnerabilities in Windows, Internet Explorer, Microsoft .NET Framework, Silverlight, Office, and Microsoft Server Software that could allow attackers to execute arbitrary code, cause a denial of service, or gain unauthorized access...
February 03, 2012 Added by:Headlines
Apple has released security updates for Apple OS X Lion 10.7 to 10.7.2, OS X Lion Server 10.7 to 10.7.2, Mac OS 10.6.8, and Mac OS X Server v 10.6.8 to address multiple vulnerabilities that may allow an attacker to execute arbitrary code, a denial-of-service, and bypass security...
January 26, 2012 Added by:Headlines
US-CERT has received reports of attacks using malware-laden email attachments. The advisory comes one week after multiple DDoS attacks were launched against entertainment industry and US government websites by Anonymous supporters in an operation dubbed OpMegaupload...
Why Bother with Security? [If you’re going... Westley McDuffie on 12-12-2013
Are Security Professionals Exiting the Enter... Westley McDuffie on 12-12-2013
The Security Risks of Remote Support Tools ... Amanda Martin on 12-11-2013