April 12, 2013 Added by:Mikko Jakonen
Well, before COTS (Commercial Off The Shelve) came popular in military and other organizations thinking their security, this could have been avoided. Nowadays, very difficult. Even in trailers. You still need only one computer making possible to interact with others – in many different NETs existing :)
April 03, 2013 Added by:Rohit Sethi
The March 24th public disclosure of a MongoDB zero-day vulnerability (CVE-2013-1892) has been raising eyebrows and initiating discussion among IT security and developers alike. Here’s why we think it stands out...
March 27, 2013 Added by:Infosec Island
A new malware targeting point-of-sale (POS) systems and ATMs has stolen payment card information from several US banks, researchers say. The author behind the malware appears to have links to a Russian cyber-crime gang.
March 20, 2013 Added by:Ian Tibble
The early days of deciding what to do with the risk will be slow and difficult and there might even be some feisty exchanges, but eventually, addressing the risk becomes a mature, documented process that almost melts into the background hum of the machinery of a business.
March 15, 2013 Added by:Krypt3ia
A site popped up with the domain name exposed.su and within the pages (other than malware lurking for an IE exploit) sits all kinds of personal financial data for famous people. Among the people hit on this site were the likes of Hillary Clinton, Al Gore, FBI Director Mueller and others.
February 19, 2013 Added by:Mike Lennon
In a fascinating, unprecedented, and statistics-packed report, security firm Mandiant made direct allegations and exposed a multi-year, massive cyber espionage campaign that they say with confidence is the work of China.
February 18, 2013 Added by:Wendy Nather
Security is an unrelenting business, one that you can never prove is done adequately. You'll never be finished, and you can never know if you can even take a break. And it's never fully appreciated by the people who make a living based on that reality: the vulnerability finders and the "solution" providers.
February 18, 2013 Added by:Steve Ragan
Most of the time, attacks considered APTs use 0-Day exploits, or malware that slips past poorly updated AV software, or phishing to compromise a host or organization. There is nothing advanced about attacks like these...
February 13, 2013 Added by:Kelly Colgan
The movie “Identity Thief” opened nationwide last weekend, and while we love a good laugh, this flick comes at a cost: the truth. Here are five major plot points that do a disservice to an often-misunderstood crime...
February 01, 2013 Added by:Simon Moffatt
This complex chain of correlated "security big data", can be used in a manner of ways from post-incident analysis and trend analytics as well as for the mapping of internal data to external threat intelligence. Big data is here to stay and security analytics just needs to figure out the best way to use it...
January 28, 2013 Added by:Pierluigi Paganini
The report revealed the surprising efficiency of well-known vulnerabilities usually included in the popular exploits sold in the underground, around 60% are more than two years old, and 70% of the exploit kits analyzed (26) were released or created in Russia...
January 15, 2013 Added by:Jeffrey Carr
Kaspersky made an astonishing announcement today with its discovery of a sophisticated cyber espionage network (most likely Russian) that has been operating since May 2007 and continues to this day. It has successfully infiltrated embassies, research organizations, military and government agencies, energy facilities (including nuclear power plants) predominantly in the Commonwealth of Independent ...
January 13, 2013 Added by:Larry Karisny
We start with one big problem. Internet architecture was never made for security. One of my earliest articles quoted the father of the Internet Vint Cerf by saying, "One of things incumbent on all of us is to introduce strong authentication into the fabric of the smart grid. We did not do that with the Internet."
January 08, 2013 Added by:Ali-Reza Anghaie
I have long said that history and legal precedent will eventually defend "hack back" techniques for those with well established procedures and some degree of market clout (e.g. DIB, Fortune 100s). I've even said, when discussing the Patriot Hacker "The Jester", that self-defense and stand-your-ground will almost certainly come into play and be successfully used in some legal context.
Mobile Security Processes Could Be Applied t... Johnnie Nix on 05-21-2013
ATM Security (And Really Learning from the P... Johnnie Nix on 05-21-2013
New Study Published on Mobile Malware... Caitlin Rachel on 05-21-2013