February 24, 2015 Added by:Brian Prince
According to the latest edition of Hewlett-Packard's Cyber Risk Report, 44 percent of known breaches in 2014 came from vulnerabilities that were between two and four years old.
February 18, 2015 Added by:Eduard Kovacs
According to Hector Marco, a Spain-based security researcher, an attacker can remotely launch a denial-of-service (DoS) attack against a user by sending them a specially crafted email.
February 16, 2015 Added by:Eduard Kovacs
A new report published by Alcatel-Lucent’s Motive Security Labs estimates that 16 million mobile devices were infected with malware in 2014.
February 11, 2015 Added by:Patrick Oliver Graf
Two years ago almost to the day, months before cyberattacks entered the world’s collective consciousness, the European Union took the bold step of publishing an ambitious cybersecurity strategy. The strategy aims to outline the best path forward for identifying and responding to emerging digital threats.
Anthem Breach: How Hackers Stole Credentials and Why Two-Factor Authentication May Help Prevent Future Phishing Scams
February 09, 2015 Added by:Thu Pham
If the Anthem attack was carried out as the result of using a single password, their access security wasn’t up to industry standards. Two-factor authentication may have thwarted attacks by requiring the use of a personal device to verify the identity of a system administrator or other technical employee with access to their database of millions of sensitive records.
January 28, 2015 Added by:Anthony M. Freed
But the four cybersecurity legislation bills that were approved last month did not address all of the top concerns, namely the creation of an information-sharing platform that would enable better information exchange about cyber-based threats between the public and private sectors.
January 27, 2015 Added by:Eduard Kovacs
Researchers reported earlier this month that Google was no longer patching vulnerabilities affecting the WebView component in Android Jelly Bean (4.3) and prior.
January 26, 2015 Added by:Tripwire Inc
Over the past few years, we have seen cybersecurity move from the realm of IT into the boardroom and now onto the political stage. The reason for this is clear—the resiliency, security and safety of the Internet is critical to our economy and the progress of our society as a whole. It is our future.
January 26, 2015 Added by:Dan Dieterle
You have a remote shell to a Windows box in Metasploit, very cool, but what can you do?
January 22, 2015 Added by:Joe Weiss
I have seen few attempts to provide guidance to end-users about common issues with control system cyber incidents that transcend industries and even national boundaries. The following was a result of a discussion with a relevant entity about a domestic fossil plant cyber incident and its commonality to several other plant cyber incidents.
January 20, 2015 Added by:Joe Weiss
The North American Electric Corporation (NERC) Critical Infrastructure Protection (CIP) cyber security standards were developed to increase the cyber security and reliability of the electric grid. Unfortunately, they are not doing either.
January 19, 2015 Added by:Patrick Oliver Graf
One month ago, we asked, “What network security lessons can we learn from the Sony attack?” Since then, new information has been slow to trickle out, save for the FBI’s mid-December statement that assigned responsibility to the North Korean government.
January 07, 2015 Added by:Michael Leland
Your security team is getting alerts from internal sensors, threat intelligence from multiple sources, and potential indicators of attack or compromise from your SIEM. Relying on these human filters to decode, deduce, and decide what is relevant takes valuable time and can result in long delays between attack, detection, and containment.
January 05, 2015 Added by:Thu Pham
Every organization, regardless of size, is comprised of a variety of sensitive data - from HR and payroll handling medical, financial and personally identifiable employee data to your precious intellectual property. And each of these data types can be sold for a price on the black market, making them valuable to attackers financially as well as for blackmail purposes.
Hacker to Release Symantec's PCAnywhere Sour... Jerry Shaw on 10-05-2015
PoS Malware Kits Rose in Underground in 2014... on 03-17-2015
New PCI Compliance Study... on 03-17-2015