OS & Software
June 05, 2014 Added by:Rohit Sethi
Attention-grabbing exploits are becoming the norm. We hear about bugs like Heartbleed and IE 0days almost every week. Understandably the public is concerned about insecure technology. Yet for those of us who work in information security, this isn’t news at all. We have long known that insecure software is the root cause of most breaches.
June 01, 2014 Added by:Gianluca Stringhini
Recently, we have been working on gaining a better understanding of spam operations and of the actors involved in this underground economy. We believe that shedding light on these topics can help researchers develop novel mitigation techniques, and identifying which of the already-existing techniques are particularly effective in crippling spam operations, and should therefore be widely deployed.
May 20, 2014 Added by:Tripwire Inc
If configuration hardening settings are “conditional,” meaning they must find and keep that balance between security and productivity, hardening against known vulnerabilities in applications and versions is much more black-and-white.
May 06, 2014 Added by:Tal Be'ery
Since Kerberos authentication and authorization is based solely on the ticket – and not on the user’s credentials, it means that disabling the user’s account has no effect on their ability to access data and services.
April 09, 2014 Added by:Scott Montgomery
Whether you want to acknowledge it or not, the Windows XP and 2003 applications and servers in your estate are going to be at significant risk in a few weeks.
April 01, 2014 Added by:Tal Be'ery
One of the new security features in the latest Windows release (Windows 8.1) is the “Restricted Admin mode for Remote Desktop Connection”. This measure is meant to enhance Windows credential protection against attacks such as Pass-the-Hash and Pass-the-Ticket. However, it appears that cure might be worse than the disease as the new “Restricted Admin mode” opens a new attack surface for the...
March 13, 2014 Added by:Pierluigi Paganini
The agent.btz malware may have served as starting point for malware Turla and the malicious code used in the Red October campaign.
February 27, 2014 Added by:Simon Moffatt
The internal 'trusted' network no longer exists. Employees often pose the biggest threat to information assets, even though they are trusted with legitimate accounts on protected internal machines. Zero Trust is a recent security approach that looks to move away from network segmentation and focus more on data and resources and who can access them, when and from where.
February 20, 2014 Added by:Edward Jones
ZeroAccess, also known as Sirefef, is one of the most robust and durable botnets in recent history. It was first discovered back in July 2011 and has since infected almost 2 million Windows computers all over the world and cost online advertisers over £1.6 million each month through fraudulent clicks!
January 13, 2014 Added by:Allan Liska
On October 23rd the Internet Corporation for Assigned Names and Numbers (ICANN) announced the roll out of the first 4 gTLDS under its New gTLD Program. The new domains could pose a potential security threat to your organization.
November 12, 2013 Added by:Jason Clark
Security Advisor Alliance is a nonprofit group of Top security leaders from the Global 1000 who have come together to donate time each week to help our peers in any area of security as a pro-bono service.
September 21, 2013 Added by:Tripwire Inc
A year or so ago I stumbled upon a way to create Trojans for OS X by utilizing homoglyphs and a bit of social engineering, I disclosed the vulnerability to Apple and presented it at ToorCamp.
August 08, 2013 Added by:Jon Stout
he existing cyber security computing model of the past decade, based on firewalls, anti-viral services, intrusion detection controls, etc., is no longer adequate to help organizations mitigate cyber-security risk.
August 01, 2013 Added by:Jon Stout
There are powerful integrated security dashboards that can be installed and modified to meet each user’s particular needs. Now a company can create hundreds if not thousands of employee cyber warriors with a relatively small investment.
July 02, 2013 Added by:Tripwire Inc
Carberp is sophisticated, modular and persistent malware utilizing advanced obfuscation techniques to evade detection, removal and the ability to disable anti-virus. It also offers malware developers the ability to customize the malicious package statically as well as dynamically via a remote command and control server.
White House Website Includes Unique Non-Cook... makejoh makejoh on 07-28-2014
EBS Encryption: Enhancing the Amazon Web Ser... makejoh makejoh on 07-28-2014
Security and the Internet of Things... makejoh makejoh on 07-28-2014