OS & Software
January 29, 2013 Added by:Don Eijndhoven
German political platform NetzPolitik.org has now uncovered secret documents belonging to the Ministry of Finance, that the Ministry of the Interior sent to the Bundestag (the political seat of Germany) that reveals the German Federal Police’s intention to use Gamma Group’s Finfisher spyware...
January 20, 2013 Added by:Pierluigi Paganini
The first version of the malware demonstrated an improved methodology for injecting code into browsers to remotely control the victim's device and an improved evasion technique to prevent detection by common antivirus software...
January 17, 2013 Added by:Rod MacPherson
Once again, a new 0-day Internet Explorer vulnerability was discovered that affects IE7 and IE8... ...aside from upgrading to IE9/IE10 there is a suggestion that you could mitigate this vulnerability by running EMET. The only realistic action for many businesses to take would be EMET.
January 15, 2013 Added by:Jeffrey Carr
Kaspersky made an astonishing announcement today with its discovery of a sophisticated cyber espionage network (most likely Russian) that has been operating since May 2007 and continues to this day. It has successfully infiltrated embassies, research organizations, military and government agencies, energy facilities (including nuclear power plants) predominantly in the Commonwealth of Independent ...
January 13, 2013 Added by:Larry Karisny
We start with one big problem. Internet architecture was never made for security. One of my earliest articles quoted the father of the Internet Vint Cerf by saying, "One of things incumbent on all of us is to introduce strong authentication into the fabric of the smart grid. We did not do that with the Internet."
January 04, 2013 Added by:Pierluigi Paganini
It’s the news of the day, a fraudulent digital certificate that could be used for active phishing attacks against Google’s web properties. Using the certificate it is possible to spoof content in a classic phishing schema or perform a man-in-the-middle attack according Google Chrome Security Team and Microsoft experts.
January 04, 2013 Added by:Larry Karisny
Current IDS solutions have high instances of false positives and true negatives and are extremely costly to maintain. Current IDS solutions were not designed for today's hyper connected business processes with high volume of instances. Attempting to detect misuse or anomalous behaviors requires infinite numbers of rules, patterns or algorithms, which is not possible, and is therefore the cause of ...
January 03, 2013 Added by:Dan Dieterle
Meet the “Fork Bomb”. Basically all it does is instruct Linux to open processes – over and over again for an almost infinite number of times. Your RAM and CPU usage rises until the system no longer responds to input.
January 03, 2013 Added by:Gary McCully
This is a real world story around the dangers of not following proper change control processes when placing new systems in production. In this blog I will discuss how one person’s actions could have resulted in an attacker gaining complete access to the organization’s internal network. I am hoping this example will cause organizations to take their change control processes a little more seriou...
January 02, 2013 Added by:Rafal Los
Now, admittedly you already probably know I'm not a huge proponent of "bug bounty" programs, as I see the abuses and failure potential outweigh the redemption value in the cases I've seen outside of the few 'big names'... but this caught my attention because they may actually be onto something.
December 27, 2012 Added by:Jeffrey Carr
Most malware writers just want to be paid for their research; something that isn't happening frequently enough or at a rate that's considered fair by the researchers. As a result, some of those researchers are exploring grey markets in offensive malware development or are selling 0-days to clients...
December 27, 2012 Added by:Pierluigi Paganini
Everytime news related to Stuxnet is spread on the Internet, immediately the worldwide security community writes on cyber war and the possible consequences of a cyber attacks, but what is really happening this time?
December 26, 2012 Added by:Simon Moffatt
Technology evolves so quickly that 12 weeks is an age when it comes to new ideas and market changes - and security is no different. However, the main areas I will personally be following with interest though, will be the BYOD/BYOA, personnel, preemptive security and social intelligence...
December 19, 2012 Added by:Spencer McIntyre
This vulnerability would be useful for penetration testers and attackers alike depending on how it could be exploited and any other limiting factors. The following information is the result of a technical analysis of the patch on a Windows XP SP3 system...
December 19, 2012 Added by:Pierluigi Paganini
Analysis revealed that the malicious code has a simple and efficient design that allows it to wipe files on different drives in various predefined times. The malware wipes disk partitions and user profile directories avoiding ordinary anti-virus software detection...
December 17, 2012 Added by:Keith Mendoza
ZD Net had an article entitled "Kernel vulnerability places Samsung devices at risk" and I thought "so, what's new" until I followed the link to the forum post on xda-developers. Then I just lost it because I'm certain that this is a result of plain and simple laziness...
Carberp Botnet Lifecycle Infographic... Sheila Santos on 07-26-2014
How Politics Influences Security... Sheila Santos on 07-26-2014
Security Risks of Telecommuting... Sheila Santos on 07-26-2014