September 02, 2014 Added by:Tripwire Inc
We frequently work with customers who use patch management solutions and are missing patches. The reason? I don’t think anyone fully understands the Microsoft Patching process and the third-parties don’t always get it right either.
July 31, 2014 Added by:Cyphort
Since the first report on Havex RAT’s involvement with Industrial Control Systems (ICS) emerged last month, ICS operators were reminded to what extent malware authors will go to intrude their systems.
June 05, 2014 Added by:Rohit Sethi
Attention-grabbing exploits are becoming the norm. We hear about bugs like Heartbleed and IE 0days almost every week. Understandably the public is concerned about insecure technology. Yet for those of us who work in information security, this isn’t news at all. We have long known that insecure software is the root cause of most breaches.
May 20, 2014 Added by:Tripwire Inc
If configuration hardening settings are “conditional,” meaning they must find and keep that balance between security and productivity, hardening against known vulnerabilities in applications and versions is much more black-and-white.
April 09, 2014 Added by:Scott Montgomery
Whether you want to acknowledge it or not, the Windows XP and 2003 applications and servers in your estate are going to be at significant risk in a few weeks.
April 01, 2014 Added by:Tal Be'ery
One of the new security features in the latest Windows release (Windows 8.1) is the “Restricted Admin mode for Remote Desktop Connection”. This measure is meant to enhance Windows credential protection against attacks such as Pass-the-Hash and Pass-the-Ticket. However, it appears that cure might be worse than the disease as the new “Restricted Admin mode” opens a new attack surface for the...
February 27, 2014 Added by:Simon Moffatt
The internal 'trusted' network no longer exists. Employees often pose the biggest threat to information assets, even though they are trusted with legitimate accounts on protected internal machines. Zero Trust is a recent security approach that looks to move away from network segmentation and focus more on data and resources and who can access them, when and from where.
November 12, 2013 Added by:Jason Clark
Security Advisor Alliance is a nonprofit group of Top security leaders from the Global 1000 who have come together to donate time each week to help our peers in any area of security as a pro-bono service.
August 08, 2013 Added by:Jon Stout
he existing cyber security computing model of the past decade, based on firewalls, anti-viral services, intrusion detection controls, etc., is no longer adequate to help organizations mitigate cyber-security risk.
August 01, 2013 Added by:Jon Stout
There are powerful integrated security dashboards that can be installed and modified to meet each user’s particular needs. Now a company can create hundreds if not thousands of employee cyber warriors with a relatively small investment.
June 24, 2013 Added by:Larry Karisny
Knowing the reality and reasons behind cyberattacks, it’s time to stop talking and start offering resolution to these serious problems. There is no "it won’t happen to me" anymore. We must immediately deploy prevention and detection technologies to our critical processes or frankly, we could lose it all.
May 10, 2013 Added by:Steve Ragan
Before malware could become a threat to medical devices, Adam Ely said attackers would have to write malware specifically targeted to these devices and organizations; or the devices would have to adopt a standard platforms and software.
April 29, 2013 Added by:Rohit Sethi
The 2013 Verizon Data Breach Investigations Report has some important data for software development teams, particularly when considering the likelihood of certain threats to your system.
Today's Mobile Device Data Protection Must G... Mic Micac on 09-02-2014
Join the Security Intelligence Network on Li... Mic Micac on 09-02-2014
What PCI Requirements Apply to Us: Tacking a... Mic Micac on 09-02-2014