May 27, 2014 Added by:Tripwire Inc
So the question for us, security professionals and dabblers alike, is how do we make this moment one that makes a difference?
May 27, 2014 Added by:Tal Be'ery
Exploiting the Pass-the-Hash vulnerability is the weapon of choice for most APT attackers. Therefore when Microsoft released a Windows’ update on May 13th titled: “Update to fix the Pass-The-Hash Vulnerability”, it was warmly accepted by IT teams. However, this update was received by the security community with a raised eyebrow, especially due to the fact that just two months before the upd...
May 22, 2014 Added by:Rebecca Herold
Existing privacy laws address only a fraction of the privacy risks that exist, and new risks are emerging all the time. Don’t put your customers, and innocent children’s, privacy at risk by doing things that may be legal, but still a very bad privacy action.
May 20, 2014 Added by:Nima Dezhkam
As a main area of our interest, PCI v3.0 enhances the Penetration Testing requirement by adding guidelines that help both the organizations and the auditors to better show and understand two important areas of concern in every PCI compliance effort.
May 15, 2014 Added by:Sonali Shah
“The King is dead, long live the King” speaks to the inevitability of succession. It is now not a stretch to think about the inevitability of future CEOs leaving power and ascending to power as a result of cyber breaches.
May 14, 2014 Added by:Andrew Avanessian
The most resilient organizations will be those that map out specific security controls that will turn their anticipation of threats into a plan of action. Increasingly, businesses are identifying an emerging theme for preventing security vulnerabilities: restricting employees and IT administrators to standard user accounts and removing the dangers associated with IT admin privileges.
May 13, 2014 Added by:Tripwire Inc
What do we mean when we talk about “hardening systems” to repel exploits and withstand intrusions? Much of this is captured in three simple concepts.
May 06, 2014 Added by:Joe Weiss
DOE recently issued their revised report on Cyber security procurement Language for Energy Delivery Systems dated April 2014.
May 06, 2014 Added by:Tal Be'ery
Since Kerberos authentication and authorization is based solely on the ticket – and not on the user’s credentials, it means that disabling the user’s account has no effect on their ability to access data and services.
May 05, 2014 Added by:Electronic Frontier Foundation
Last week, the White House released its report on big data and its privacy implications, the result of a 90-day study commissioned by President Obama during his January 17 speech on NSA surveillance reforms.
May 01, 2014 Added by:Tripwire Inc
SARA (the Situational Awareness Reference Architecture) provides applicable steps for creating local and shared situational awareness.
April 30, 2014 Added by:Tripwire Inc
For all of the chaos and exposure that came with the Heartbleed OpenSSL vulnerability, there is one thing that the security community got right – broad, loud communication to everyone and their mother.
April 23, 2014 Added by:Tripwire Inc
Know what you have, know how it’s vulnerable, configure it securely, and continuously monitor it to ensure it isn’t compromised and remains secure.
Today's Mobile Device Data Protection Must G... Mic Micac on 09-02-2014
Join the Security Intelligence Network on Li... Mic Micac on 09-02-2014
What PCI Requirements Apply to Us: Tacking a... Mic Micac on 09-02-2014