February 27, 2014 Added by:Simon Moffatt
The internal 'trusted' network no longer exists. Employees often pose the biggest threat to information assets, even though they are trusted with legitimate accounts on protected internal machines. Zero Trust is a recent security approach that looks to move away from network segmentation and focus more on data and resources and who can access them, when and from where.
February 19, 2014 Added by:Dan Dieterle
In this post we will show you how to get a remote shell on an Android by using Metasploit in Kali Linux.
February 19, 2014 Added by:Vince Kornacki
Attackers utilize a variety of tools to automate password guessing attacks, including Hydra, Nmap in conjunction with the http-form-brute script, and homegrown scripts. In this post, Vince explains how to conduct Vertical Password Guessing Attacks.
January 29, 2014 Added by:Krishna Raja
Discovering vulnerabilities is often the main objective of security teams within large organizations. This is achieved through initiatives such as penetration testing and source code review. But as we know, this is only the first step towards a secure organization.
January 28, 2014 Added by:Nima Dezhkam
Despite SAMM’s comprehensive guidelines around establishing an organization-wide security program and integrating security into in-house software development life-cycle, it does not elaborate as much on third-party vendor security and outsourced software development.
January 06, 2014 Added by:Rohit Sethi
The NIST Cyber Security Framework completely lacks any mention of application security. We predict that organizations will likewise adopt the framework with scant attention paid to secure software, which will lull them into a false sense of security.
November 12, 2013 Added by:Jason Clark
Security Advisor Alliance is a nonprofit group of Top security leaders from the Global 1000 who have come together to donate time each week to help our peers in any area of security as a pro-bono service.
November 04, 2013 Added by:Simon Moffatt
The modern enterprise workforce, will contain contractors, freelancer and even consumers themselves. Bloggers, reviewers, supporters, promoters, content sharers and affiliates, whilst not on the company payroll, help drive revenue through messaging and interaction. If a platform exists where their identity can be harnessed, a new more agile go to market approach can be developed.
September 25, 2013 Added by:InfoSec Institute
Changing the code behind existing web applications is a time-intensive but effective way for hackers to harvest authentication credentials and data. However, you can detect and defend against these types of attacks by using the right mix of file integrity check utilities, antivirus software, and change control policy.
September 12, 2013 Added by:Mike Lennon
Vodafone Germany said an attacker with insider knowledge had stolen the personal data of two million of its customers from a server located in Germany.
September 11, 2013 Added by:Rohit Sethi
Let’s say you’ve just had a pen test or security scan performed on your application. You review the list of findings and get to work on remediation. Apart from obvious shortcomings of any individual single assessment technique, you may also be doing a disservice to meeting your business goals.
August 08, 2013 Added by:Jon Stout
he existing cyber security computing model of the past decade, based on firewalls, anti-viral services, intrusion detection controls, etc., is no longer adequate to help organizations mitigate cyber-security risk.
July 30, 2013 Added by:Jon Stout
You can be doing all the right things, adding immense value to your customer and helping your company build a great brand. When a contract changes even incumbents are suddenly “on the bench” or “between projects” or “on overhead” . You are no longer billable. As a result you have now moved from a profit-generator to a cost center. When this happens you are at risk.
July 17, 2013 Added by:Simon Moffatt
Two factor authentication solutions have been around for a number of years. While these additional processes certainly go some way to improve security, and reduce the significance of the account password, it highlights a few interesting issues, mainly that password based authentication is still a weak link.
July 16, 2013 Added by:Don Eijndhoven
Since somewhere as early as 2007 the various US intelligence and Law Enforcement agencies used the law to gain access to information harvested by tech giants such as Microsoft, Google, Apple, Yahoo, Facebook, Skype and Youtube.
June 24, 2013 Added by:Larry Karisny
Knowing the reality and reasons behind cyberattacks, it’s time to stop talking and start offering resolution to these serious problems. There is no "it won’t happen to me" anymore. We must immediately deploy prevention and detection technologies to our critical processes or frankly, we could lose it all.
Making Sense of Split Tunneling ... nat ravitz on 03-06-2014
The Target Breach: How Network Security Best... Barry Herne on 03-05-2014
Making Sense of Split Tunneling ... nat ravitz on 03-05-2014