Privacy

Bd07d58f0d31d48d3764821d109bf165

Heartbleed Should Give You Cardiac Arrest

April 09, 2014 Added by:Tripwire Inc

Estimates are over 66% of active websites on the internet may be vulnerable to this bug, found in OpenSSL, an open source cryptographic library used in the Apache web server and ignx when creating communications with users.

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

Websites Must Use HSTS in Order to Be Secure

April 07, 2014 Added by:Electronic Frontier Foundation

So why haven't more websites enabled HSTS? The biggest reason, we fear, is that web developers just don't know about it.

Comments  (0)

76e662e7786bf88946bd6c010c03ac65

We Have to Find Ways to Reinforce Trust

March 29, 2014 Added by:Jarno Limnéll

We are losing the battle for cyberspace. Not because malicious actors are taking over the digital world, but because we are forgetting what is the element that makes us feel safe and secure in any world: the ability to trust.

Comments  (0)

65c1700fde3e9a94cc060a7e3777287c

Zero Trust and the Age of Global Connectivity

February 27, 2014 Added by:Simon Moffatt

The internal 'trusted' network no longer exists. Employees often pose the biggest threat to information assets, even though they are trusted with legitimate accounts on protected internal machines. Zero Trust is a recent security approach that looks to move away from network segmentation and focus more on data and resources and who can access them, when and from where.

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Getting a Remote Shell on an Android Device using Metasploit

February 19, 2014 Added by:Dan Dieterle

In this post we will show you how to get a remote shell on an Android by using Metasploit in Kali Linux.

Comments  (0)

9fb165a9b7dfef2a9f8ac7d69b22a42c

Vertical Password Guessing Attacks Part II

February 19, 2014 Added by:Vince Kornacki

Attackers utilize a variety of tools to automate password guessing attacks, including Hydra, Nmap in conjunction with the http-form-brute script, and homegrown scripts. In this post, Vince explains how to conduct Vertical Password Guessing Attacks.

Comments  (0)

39eb20ce0f68b66e0bd72c5d1e2954fe

Vulnerabilty Remediation Tips

January 29, 2014 Added by:Krishna Raja

Discovering vulnerabilities is often the main objective of security teams within large organizations. This is achieved through initiatives such as penetration testing and source code review. But as we know, this is only the first step towards a secure organization.

Comments  (2)

022aafe7eef823af1fa3931a5539ae49

How SAMM Addresses Outsourced Development

January 28, 2014 Added by:Nima Dezhkam

Despite SAMM’s comprehensive guidelines around establishing an organization-wide security program and integrating security into in-house software development life-cycle, it does not elaborate as much on third-party vendor security and outsourced software development.

Comments  (0)

219bfe49c4e7e1a3760f307bfecb9954

The NIST Cyber Security Framework Completely Misses the Mark

January 06, 2014 Added by:Rohit Sethi

The NIST Cyber Security Framework completely lacks any mention of application security. We predict that organizations will likewise adopt the framework with scant attention paid to secure software, which will lull them into a false sense of security.

Comments  (0)

54b393d8c5ad38d03c46d060fa365773

Security Advisor Alliance, A Nonprofit of Elite CISOs giving back to the community.

November 12, 2013 Added by:Jason Clark

Security Advisor Alliance is a nonprofit group of Top security leaders from the Global 1000 who have come together to donate time each week to help our peers in any area of security as a pro-bono service.

Comments  (0)

65c1700fde3e9a94cc060a7e3777287c

The Road To Identity Relationship Management

November 04, 2013 Added by:Simon Moffatt

The modern enterprise workforce, will contain contractors, freelancer and even consumers themselves. Bloggers, reviewers, supporters, promoters, content sharers and affiliates, whilst not on the company payroll, help drive revenue through messaging and interaction. If a platform exists where their identity can be harnessed, a new more agile go to market approach can be developed.

Comments  (0)

86d8831c7ce6fcda920aac867a984d98

Leaked Data and Credentials: Cracked Web Applications

September 25, 2013 Added by:InfoSec Institute

Changing the code behind existing web applications is a time-intensive but effective way for hackers to harvest authentication credentials and data. However, you can detect and defend against these types of attacks by using the right mix of file integrity check utilities, antivirus software, and change control policy.

Comments  (0)

306708aaf995cf6a77d3083885b60907

Insider Steals Data of 2 Million Vodafone Germany Customers

September 12, 2013 Added by:Mike Lennon

Vodafone Germany said an attacker with insider knowledge had stolen the personal data of two million of its customers from a server located in Germany.

Comments  (0)

219bfe49c4e7e1a3760f307bfecb9954

Why Remediating Assessment Results Might be Harmful to Your Business

September 11, 2013 Added by:Rohit Sethi

Let’s say you’ve just had a pen test or security scan performed on your application. You review the list of findings and get to work on remediation. Apart from obvious shortcomings of any individual single assessment technique, you may also be doing a disservice to meeting your business goals.

Comments  (0)

98180f2c2934cab169b73cb01b6d7587

Cyber Security and Terrorism – See Something, Say Something

August 08, 2013 Added by:Jon Stout

he existing cyber security computing model of the past decade, based on firewalls, anti-viral services, intrusion detection controls, etc., is no longer adequate to help organizations mitigate cyber-security risk.

Comments  (0)

98180f2c2934cab169b73cb01b6d7587

Top Secret SCI Jobs - The Value of Smaller Contractors

July 30, 2013 Added by:Jon Stout

You can be doing all the right things, adding immense value to your customer and helping your company build a great brand. When a contract changes even incumbents are suddenly “on the bench” or “between projects” or “on overhead” . You are no longer billable. As a result you have now moved from a profit-generator to a cost center. When this happens you are at risk.

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »