Vulnerabilities

6a71825dbf6d876764b845e0fd664e0b

Cybersecurity Trends for SMBs: Mobile, Security and the Cloud

April 10, 2015 Added by:Paul Lipman

While SMBs are vulnerable to many of the same types of attacks as the companies making headlines (Target, JP Morgan, Home Depot, Anthem, etc.), they must defend themselves with vastly smaller IT teams and budgets. SMBs are finding they have a unique set of challenges and vulnerabilities that require a comprehensive but tailored approach to security.

Comments  (0)

3428b21bc539312dd5e2d34078d7cd41

The Dark Side of “You Will” in the Internet of Things

April 02, 2015 Added by:Christopher Budd

Back in the early 1990s, AT&T capitalized on this with their “You Will” campaign, which outlined some of the things they said “you will” be able to do in the future. The bright future of technology is intriguing and exciting, but we must first take responsibility for our security and privacy as to avoid any downfalls.

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

The Government Says It Has a Policy on Disclosing Zero-Days, But Where Are the Documents to Prove It?

March 30, 2015 Added by:Electronic Frontier Foundation

Despite the White House’s claim that it had “reinvigorated” its policies in spring 2014 and “established a disciplined, rigorous and high-level decision-making process for vulnerability disclosure,” none of the documents released in response to our lawsuit appear to be newer than 2010.

Comments  (0)

93c815429fc1ab15a9295a4f55989ae0

Excellent TLS Made Easy

March 24, 2015 Added by:Neohapsis

Cryptography is notorious for requiring very specific skills to configure correctly, and on top of that it tends to be a moving target: it seems like every other month there is a new vulnerability specific to SSL/TLS.

Comments  (0)

6d117b57d55f63febe392e40a478011f

Enterprise Networks Plagued with Unsafe Mobile Applications

March 23, 2015 Added by:Anthony M. Freed

In yet another case that underscores the risks involved with employee mobile devices, a new study reveals that the average large enterprise has approximately 2,400 unsafe applications installed in its mobile environment.

Comments  (0)

D36d0936f0c839be7bf2b20d59eaa76d

Dangers Accelerate: Increasing Global Threats Loom Over Information Security Landscape

March 19, 2015 Added by:Steve Durbin

The pace and scale of information security threats continues to accelerate, endangering the integrity and reputation of today’s most trusted organizations. Attackers have become more organized, attacks are more refined, and all threats are more dangerous, and pose more risks, to an organization’s reputation than ever before.

Comments  (0)

85ebad98d8a178be8baf16929526446e

The Bloody Battle of Website Defacement: “ISIS” Hackers vs. WordPress

March 13, 2015 Added by:Nimrod Luria

Eliminating defacement attacks on a WordPress site is extremely difficult because of the vulnerable nature of the platform. Administrators should continuously check for the appearance of unknown files and directories and monitor them for changes.

Comments  (3)

7ddc1f3000a13e4dfec28074e9e7b658

EFF Joins Civil Society and Computer Security Experts to Call for Rejection of Flawed Cybersecurity Legislation

March 05, 2015 Added by:Electronic Frontier Foundation

EFF has joined 26 civil society organizations and 22 computer security experts in a letter that calls on the Senate Select Committee on Intelligence to reject the Cybersecurity Information Sharing Act of 2015 (CISA).

Comments  (6)

F45df53d99605d46f5ae32b7bed9fe22

Anthem Breach: How Hackers Stole Credentials and Why Two-Factor Authentication May Help Prevent Future Phishing Scams

February 09, 2015 Added by:Thu Pham

If the Anthem attack was carried out as the result of using a single password, their access security wasn’t up to industry standards. Two-factor authentication may have thwarted attacks by requiring the use of a personal device to verify the identity of a system administrator or other technical employee with access to their database of millions of sensitive records.

Comments  (5)

Fc152e73692bc3c934d248f639d9e963

SSL is Officially Declared Dead

February 09, 2015 Added by:PCI Guru

Not that this should be a surprise to any QSA as the POODLE vulnerability effectively killed SSL. The Council has now officially announced that SSL is no longer deemed to be strong cryptography.

Comments  (6)

65be44ae7088566069cc3bef454174a7

Data Collection Must be Limited for Internet of Things Privacy

February 02, 2015 Added by:Rebecca Herold

I know people use and love the wearable fitness devices and credit them with helping them to get into better shape. However, consumers concerned about privacy want to know about all the data the devices are collecting, along with how it is being used and shared, before using the devices.

Comments  (6)

7ddc1f3000a13e4dfec28074e9e7b658

How Verizon and Turn Defeat Browser Privacy Protections

January 15, 2015 Added by:Electronic Frontier Foundation

Verizon advertising partner Turn has been caught using Verizon Wireless's UIDH tracking header to resurrect deleted tracking cookies and share them with dozens of major websites and ad networks, forming a vast web of non-consensual online tracking.

Comments  (1)

7ddc1f3000a13e4dfec28074e9e7b658

Let's Encrypt (the Entire Web): 2014 in Review

January 06, 2015 Added by:Electronic Frontier Foundation

We've been pursuing the ideas that turned into Let's Encrypt for three years, so it was a great pleasure to be able to share what we've been working on with the world.

Comments  (4)

6a71825dbf6d876764b845e0fd664e0b

Moving from Alert-Driven to Intelligence-Driven Security

January 05, 2015 Added by:Paul Lipman

The emergence of smart, integrated, cloud-based security services will enable a transformation from an alert-centric to an intelligence-centric approach to security. This will vastly enhance the Chief Information Security Officer's (CISO’s) visibility and ultimately deliver substantial improvements in the robustness of the overall security posture.

Comments  (1)

298ae75e0e4be21caa0c666fb05fcf67

Pwning Networks Through Vulnerable Applications

December 08, 2014 Added by:Saurabh Harit

If you are a pentester, you would agree that one of the most common ways of compromising a network is through vulnerable 3rd-party applications.

Comments  (0)

65be44ae7088566069cc3bef454174a7

“Privacy Information” Depends upon Context

December 08, 2014 Added by:Rebecca Herold

Lack of understanding of privacy, and understanding of the data that impacts privacy, is what creates many of our current privacy problems throughout private and public industries.

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »