Webappsec->General
The Government Says It Has a Policy on Disclosing Zero-Days, But Where Are the Documents to Prove It?
March 30, 2015 Added by:Electronic Frontier Foundation
Despite the White House’s claim that it had “reinvigorated” its policies in spring 2014 and “established a disciplined, rigorous and high-level decision-making process for vulnerability disclosure,” none of the documents released in response to our lawsuit appear to be newer than 2010.
Comments (0)
Excellent TLS Made Easy
March 24, 2015 Added by:Neohapsis
Cryptography is notorious for requiring very specific skills to configure correctly, and on top of that it tends to be a moving target: it seems like every other month there is a new vulnerability specific to SSL/TLS.
Comments (0)
Enterprise Networks Plagued with Unsafe Mobile Applications
March 23, 2015 Added by:Anthony M. Freed
In yet another case that underscores the risks involved with employee mobile devices, a new study reveals that the average large enterprise has approximately 2,400 unsafe applications installed in its mobile environment.
Comments (0)
Dangers Accelerate: Increasing Global Threats Loom Over Information Security Landscape
March 19, 2015 Added by:Steve Durbin
The pace and scale of information security threats continues to accelerate, endangering the integrity and reputation of today’s most trusted organizations. Attackers have become more organized, attacks are more refined, and all threats are more dangerous, and pose more risks, to an organization’s reputation than ever before.
Comments (0)
The Bloody Battle of Website Defacement: “ISIS” Hackers vs. WordPress
March 13, 2015 Added by:Nimrod Luria
Eliminating defacement attacks on a WordPress site is extremely difficult because of the vulnerable nature of the platform. Administrators should continuously check for the appearance of unknown files and directories and monitor them for changes.
Comments (3)
EFF Joins Civil Society and Computer Security Experts to Call for Rejection of Flawed Cybersecurity Legislation
March 05, 2015 Added by:Electronic Frontier Foundation
EFF has joined 26 civil society organizations and 22 computer security experts in a letter that calls on the Senate Select Committee on Intelligence to reject the Cybersecurity Information Sharing Act of 2015 (CISA).
Comments (5)
Anthem Breach: How Hackers Stole Credentials and Why Two-Factor Authentication May Help Prevent Future Phishing Scams
February 09, 2015 Added by:Thu Pham
If the Anthem attack was carried out as the result of using a single password, their access security wasn’t up to industry standards. Two-factor authentication may have thwarted attacks by requiring the use of a personal device to verify the identity of a system administrator or other technical employee with access to their database of millions of sensitive records.
Comments (3)
SSL is Officially Declared Dead
February 09, 2015 Added by:PCI Guru
Not that this should be a surprise to any QSA as the POODLE vulnerability effectively killed SSL. The Council has now officially announced that SSL is no longer deemed to be strong cryptography.
Comments (4)
Data Collection Must be Limited for Internet of Things Privacy
February 02, 2015 Added by:Rebecca Herold
I know people use and love the wearable fitness devices and credit them with helping them to get into better shape. However, consumers concerned about privacy want to know about all the data the devices are collecting, along with how it is being used and shared, before using the devices.
Comments (3)
How Verizon and Turn Defeat Browser Privacy Protections
January 15, 2015 Added by:Electronic Frontier Foundation
Verizon advertising partner Turn has been caught using Verizon Wireless's UIDH tracking header to resurrect deleted tracking cookies and share them with dozens of major websites and ad networks, forming a vast web of non-consensual online tracking.
Comments (1)
Let's Encrypt (the Entire Web): 2014 in Review
January 06, 2015 Added by:Electronic Frontier Foundation
We've been pursuing the ideas that turned into Let's Encrypt for three years, so it was a great pleasure to be able to share what we've been working on with the world.
Comments (4)
Moving from Alert-Driven to Intelligence-Driven Security
January 05, 2015 Added by:Paul Lipman
The emergence of smart, integrated, cloud-based security services will enable a transformation from an alert-centric to an intelligence-centric approach to security. This will vastly enhance the Chief Information Security Officer's (CISO’s) visibility and ultimately deliver substantial improvements in the robustness of the overall security posture.
Comments (1)
Pwning Networks Through Vulnerable Applications
December 08, 2014 Added by:Saurabh Harit
If you are a pentester, you would agree that one of the most common ways of compromising a network is through vulnerable 3rd-party applications.
Comments (0)
“Privacy Information” Depends upon Context
December 08, 2014 Added by:Rebecca Herold
Lack of understanding of privacy, and understanding of the data that impacts privacy, is what creates many of our current privacy problems throughout private and public industries.
Comments (0)
Security in 2015: The Internet Becomes the Corporate Network Perimeter
December 05, 2014 Added by:Paul Lipman
The cloud has been widely hailed as the most disruptive force in modern business. Indeed, the world is in the midst of fundamentally profound transformations, enabled by the cloud, in the ways in which we access and interact with data and applications. Unfortunately, the security industry has not kept pace with these transformational trends, necessitating an equally profound change in the way we s...
Comments (0)
Phones, Phablets and Clouds - Securing Today’s New Infrastructure
December 03, 2014 Added by:Steve Durbin
Despite the undeniable corporate and consumer interest, the security and privacy implications of cloud and mobile connected devices are concerning many security professionals. Countless organizations are still playing catch up – Bring Your Own Device (BYOD) polices are only starting to be embedded, reviewed and updated. IT departments are overwhelmed with the amount of devices entering the workp...
Comments (0)
- It's Time to Get Real about Complex, Emerging Threats
- Under Expanding Cyber Siege, CISOs Admit Clear Visibility on Attacks Is a Challenge
- Busting the VDI Security Myth
- Why Admin Rights Removal Is only the First Step towards Data Protection
- FIN6 Hackers Update Arsenal of Techniques
- Hackers and Worms in the Singularity
- Trojanized Extension Uploaded to Google’s Chrome Store
- Gartner SOAR Adoption Rate Prediction: From 1% to 15% by 2020 - Why Should You Care?
- New Payment Tech, New Security Challenges
- CVE-2018-11776 — The Latest Apache Struts Vulnerability